Our talk was accepted at DEF CON this summer! Come watch Lennert and I give a talk about the Unsaflok vulnerability in hotel locks and the technical details behind it. unsaflok.com

❤️🇵🇸 Yahya Sinwar, real life superhero…

Excited to share that I passed the OSCP+ exam with a perfect score! 🎉 credential.net/f0626196-d712-…

How I reverse-engineered an Android app, bypassed custom encryption layer, achieved server-side RCE, and earned a $5000 bounty. read the full story here (TLDR; but worth reading) blog.voorivex.team/from-an-androi…

After going through 200+ IDOR reports, and spending some time hunting for them in Real Targets across multiple functionalities, here are some of the attack methodologies I build for myself, which I feel can be useful to others too. Follow this thread to know more.

🛑 GIVEAWAY ALERT 🛑 Today is DAY TWO of FIVE DAYS of Arcanum Information Security and friends Black Friday and Cyber Monday giveaways! Today we are giving away FIVE seats to our flagship training: "The Bug Hunter's Methodology Live" TBHM is one of the BEST trainings in the industry for

🧵Can you work out how to bypass this vulnerable CSRF protection? Read all about this gotcha in my latest blog post

🚀Black Friday Giveaway!🤗 *** 𝗙𝗼𝗹𝗹𝗼𝘄 𝗼𝘂𝗿 𝗽𝗮𝗴𝗲, 𝗥𝗲𝗽𝗼𝘀𝘁, 𝗟𝗶𝗸𝗲 𝗮𝗻𝗱 𝗖𝗼𝗺𝗺𝗲𝗻𝘁 𝘄𝗵𝗶𝗰𝗵 𝗲𝘅𝗮𝗺 𝘆𝗼𝘂 𝘄𝗼𝘂𝗹𝗱 𝗹𝗶𝗸𝗲 𝘁𝗼 𝘄𝗶𝗻 𝗮𝗻𝗱 𝟱 𝗹𝘂𝗰𝗸𝘆 𝘄𝗶𝗻𝗻𝗲𝗿𝘀 𝘄𝗶𝗹𝗹 𝗴𝗲𝘁 𝗮 𝗳𝗿𝗲𝗲 𝗲𝘅𝗮𝗺 𝗼𝗳 𝘁𝗵𝗲𝗶𝗿 𝗰𝗵𝗼𝗶𝗰𝗲! *** Get

docs.google.com/presentation/d…

Read further: synack.com/blog/path-trav…

Got 2FA? Here are 13 ways to test its security. nccgroup.com/us/research-bl…

Hello everyone ♥ a little bit write-up of #bugbountytip #bugbountytips I am going to write here ..... Title: getting unauthorized access on 3rd party's/workspaces & and building your checklist for quickly locating bugs there via massive recon we know that its helpful to look

How we gained full control over 3,000 companies and all their registered branches. This took us about 3 weeks of studying the target to find about all the vulnerabilities explained. Hope you enjoy reading! link.medium.com/rmRjR6udwQb

$20,300 Bounties from a 200 Hour Hacking Challenge Credit: Mohammad Zaheri . . . . . . #bugbountytips #bughunting #infosec blog.voorivex.team/20300-bounties…

If you’re not Jewish but you support Israel Congrats You’re one of the dumbest and most gullible motherfuckers on the planet.

❌GraphQL introspection disabled? ✅No problem! Extract all GraphQL operations from Javascript files! 1. go install github.com/rashahacks/jsm… 2. Scan the JS URL with -u flag. 🚀View all the GraphQL operations in seconds -- no introspection needed.

How to grab subs for a target using subfinder, validate them and extract the text body from each response using httpx and jq, extract a wordlist of keywords using NLP then resolve them using puredns to find valid subdomains 👇 You can also use LLMs and tools like alterx to

This is a great resource on Prompt Injection. Huge thanks Joseph Thacker! github.com/jthack/PIPE

JAVASCRIPT IS A GOLDMINE FOR #BugBounty HUNTERS youtube.com/playlist?list=… Check out my playlist to learn how <3 treat yoselfff rats is freeeee

I’ve added here github.com/orwagodfather/… PDF file for XSS, it can bypass any waf for who looking for Stored XSS , and it can be changed to blind if you want to Simply I encoded the payload as ASCII hex You can edit the payload over notepad++ #bugbountytips #bugbountytip