Application Security Interview Preparation questions. Credit - Internet github.com/tadwhitaker/Se… gist.github.com/boodera/f216ac… github.com/justinltodd/se… github.com/jigerjain/Inte… github.com/pbnj/infosec-i… github.com/pbnj/infosec-i… github.com/paulveillard/c…

I interviewed 57 security leaders to answer one question: What sucks in security right now? The answers were fascinating, frustrating, and occasionally funny 🧵

Cyber Security Interview Questions for Freshers crsinfosolutions.com/cyber-security…

Exciting News: My Second Write-Up is Now Available! medium.com/@HX007/a-journ… Dive into the details of the bounty that ranks as the 3rd highest I’ve received on bugcrowd "A Journey of Limited Path Traversal To RCE With $40,000 Bounty!" Collaborated with Godfather Orwa 🇯🇴 , This

I just published From Demo to Live: Zero-Click Account Takeover via the Same Encryption Algorithm link.medium.com/fPyrpZ06JQb

Securing recon is easy with Tailscale! 🪲 Build secure, zero-config networks. 🐛 Route traffic via exit nodes. 🐞 Share files seamlessly. 🪳 SSH without keys. Learn how Rami (drunkrhin0) uses Tailscale to secure his bug bounty workflow!👇 loom.ly/t8Eombs

This is an oldie but a goldie.  If you want to learn more about SSRF, watch this OWASP® Foundation talk by Ben Sadeghipour and Sera Brocious!  This is a goldmine of SSRF nuggets including: 🪲 SSRF via URI Schemes 🐞 SSRF via Javascript (XSS) 🐛 SSRF via Styling 🐜 SSRF using (PDF Gen ‘0day’) 🪳 SSRF

Excited to share How to find IDORs like a pro writeup based on 5 real world findings🔥. Here's the link: medium.com/@bxrowski0x/ho… #BugBounty #bugbountytips #infosec

Today I used a technique that’s probably not widely known in the community. In what cases could code like this lead to a vulnerability? ->

Ok, so slonser, some of the folks in the CTBB discord, and I (Justin Gardner) did a bit of follow-up on this and found a couple more useful primitives:

it can also be used to leak the full URL of the parent by injecting it into the srcdoc of a sandboxed iframe

just wrote a blog post based on this technique and described the methodology to take advantage of it, the post also includes an easy-to-set-up testbed to practice with, hope you find it useful blog.voorivex.team/leaking-oauth-…

We’ve created a lab to demonstrate how an OAuth token can be leaked using a referrer policy override. Check out the article and try the lab here github.com/VoorivexTeam/w…

Things are happening soon… 👀 fromdayzerotozeroday.com

2 AM in a Tokyo hotel room: Assetnote x Depi find a Dependency Confusion vuln that lands RCE on Netflix ! 🚀 Shout-out to shubs for the "keep digging" spark & Netflix security for stellar triage. Full write-up in thread 🧵

REGEXSS: How .* Turned Into over $6k in Bounties Overly-greedy regex replacements can break HTML sanitisation & lead to XSS. Includes a live demo you can try exploiting it yourself! sec.stealthcopter.com/regexss #BugBounty #BugBountyTips #XSS #AppSec

🚀 Looking for a Backend Developer (Paid Internship) Tech - Nodejs + MongoDB 🎓 2nd/3rd year college students preferred 👉 Drop your best project link + email in the replies. I’ll reach out if it looks relevant! #Internship #NodeJS #MongoDB #Backend

Needle in the haystack: LLMs for vulnerability research I've distilled my experience of sending thousands and thousands of prompts for using LLMs to discover vulnerabilities into a single write-up. These are the conclusions I came to.. (link in comment)

🚨 Sam Altman literally gave a 43-minute masterclass on turning ideas into billion-dollar companies. Most people will never watch it. And instead of hype, he broke down what actually makes startups work. No fluff. Just reality. He explained that ideas don’t matter nearly as

I've been doing bug bounty for years. I just published a long piece on what it actually feels like in 2026, and why something fundamental has shifted. aituglo.com/state-of-bug-b… Would love to get your feedback on it here on X or directly on the blog