Bypassing E2E encryption leads to multiple high vulnerabilities. New writeup, I hope you enjoy reading! melotover.medium.com/bypassing-e2e-… #BugBounty #bugbountytips #infosec

I have just posted a walkthrough for the retired 'Ambassador' Box. Head over to my blog in Medium to check it out. link.medium.com/Sm5D25PM0wb #hackthebox

ffuf 2.0 is out! There are couple of new major features introduced as well as updates to the project in general. I had way more to say that fits in the birdsite format, so here's a thread on more applicable platform on the topic: infosec.exchange/@joohoi/109806…

We at CryptoGen Nepal dug deep into the #trojan app named #NepaliGirl causing fear in Nepal cyberspace & found some concerning findings. Big shoutout to niraj with whom I have always had a great collaboration experience. Full Report: cryptogennepal.com/case-studies/n…

Need a vulnerable Active Directory environment to deploy in seconds ? I've created a template of GOADv2 using Immersive's SnapLabs. Link: dashboard.snaplabs.io/templates/73a6… #activedirectory #cybersecurity #redteaming

I have just published a walkthrough for the retired 'Forgot' Box. Head over to my blog in Medium to check it out.link.medium.com/2RnkBVgzUxb #HackTheBox

Published a walkthrough for the 'Mentor' Box which I forgot to share. Head over to my blog in Medium. nirajkharel.medium.com/htb-mentor-7c1… #htb #hackthebox

BroScience from HackTheBox has retired. Head over to my blog. medium.com/@nirajkharel/h… #hackthebox #htb

The note below covers the explanation of how Deserialization vulnerability occurs and the various ways it can be exploited on different programming languages. Planning to add more on it on coming days. You can find it on the below link. nirajkharel.com.np/posts/deserial…

Investigation from HackTheBox has retired. Head over to my blog. link.medium.com/JoP0ZoXMdzb

Cannot tell you how many times this has saved my ar$3 fareedfauzi.gitbook.io/oscp-playbook/…

DroidFrida - Portable frida injector for rooted android devices #MobileSecurity #AndroidSecurity Frida by ac3ss0r github.com/ac3ss0r/DroidF…

Interface has retired. It contains vulnerability CVE-2022–28368 RCE on Dompdf and privilege escalation can be done on bash arithmetic expression injection through exiftool metadata which was quite a good techinque .link.medium.com/OqisSI6rNzb

Giveaway! 🎉 I'm going to buy someone a new MacBook Pro M2 13". To enter, retweet this tweet, then follow: Luke Stephens (hakluke), HackerContent & haksec.io. If you're a cybersecurity org looking for high quality content and social media management, check out hackercontent.com 👇

Our deepest condolences to the friends, family, and colleagues of Mr. Kevin Mitnick. dignitymemorial.com/obituaries/las…

We're giving away an OSCP voucher to our community.🎉 To participate : 1. Follow us on Twitter. 2. Retweet this post. 3. Like this tweet. It's that simple! By completing these steps, you'll be eligible to win. Also, register now at threatcon.io/pricing. #offsec #giveaway

Congratulations to niraj for clearing our Certified Red Team Professional exam! #ADLab #CRTP #AlteredSecurity cc Nikhil Mittal alteredsecurity.com/adlab

XXE! Automate or search for it manually? 🤔 ⚡️ An easy quick tip that can land you an XXE: In your proxy interceptor, add a match&replace rule to change content type "application/json" to "text/xml" All you have to do now is look for XML parsing errors 😎

Getting my hands dirty with Windows Internals lately. Starting off with some process enumeration techniques in C++. Check out the blog on how to enumerate Windows processes using the ToolHelp32 API. nirajkharel.com.np/posts/process-…

Here's how you can add KNOXSS to BurpSuite by using xnlhacker's python wrapper 'knoxnl'. Enjoy the Guide. link.medium.com/wIPE3IvI3Nb