Oneliner + A collection of special paths linked to major web frameworks and infrastructure projects, known juicy APIs, misconfigurations.. etc. dirsearch -l 200HTTP --full-url -F -w leaky-paths.txt - github.com/ayoubfathi/lea… #infosec #cybersec #bugboutnty

python-multipart (which is also used by FastAPI and Starlette in form requests) is vulnerable to ReDos: github.com/Kludex/python-… 1. Find requests that use `application/x-www-form-urlencoded` as a Content-type (basically many form requests) or if you're code reviewing, you may

~2h, why not 🤷‍♂️

watching myself go from 97kg -> 80kg -> 90kg -> 85kg -> .. I trained, CrossFit, Muay Thai, weightlifting, ..etc. all in <12 months, then suddenly obsessing over health/sleep/HRV data, biohacking, #blueprint/etc, is something my body still couldn't comprehend for someone who

Today was another reminder - I have never been more humbled than when I meet a homeless family (parents with kids), no one should write off that possibility no matter where you are in life, you could be on top of the world but a couple of misfortunes lined up could turn things

In a week, I'll take the stage at LEAP, this time wearing my CISO/executive hat (yet the hacker/engineer spirit remains strong within me). I wouldn't have believed it a decade ago if someone said I'd be speaking alongside such a lineup of world-class speakers and over +170,000

I'm not sure if that was the reason (but I believe so) — HackerOne has introduced a new CWE type as a result of/right after this was triaged: "Uncontrolled Resource Consumption" which was used by the program later on. Reasoning: This doesn't fall under typical DoS attacks,

LEAP has wrapped up! The buzz and scale were incredible, with over 215,000 attendees! 🎉 But making a ton of new friends and meeting so many incredibly talented people was absolutely my highlight of #Leap24 Thanks to everyone who dropped by our chat, see you next!

I had a lot of fun listening to shubs story and what I enjoyed the most is that it covers a lot of what bugbounty truly was all about back in the day and that everyone including some of best (eg. shubs) were really trying to be resourceful but also working hard to figure

🌟 Brace yourselves for an electrifying revelation from Ayoub FATHI 阿尤布 , Group Vice President of Information Security, CISO at نون, as he takes the stage for his closing keynote address! 🚀 You can watch his talk streaming on YouTube. youtu.be/fjX5u4jxW0E?fe…

When I delivered the closing keynote Security BSides Ahmedabad, many folks were curious to learn more about lateral movement brute-forcing. So the talk recording is finally live on YouTube, go watch it at the link below. I had a lot of fun sharing the hacking stories. I hope you enjoy

📣 May in metal health awareness month and I think it's time for us to talk about it. Watch: youtu.be/-ljLIf-Pxl0 Donate: supporting.afsp.org/index.cfm?fuse…

Woke up to the surprise of seeing my face in The New York Times with other global CISOs! Thank you The New York Times and Lacework for the recognition, It's an absolute honor to be featured alongside some of the world's most respected CISOs.

Congratulations on your inclusion in the #ModernCISONetwork Board Book, Ayoub FATHI 阿尤布! 🎉🎉

I'm happy to share that I was honored by the UAE Cyber Council and received the prestigious CSO30 award from His Excellency Dr. Mohammed Hamad Al Kuwaiti, Head of UAE Cyber Security and IDC!

🎥 I had an amazing time on a panel discussion at Black Hat MEA with cybersecurity leaders and CISOs I admire and continue to learn from. The recording is now available on YouTube, go check it out: youtube.com/watch?v=h1Xpf4…

such an interesting catch on setuptools: huntr.com/bounties/d6362…