دارم به این فکر میکنم یه نفر چطور میتونه از این مملکت خراب شده برسه به Pwn2Own !؟

به به حاصل ماه ها تلاش یه تیم خیلی خفنووو مشاهده میکنید .

su18.org/post/jdbc-conn… این مقاله در ارتباط با نحوه RCE گرفتن با استفاده از JDBC هست به نظرم خیلی چیز قشنگی اومد لازمه ذکر کنم که RCE ای که چند ماه قبل یک Security Researcher از metabase پیدا کرد از همین تکنیک استفاده کرده بود ، این یعنی مطالعه زیاد :)‌)

github.com/glanceapp/glan… Glance is a self hosted dashboard that puts all feeds in one profile .

جمع جمع گنگاست 👽

هکر دونی مازآپا خرداد ۱۴۰۳

Fake-SMS: How Deep Does the Rabbit Hole Really Go ? medium.com/@aleksamajkic/…

I’ve just shared a new write-up! A small curiosity turned into a full-blown SSRF — internal access, exposed data, and deep exploration. Read it here: medium.com/@skycer_00/ful… #BugBounty

⚡MapperPlus facilitates the extraction of source code from a collection of targets that have publicly exposed .js.map files. ✅github.com/midoxnet/mappe… ✅Join Telegram - t.me/brutsecurity #bugbounty #bugbountytips

securityonline.info/next-js-flaw-c…

The man produces cutting edge research for blackhat 10 years in a row conducting proper disclosure each step of the way including 3 other desync related talks resulting in highly impactful data/tools for all of infosec and people still lose their minds over logos and websites 🤷‍♂️

Not at Black Hat / DEF CON? You can still join the mission to kill HTTP/1.1: - Watch the livestream from #DEFCON at 16:30 on 8th - Read the whitepaper on our website - Grab the HTTP Request Smuggler update & Web Security Academy lab Follow for updates & links. It's nearly time!

It’s almost 2026 and this crap is still out in the open… DAMN!! #BugBounty #bugbountytips #bugbountytip

I was expecting this after i saw James Kettle post on HTTP pipelining, haha; btw Intigriti triage team are just nice.

HTTP Request Smuggler v3.0.1 is now live! This fixes a false positive in the CL.0 scan caused by pipelining - thanks to sw33tLie for the report. Note that the new parser discrepancy scan still has superior accuracy. For more info on pipelining check out portswigger.net/research/how-t…

I'm flying out to #romhack2025 tomorrow, for the final edition of HTTP/1.1 Must Die! Feel free to say hi if you'd like to chat.

Really disappointed to see HackerOne do this. I also had a similar interaction with h1 about a month ago where they questioned my nationality and place of residence after 10+ on the platform.