از آقای آشفته‌ی عزیز بسیار متشکرم که افتخار حضور در دورهمی‌مون رو به ما دادند. امیدوارم با برگزاری این دورهمی به نتایج خوبی برسیم.

جلسه‌ی سوم دورهمی امنیت به خوبی به پایان رسید و امیدوارم با برگزاری مستمر این جلسات بتونیم دانش و تجربه‌مون رو به افراد دیگه انتقال بدیم. خیلی متشکرم از آقای محمد حسین آشفته عزیز که ما رو در این مسیر همراهی میکنن. محمد حسین

تو باگ بانتی، بهترین توصیه‌ای که می‌تونی بکنی رو کوت کن:)

Found the elasticsearch login page? Try the following default credentials: elastic:changeme Shodan Query: http.title:"Elastic" || http.favicon.hash:1328449667 #bugbounty #bugbountytips Nuclei by ProjectDiscovery

My first contribution to the OWASP Community. OWASP® Foundation owasp.org/www-community/… #OWASP #OWASP_Community #CYBERSECURITY #XSS

I discovered a few vulnerabilities in #Memos and reported them on GitHub. To my surprise, my reports were deleted, and some of the vulnerabilities were fixed. This is unprofessional behavior! Memos

Jailbreaks or Prompt Injection on Google Bard. Although the vulnerability I reported was out of the scope of Bug Bounty, they triaged it. #GoogleVRP #GoogleBard #CyberSecurity

I created a tool that discovers Cors Misconfiguration. I made it because the other tools I used didn't test enough cases. I have more ideas to add over time and I'm interested in collaborating with others. #bugbounty #penetration_testing github.com/omranisecurity…

My first Apache Answer CVE (CVE-2024-22393) has been assigned. Apache Answer Link: lists.apache.org/thread/f58l6dr… #Apache_Answer #CVE

I'm pleased to announce that my name has been included in Google's Honorable Mentions list. Google VRP (Google Bug Hunters)

Hall of fame at University of Illinois link: cybersecurity.illinois.edu/cybersecurity-… #BugBounty

🚀 CorsOne v0.9.5 is out now! 🎉 🔒 Early exit on first detected vulnerability ⚡ Enhanced scan performance 🛠️ Codebase simplified (proxy functionality removed) github.com/omranisecurity… #CyberSecurity #bugbounty #GitHub

It's an honor that my research, Exploiting Number Parsers in JS, has been nominated for the Top Ten Web Hacking Techniques of 2024. I discussed how discrepancies in JS number parsers could be used to carry out DoS attacks. If you find it interesting, please vote for it!

🚀 CorsOne v0.9.6 is out now! In my latest update, I've expanded to 53 test cases based on the latest community security research! #bugbounty #GitHub

حملات سایبری به ایران، در خلال و پیش از جنگ ایران و اسراییل x.com/i/spaces/1DXxy…