I HACKED a smart contract 🚀 Security in web3 is crazy. Web3 hackers make millions 💰 Who wants to learn this? Here are web3 hacker resources 👇

📢 Today I'm releasing Threatest, a Go framework for end-to-end testing of threat detection rules securitylabs.datadoghq.com/articles/threa… github.com/datadog/threat… 🧵⬇️

I burned 20 Kgs fat in 6 months. No need to buy another INR 9999/- program. I am giving away the entire course for FREE:

I'm happy to publish the second part of the series about iOS (de)Obfuscation and RASP protections. romainthomas.fr/post/22-09-ios… In particular, it introduces a new technique to "hook" syscalls on AArch64 based on 'gum_memory_patch_code' from Frida

Working on few code review projects, I realised how important reviewing code regularly can be. IIt helps you connect the dots. Most importantly it let's you know, "Why a vulnerability occurs?". Below are few resources to get you started in code review🧵

I'm back with a new tool. Happy to release REcollapse! Simple bypasses can result in impactful bugs in hardened targets. Wanna understand how? Check out my blog post and slides from @BSidesLisbon 2022: 0xacb.com/2022/11/21/rec… github.com/0xacb/recollap…

The best XSS payload I found so far for PoC; Without breaking the applications with alerts everywhere, and it's also very powerful in bypassing some WAFs. <img src onerror=alt=''+document.domain>

My talk "What I Wish I Knew Before Pentesting AWS Environments" for SANS Pen Test Hackfest 2022 is now on YouTube! Check it out if you're interested in learning more ways to attack AWS environments. youtube.com/watch?v=jq8SAF…

Just discovered a critical OAuth vulnerability in Booking.com 's login system that leads to an account takeover. In this post, I break down OAuth in simple steps using an example from the most popular travel website. salt.security/blog/traveling… #OAuth #Hacking

Appsweep is a free developer-oriented mobile application security testing tool provided by @GrdsqrCommunity which aligns perfectly with OWASP® Foundation MASVS2 and this has been really useful for both security team as well as for the app developers.

I've made $500k+ from SSRF vulnerabilities. Here are my tricks:

Pegasus Airlines flight Berlin → Istanbul: 3 hr delay, baggage lost (no update after 24 hrs), rude staff at airport & customer care. Worst airline experience. #PegasusAirlines Pegasus Airlines PegasusDestek

Pegasus Airlines flight Berlin → Istanbul: 3 hr delay, baggage lost (no update after 24 hrs), rude staff at airport & customer care. Worst airline experience. #PegasusAirlines Pegasus Airlines PegasusDestek Pegasus Hava Yolları Ali Sabancı mehmet tevfik nane

Day 3 since my Pegasus flight Berlin → Istanbul. Bag still missing, no status update, no support. Staff + customer care unhelpful. Unacceptable inefficiency from Pegasus Airlines PegasusDestek — how long should passengers wait? #PegasusAirline

Day 3 since my Pegasus flight Berlin → Istanbul. Bag still missing, no status update, no support. Staff + customer care unhelpful. Unacceptable inefficiency from Pegasus Airlines Ali Sabancı PegasusDestek Pegasus Hava Yolları how long should passengers wait? #PegasusAirlin

Day 4 and still no update on our lost baggage from Pegasus Airlines PegasusDestek Pegasus Hava Yolları flight Istanbul → Berlin. This is unacceptable service. We demand an urgent update and resolution. No reply to our mails as well. #PegasusAirlines

Day 4 and still no update on our lost baggage from Pegasus Airlines PegasusDestek Pegasus Hava Yolları Ali Sabancı flight Istanbul → Berlin. This is unacceptable service. We demand an urgent update and resolution. No reply to our mails as well. #PegasusAirlines

Day 6 and still no update on our lost baggage from Pegasus Airlines PegasusDestek Pegasus Hava Yolları Ali Sabancı flight Istanbul → Berlin. This is unacceptable service. We demand an urgent update and resolution. No reply to our mails as well. #PegasusAirlines