Kudos! x.com/ippsec/status/…

OMG!!!! 😱 x.com/NahamSec/statu…

Those were cool challenges from FUCSS, hope you guys like the write-up and hopefully I will be able to publish it later. If you're a student and still haven't applied for TROOPERS Conference student ticket, you still have the chance! Head over to troopers.de/students/ #TR19

Can't think of a better write-up for those challenges! Definitely better than mine! 👏

My application for #TR19's free student ticket was accepted! I'm very glad to have been given this honor! Thank you so much guys TROOPERS Conference !! Looking forward to seeing all of you in March. For those who applied, make sure you check your spam folder too 😬

After multiple rounds of soldering and re-soldering, finally my first adventure with electronics succeeded 😂 FUCSS's shitty add-on on this year's TROOPERS Conference is a fine peace of work! #TR19

Met those amazing folks! At TROOPERS Conference Saeed Hashem Mahmoud Barakat Daniel Biegler

An overview of what I did for my recent $10 000 bug. Always go for the highest impact! #bugbounty #bugbountytips #bugbountytip

I learnt today that IP addresses can be shortened by dropping the zeroes. Examples: http://1.0.0.1 → http://1.1 http://192.168.0.1 → http://192.168.1 This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted. #infosec #bugbounty #bugbountytip

We've worked really hard this year to make our AttackDefense Labs an immensely valuable resource for learners! Here are some of our favorite demos! Everything runs in your Browser - no VPN needed! 1. Docker Breakout via Process Injection youtube.com/watch?v=fvhNOY…

Why is this not getting the appropriate interaction!? Please retweet.

Have anyone had any success bypassing a signed request on a real web app without having to find a signing oracle? By performing a length extension attack for example. I mean on bug bounty targets in particular.👨‍💻

Used to think that govs and orgs that are moving against using @zoom_us are exaggerating. Guess what!? I was wrong 🤷‍♂️

How to SSRF in PhantomJs :) xhzeem.me/posts/SSRF-in-…

Can you spot the vulnerability? #codeadvent2021 #typescript #express Validating user input is good, but it can be insufficient. Can you bypass the check to perform a SQL Injection?

Hello everyone, as promised, this is a detailed write-up on how I was able to get an account takeover in HubSpot Public Bug Bounty Program omar0x01.medium.com/4e2047914ab5 #BugBounty #bugbountytips #Pentesting #cybersecurite #infosec ATO

🙌 x.com/zseano/status/…

bitcointalk.org/index.php?topi… #btce