#工具分享 分享自己整理的工具列表，后续会持续更新，帮助大家发现更好的工具，融入自己的工作流中，但是工具只是工具，更重要的是工具对自己带来的行为改变，整理的灵感来自于 陈成 - github.com/Sailfishc/awes…

#工程师工具 发现一个超级酷的网络检查工具「Web-Check」，很 Hacker，可以查看一个网站几乎所有信息，如 IP 信息、SSL、DNS记录、Cookies、域名信息、搜索爬行规则、服务器位置、重定向记录、开放端口、路由跟踪、DNS安全扩展、网站性能、关联主机名等。 🤖 web-check.xyz

How to prevent Developers from Copy-Pasting Random Code from the Internet

You've probably seen this SQL Injection payload before... 🧐 But how does it exactly work? Let's break it down and also craft a few variants for bypassing WAFs! 🤑👇

You've found a XSS vulnerability But alert, confirm, prompt & print are all blocked by WAF What do you use to visually prove your XSS? 😎

You fire an XSS payload. But you see no pop-up. Why is this happening you ask? Any rule/policy behind the screen blocking your payload? Let's talk about CSP, why and how you should bypass it 👇

Want to learn XSS to make $$$? If you screamed YES, this thread is for you 👇

JavaScript files are a gold mine for bug bounty hunters! 🤑 If you aren't analyzing JavaScript files... you're probably missing on a lot! But manually reading them can be a tedious task 😴 Here are the top 4 tools for parsing & analyzing JavaScript files! A thread! 🧵 👇

I recently found a cool #RCE/path traversal bug on a target in Intigriti. It was rejected because of OoS :( But I am proud that I found this cool bug through a full manual testing of the endpoint. This video just simplifies the steps, but I took hours to figure out. #BugBounty

To celebrate our badge launch, we're giving away FIVE free 6-month licenses to @pentesterlab. ✅ Comment BADGELIFE and retweet this post to enter. Additionally, pre-order a custom badge at shop.bugbountydefcon.com for a chance to win one of FIVE Annual VIP+ subscription to

He doesn't party. He doesn't post selfies. He doesn't flex. He just works. Learns. Posts. You'll hear about him next year…everywhere.

📢 Super-massive 80% discount on 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗲𝗱 𝗔𝗽𝗽𝗦𝗲𝗰 𝗣𝗲𝗻𝘁𝗲𝘀𝘁𝗶𝗻𝗴 𝗲𝗫𝗽𝗲𝗿𝘁 (𝗖𝗔𝗣𝗲𝗻𝗫) Exam! 📢 🎊 𝑳𝒊𝒌𝒆 𝒂𝒏𝒅 𝑹𝒆𝒑𝒐𝒔𝒕 𝒇𝒐𝒓 𝒂 𝑪𝒉𝒂𝒏𝒄𝒆 𝒕𝒐 𝑾𝒊𝒏 𝒂 𝑭𝒓𝒆𝒆 𝑬𝒙𝒂𝒎! 𝟯 𝗹𝘂𝗰𝗸𝘆 𝘄𝗶𝗻𝗻𝗲𝗿𝘀 𝘄𝗶𝗹𝗹 𝗿𝗲𝗰𝗲𝗶𝘃𝗲 𝘁𝗵𝗲

🎉 New Course Alert + Giveaway! 🎉 I'm excited to announce a brand-new course on Rana Khalil's Academy - OAuth 2.0 Vulnerabilities. This course includes: 📚 A technical deep dive into OAuth 2.0 and OpenID Connect: what they are, how they work, the common pitfalls in

Big shout to our friends and sponsors The SecOps Group (New Giveaway!) ⬇️ At DEF CON 2025, they handed out THOUSANDS of FREE Exams! The SecOps Group have also just dropped a massive 80% discount code on two of their best selling eXpert category exams: 🧩Certified AppSec

New Executive Offense Newsletter - Building AI Hackbots, Hard-Earned Lessons Pt 1 (and course giveaway) executiveoffense.beehiiv.com/p/ai-hackbots-… Giveaway: Retweet this post and be entered to win a seat in Q4s courses! ("Red Blue Purple AI" or "Attacking AI") Three winners will be chosen next

🔥 6 MONTHS TryHackMe + a 900 Hackers Toolkit drop (over 800€ worth) 🔥 yep biggest prize i’ve dropped in ages my 900 crew just dumped like 5000 subdomains on me in our alpha bounty tool… absolute madness. so imma celebrate: 👉 6 MONTHS of TryHackMe (tagged cause its