This is hilarious 😆

IDOR triaged around one month later 🚀 Tip: exhaust all your options on a single program if the scope is big enough 🕺 #BugBounty #idor

I have wrote a comprehensive source code review and exploitation, delving into the details of - CVE-2023-32243: WordPress Account Takeover via Essential Addons Plugin for Elementor Thanks to RandomRobbieBF for the script 🏃‍♂️ Enjoy! medium.com/@retkoussa/cve… #cve_2023_32243

If this doesn't peak your interest to work with Bishop Fox, I don't know what will. Kick-ass environment.

OWASP LLM Top Ten v.1: 🚀 Prompt Injections 💧 Data Leakage 🏖️ Inadequate Sandboxing 📜 Unauthorized Code Execution 🌐 SSRF Vulnerabilities ⚖️ Overreliance on LLM-generated Content 🧭 Inadequate AI Alignment 🚫 Insufficient Access Controls ⚠️ Improper Error Handling 💀 Training

I've seen a lot of posts recently about the DuckDuckGo tracker radar. Here's a POC that will help you pull up subdomains for domains in their records, or pull the domains with their subdomains. Code is still a POC - feel free to modify it. #bugbounty github.com/retkoussa/ddg-…

Okta got hacked. Leading to impact for CloudFlare, 1Password, and BeyondTrust. Here's everything we know about it:

GSNW is now out. It's not pretty, but it works 🦆 github.com/retkoussa/GSNW

🚨Resolving domains in an ASN Sharing useful snippets I develop when hunting. github.com/retkoussa/asn2… #bugbounty #bugbountytips #pentesting #recon #enumeration

If you don't know, I've been developing SaaS with AI (oooh, buzz word) for around 1-2 years now. 17 failed products. 2 with steady MRR and 1 free one. They all run on 95% autopilot. Here's the free one I built. islamdaily.app #microsaas #saas #nocode #ai #mrr

450+ members in 2 days. 99% automated software with a huge audience Speaking of organic.. lol! islamdaily.app #saas #nocode #ai #automation #bots

IP whitelisting is fundamentally broken. At Assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: github.com/assetnote/newt…

The NSA guy who worked 24/7 to find this bug reading the p2o announcements:

> Hack X account > Open large short on token > Announce the blockchain is shutting down (???) > Profit Easier than drainer links in 2025

🚨 Devman RaaS leak. Internal affiliate chats, victim access, micromanagement — and classic bad OPSEC 🤦‍♂️ Analysis: ctrlaltint3l.github.io/threat%20resea…