Got an XSS? Try to 'upgrade' it to SSRF to get a bigger #BugBounty. Thanks for the #BugBountyTip, George! ❓Never head of ESI Injection before? Check out this DEF CON talk: youtube.com/watch?v=VUZGZn… #BugBountyTips #HackWithIntigriti

Manus has a serious overreach vulnerability, and you can use Manus even if you don't have an invite code #Manus #AI

I've uploaded recordings of two talks I gave in OnlyMalware last year 🧐 Getting Started with Windows Malware Development youtu.be/n2yWgyXB0uU Random Malware Techniques - Static evasion - ETW TI evasion - Usermode evasion (DLL callbacks/VEH/HWBPs) youtu.be/FWpd-Tk3818

Top places to find PDF generators potentially vulnerable to SSRF: 🤑 • Reports (for example, analytics reports or any other report types) • Receipts & invoices (especially in e-commerce targets) • Account archives/statistics • Bank and account balance statements •

🛠️ Rogue - An open source web app vulnerability scanner that uses LLM Agents Cool, isn't it? #infosec #bugbounty #cybersecurity

they don’t fix it and just let it keep spamming duplicates in triage… A MESS!!! payload XSS: /*-/*`/*\`/*%27/*%22/**/(/*%20*/oNcliCk=alert()%20)//%0D%0A%0d%0a//%3C/stYle/%3C/titLe/%3C/teXtarEa/%3C/scRipt/--!%3E\x3csVg/%3CsVg/oNloAd=alert()//%3E\x3e #bugbountytips #bugbounty

Telegram has a super serious bug, click on the file is hacked mp.weixin.qq.com/s/RiFgghK96QN-… #telegram #web3 Telegram Messenger #0day

Hackers are using Gamma AI to create phishing page redirectors. To make things worse, the URL of these AI assisted webpages is on gamma.app domain itself, making it challenging for vendors to detect. The phishing makes you solve cloudflare style captcha, and will

AdaptixC2 v0.3 is out github.com/Adaptix-Framew… New: * Linking Agents (eg SMB) * Sessions Graph * Agent marker * Health checker And more in the changelog: adaptix-framework.gitbook.io/adaptix-framew…

Use Burp Suite's match and replace to replace payloads in the request's body, this easily bypasses client-side validation and saves a lot of time while testing #bugbountytips

Added peeko to #C2Matrix a browser-based XSS C2 for stealthy internal network exploration via infected browser: github.com/b3rito/peeko

AdaptixC2 v0.4 is out github.com/Adaptix-Framew… * New Linux/MacOS "gopher" agent * TCP/mTLS external listener for "gopher" agent * New internal TCP listener for "beacon" agent * Screenshot storage Changelog: adaptix-framework.gitbook.io/adaptix-framew…

New tool drop by Oli (C..1..P.H.Y)! 🛠️ SQLTimer is a simple, blazing-fast tool to scan for time-based SQL injections! 😎 Check it out! github.com/c1phy/sqltimer

通过这些方法，可以很轻松的窃取钱包，窃取数据等等！搞web3的要注意别开人脸识别了 mp.weixin.qq.com/s/Pvltw3SrPl1g… #web3 #web #security #AI #CyberSec #CyberSecurity

I successfully discovered vulnerabilities in MacOS applications through AI analysis. mp.weixin.qq.com/s/nlrA1UG-HK3i… #0day #BugBounty #Apple #MACOS

I have released the first half of "Binary Exploitation 101", a beginner-friendly guide to binary exploitation. You can learn from classic buffer overflow to ret2dlresolve through CTF-like challenges. I am working on the second half now. Stay tuned🔥 r1ru.github.io/categories/bin…

Automate asset discovery and data collection with Photon’s modular crawling engine⚡ github.com/s0md3v/Photon

昨天测了三个网贷，发现现在还是那么奇葩。总结一下思路： 现在很多网贷都用的云服务但是云安全没做好以及还有aksk的泄漏； 还有很多都是用的供应链的crm系统并且都是通过手机号登陆，但是某些供应链的开发很抽象，遇到了不知道是不是开发留的后门，只要固定这个手机号和固定验证码直接能登录；

10u战神挑战，挑战10u到1000u需要多久！ 第一天：被狗庄做局 #web3 #炒币 #币圈 #BTC #USDT #Ethereum #ETH

脚本通过 URLSearchParams 直接从当前 URL 获取名为 message 的参数值。这个值是用户完全可控的，并且没有经过任何清洗或过滤。 payload:index.html?message=</textarea><img%20src=x%20onerror=alert(1)> YesWeHack ⠵