🔥Telegram İfşa

WAF bypass and vulnerability chain exploiting parser differentials | Waffle-y Order Hack The Box #hackthebox #WAF #ctf #hacking youtu.be/IESwry_l-UU

Easy-peasy #android emulator setup without using Genymotion or Android Studio + installation of custom certificates inside the system #certificate store of an Android 10 device. youtu.be/v-p1dTWmWDY

Getting Started with #GeoGuessr and #OSINT | UMDCTF 2023 (OSINT) youtu.be/giG21dPkZ18

I moved my blog to a new domain and changed some username handles on my socials. Please refer to the following tweet to find out the new URLs 🫱🏼‍🫲🏾

What are your unpopular hacking opinions 👀👀👀 anon responses padlet.com/rstamac/unpopu…

I'm happy to share the attribution of my first #CVE! Authenticated Static Code Injections in #OpenCart (CVE-2023-47444) You can find the details and PoCs about the two vulnerabilities on my blog: 0xbro.red/disclosures/di…

Researcher responsibly discloses a static code injection vulnerability in OpenCart and this is how the core developer responds. The disclosure timeline is hilarious, huge OpenCart fail. Kudos to 0xbro for handling it so well. Check his post out!

#M0leCon 2023 by pwnthem0le

🎉 Cheers hackers! 🎊 As we bid farewell to 2023, let's celebrate together! 🎁 Like, follow, and retweet for a chance to WIN a €30 coupon for swag.shielder.com! 🏆 3 winners will be selected by EOY! #giveaways #swag

I published a blog post detailing a #pentest I did against some #Salesforce Communities in which I exploited flaws that led to an account takeover #vulnerability. I show plugins, in-depth techniques and resources for delving into Salesforce attack surface 0xbro.red/writeups/web-h…

Learn how to take EFFECTIVE notes for #CTF, penetration tests, vulnerability research, and #cybersecurity certifications like #OSCP, #OSEP, etc. using #Obsidian! 🎬 youtu.be/4t1MvfNK8Wc?si…

I just received 5 coffees from Din3zh on Buy Me a Coffee! buymeacoffee.com/0xbro/c/132074…

I'm excited to announce I'll be delivering the keynote at RomHack this September! I can't share the title just yet but it's going to be a good one. See you in Rome!

the research paper is out: Next.js and the corrupt middleware: the authorizing artifact result of a collaboration with inzo that led to CVE-2025-29927 (9.1-critical) zhero-web-sec.github.io/research-and-t… enjoy the read!

In my latest blog post, I explain two methods I used to achieve account takeover by targeting a vulnerable forgot password feature. Learn about guessing anti-tampering tokens and exploiting time-based vulnerabilities with a sandwich attack. 0xbro.red/writeups/web-h…

Ancient pentest wisdom.

I just received 3 coffees from someone on Buy Me a Coffee! buymeacoffee.com/0xbro/c/145203…

y'all should add rss to your blogs