Wild ride.

⚠️ Giveaway ⚠️ Want to learn modern reconnaissance and hacking skills? Join The Bug Hunter's Methodology Cohort 5! October 2nd, 3rd, 4th - jhaddix.gumroad.com/l/kihwd Like and retweet this post for a chance to win a free seat! Five winners will be announced on Sept 1st!

😱 Anyone can access deleted & private repo data on GitHub. Forever. 🔓This is due to a new type of vulnerability - CFOR 👎Deleted Fork Data: Still accessible. 👎Deleted Repo Data: Commits remain. 👎Private Repo Data: Can become public. 👉trufflesecurity.com/blog/anyone-ca…

Well, this is interesting!

Let me wait for the self hosted version, am sure we shall have a blast.

At the height of One Million Checkboxes's popularity I thought I'd been hacked. A few hours later I was tearing up, extraordinarily proud of some brilliant teens. A thread about my favorite story from running OMCB....

Our Android courses are out a month now 🎉 These courses aim to teach you everything you need to know to get started with Android Bug Bounty - specifically the Google Mobile VRP.

Excited to announce a new giveaway, thanks to PentesterLab. We will pick 10 winners to win 6 month (x5) and 1 month (x5) subscriptions. To enter: 1️⃣ Follow us @BugBountyDefcon and PentesterLab 2️⃣ Like this post ❤️ 3️⃣ RT this post 🔁 You've time until next Friday (10/18), GO!

Okay, who is with me to request gr3pme to make "The art of Bugbounty notes taking" talk at either a #LevelUp or #Nahamcon? Any of you fellow Critical Thinking - Bug Bounty Podcast aficionados?

Can we redo the previous round then, I have a feeling I could win a couple of then. /jking.

I need to sit down and catalogue everything Aituglo - Cassim keeps promising to talk about later and hasn't gotten around to it. Just need a long weekend.

Anytime for me.

Ben Sadeghipour Pick a niche, become an expert, find bugs maybe even 0days or reverse n-days, and write blogs. Even if you don’t hit those $100k bounties, it’ll be a stepping stone toward a $100k job. What niche? How to pick? Examples? infosec being so vast from web3 sec to web2, mobile,

SASTsweep is now open source. Happy hunting! github.com/chebuya/sastsw…

Ain't #hackers basically QA people, thinking and asking applications differently from the developers. Seeking edge cases they didn't think to cover?

Strong shoulders, these ones.

Someone was talking starting browser security this year. And Lord isn't this classic by Cure53 a gold mine! github.com/cure53/browser…

Happy to be able to announce the launch of CyberAlerts! 🚨 Kind of like Google Alerts, but for “cyber”. Configure search queries, filter them by severity and receive alerts via email, Slack, API and dashboards. Any feedback and RTs welcome! 🙏 cyberalerts.io

My hacking playlist for today is open.spotify.com/playlist/39hVj…

In 2024, I interacted a lot with Extensions. I decided to create a resource that will help with a basic understanding of extensions and key attacks. P.S. I tried to make everything as clear as possible and hope it won’t feel too overwhelming anywhere. extensions.neplox.security