Cloudflare's bot detection is cool. Some notes: 1. Using HTTP/2 can increase your "score" by ~20. 2. "Anomalies" like lowercase headers are punished. 3. Your client "JA3" fingerprint can lead to penalties (Python SSL socket == bot). 4. JA3 is also compared against your UA.

I spent a few days reverse engineering one of the android shield solutions that provides root detection i also analyzed it dynamically using Frida 🔥. Most of the detection logic was encrypted and only decrypted at runtime when the app starts here are some common detection

Join me at 11AM PT today with James Kettle on the Off By One Security stream for a session on "Novel HTTP/1 Request Smuggling/Desync Attacks!" youtube.com/watch?v=B7p8dI…

Mutual TLS (mTLS) Collaboration with NoRiskNoLive on this task is ongoing. Anti-hooking and anti-fraud SDKs have slowed us down, but we’ve made significant progress and gotten some secrets cloudflare.com/en-gb/learning… By Cloudflare #BugBounty #frida #Magisk

It was one of the interesting stuff I exploited recently. For enumerating contents and view PDF made some python script that was extracting PDF contents and comparing response base lengths to see if it was hitting valid service or not. Thanks for collaboration Sayaan Alam it was

Is most Pentest companies are scam? Just saw a $30k Pentest report with 8 informative findings and only valid findings were missing cookie flags, rate limit on apply account and origin check.

mitmproxy is in the Microsoft Store, just in case you need it for some reason. #LivingOffMicrosoftStore

Now nearly 1,400 PlayStation projects indexed in our Resource Section, Cover's the PS1 / PS2 / PS3 / PS4 / PS5 / PSP / PS Vita. Still many projects to add. psx-place.com/resources/ Thank You to all the devs and contributors.

🚨 BREAKING: New zero-click exploit used to hack WhatsApp users. WhatsApp has just sent out a round of threat notifications to individuals they believe where targeted by an advanced spyware campaign in past 90 days. Seek out expert help if you have received this alert

Short writeup about bug which helped me to win Meta BountyCon 2024 hacking event vulnano.com/2025/09/remote…

33000$ + 5000$ bonus for account takeover this was my second ATO on meta👌 #bugbounty #bugbountytips