#HollysMerryMoggies adopts the cats no one wants because they're old, ill or 'imperfect.' We depend on kindness. Make a kitty's day: Donate: paypal.com/paypalme/holly Subscribe: patreon.com/hollysmerrymog… Grant a wish: amazon.co.uk/hz/wishlist/ls… Thank you for loving them with me 🥰

Mark your calendars and join #OWASP for AppSec Training on June 6-8 and our Global AppSec Conference June 9-10. We have an amazing line up of trainers, speakers, keynotes and exhibitors. Take a look at the line up and REGISTER TODAY whova.com/web/GKSmlhCK%2… #globalappseceu

I just published a post on Medium about the most relevant vulnerability I have found in my life so far. "Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)": medium.com/@jacopotediosi…

Write-up about a client-side SSRF that Sivanesh Ashok and I found in Google Cloud Vertex AI Google VRP (Google Bug Hunters) blog.geekycat.in/client-side-ss…

Giveaway Alert! 🎁 Here’s your chance to attend our members-only live event on 18th July. One lucky winner will get our Pro Annual subscription priced at $399 for FREE. To enter: 1️⃣ Follow us on Twitter. 2️⃣ Tag a fellow AppSec Enthusiast in the comments. 3️⃣ Retweet this post

Check out our new blog post! We hacked into Apple Travel Portal (yes, again!) using a 0-day Remote Code Execution exploit. Part 1 is live now, stay tuned for the follow-up on another RCE worth a total bounty of $40k! blog.projectdiscovery.io/hello-lucee-le…

happy to release my new article entitled: Next.js and cache poisoning: a quest for the black hole zhero-web-sec.github.io/research-and-t… good reading;

Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code

Time to Shiipppp 🚀

Stepping out of my cocoon and launching! 🎉 Here's explainer video for StockResearchGPT 📈 InvestiVerse Instantly get answers from the annual reports of Indian companies. No more endless reading or tedious keyword searches. Get the context you need, fast!! #buildinpublic

Excited to release my latest research today. Exploiting CORS can be a tricky in modern web apps, but there are still critical cases out there if you know what to look for. If you want to learn more about CORS exploitation, the research is available at outpost24.com/blog/exploitin…

Yay, I was awarded a $1,000 bounty on HackerOne! hackerone.com/absshax #TogetherWeHitHarder Hacking after a long ass time. Anyone open to collab do hmu.

1 Bug, $50K+ in bounties: how Zendesk left a backdoor in hundreds of companies #bugbountytips gist.github.com/hackermondev/6…

MCP (Model Context Protocol) is blowing up!! I was intrigued to dig deep, to build and understand. It's like enabling your AI to have more assistants & Anthropic says this is 'USB-C for AI'. I'll break it down by asking `Why?` below ⏬

2 AM in a Tokyo hotel room: Assetnote x Depi find a Dependency Confusion vuln that lands RCE on Netflix ! 🚀 Shout-out to shubs for the "keep digging" spark & Netflix security for stellar triage. Full write-up in thread 🧵

Yay, I was awarded a $12,500 bounty on HackerOne! hackerone.com/absshax #TogetherWeHitHarder

Excited to share Aryabhatta 1.0, our leading model that scores 90.2% on JEE Mains, outperforming frontier models like o4 mini and Gemini Flash 2.5 Trained by us at AthenaAgent , in collaboration with Physics Wallah (PW), using custom RLVR training on 130K+ curated JEE problems

Just published my first blog post "Cache Deception + CSPT: Turning Non Impactful Findings into Account Takeover" You can read the full write-up here: zere.es/posts/cache-de…

This was a fun find during a recent pentest! CDN eventually displays images leaking AWS temp creds. appsecengineer.com/blog/pixelated… OG Read: buer.haus/2019/10/18/a-t…