Sharing a technical writeup, which goes over an almost year long responsible disclosure process: jdomeracki.github.io/2024/11/09/ske… The severity of disclosed shortcomings, resulted in googlecloudcheatsheet.withgoogle.com getting decommissioned 🚧 Greatly appreciate the cooperation with Google VRP (Google Bug Hunters)! 🎉

🎁Monthly Giveaway🎁 Hack The Box 1-year VIP+ & 3-month Prolab - Follow, Like, and Retweet to join! - Winners will be picked randomly on 11 Feb. #hackthebox #giveaway #projectsekaictf

02 releases "AI Granny" to hijack your scam calls and frustrate the scammers into agony. This should be a service that ALL major service providers should offer for free. Out of simple curtesy.

🎉 PESD v2.0 - now in the BApp Store ! Effortlessly generate dynamic sequence diagrams directly from #BurpSuite traffic! Now you can also create your own theme, conveniently edit generated diagrams with MD syntax and much more! Install it today! 🎉 #doyensec #appsec #security

Oh, and I forgot to give a shout-out to Dirk-jan. KrbrelayX is a really cool tool. If you haven’t played with Kerberos Relaying, give it a shot. github.com/dirkjanm/krbre… I’m showcasing it in this week’s video: youtu.be/Jzm2vzhEANM

🔥💀My Advanced .NET Exploitation training is now open for register! bit.ly/4hwNFyM 32-hours of intense .NET exploitation (PoC||GTFO) We'll be exploiting 15+ remote code execution chains (25 bugs in total) 🪲 I’d truly appreciate your support, your RT would mean a lot!🙏

Are you aware that any local admin on IIS boxes can see appPool identity creds in clear-text? Here's a script to map IIS Servers, appPools, vDirs, usernames & passwords, inc. insights on risk reduction and mitigation of this potential exposure: github.com/YossiSassi/Get… HackCon Norway

Leaking the email of any YouTube user for $10,000 brutecat.com/articles/leaki…

Publishing new free tool for bug bounty hunters and IT teams 🎉 crxplorer.com We've built a tool that takes a Chrome Web Store URL as input, fetches the code and manifest file, checks permissions, and reviews them via LLM. Using this, I've found numerous issues in

Introducing the Bambda Library! Join us on the PortSwigger Discord on March 4 at 11am ET (4pm GMT) for an exclusive walkthrough... 💾 Save and re-use your favorite Bambdas 🚀 Get started quicker with built in templates 📂 Keep Bambdas organized Register 👉

Need to create a custom wordlist? Try using katana to crawl target URLs and then tr '[:punct:]' '\n' | sort -u to extract your wordlist!  Bonus tip: Use the -d <num> option to increase the maximum depth to crawl a.k.a MORE WORDS!

Blog post: blog.fndsec.net/2025/04/02/bre…

Don't miss this brand new AI extension in the BApp store! ✨ MCP Server allows you to: ✅ Connect Burp Suite to AI clients ✅ Easily integrate with Claude Desktop MCP Server also comes with a packaged Stdio MCP proxy server. Check it out 👇

Introducing Icon, the world’s first AI CMO (Chief Marketing Officer): it can plan, create, & run 1000s of winning ads end-to-end. We're backed by Peter Thiel's Founders Fund & execs of frontier AI labs like OpenAI (ChatGPT), Cognition, & Pika. How it works: 1. Connect Icon to

One of the hardest parts of a security code review? Figuring out how the project is structured. deepwiki.com just changed the game: 🧠 Repo overview 🧩 Component relationships 🧭 Architecture map 💬 Ask: “Any secrets?” “SQLi here?” Try it. It's 🔥 for AppSec.

*** KNOXSS GIVEAWAY June 2025 *** Directions: 1. Like 2. Share 3. Be a follower Prize: KNOXSS Pro for 1 Month Results: June 10th Number of Winners: 3 Good luck! 😀 knoxss.pro - #XSS for pros. #BugBounty #PenTesting

Suraj Matan Berson Heard the feedback: "The probability is so low—a user has to drag, drop, and click!?" But with AI agents soon browsing and acting for us (e.g., OpenAI operator), this becomes a 0-click XSS. Critical Thinking - Bug Bounty Podcast

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…