Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code

OTP bypasses? Here are 10 blogs for testing OTP bypasses for bug bounty 1. aravind07.medium.com/otp-bypass-pat… 2. infosecwriteups.com/otp-bypass-and… 3. logicbomb.medium.com/otp-bypass-acc… 4. infosecwriteups.com/otp-bypass-on-… 5. shahjerry33.medium.com/otp-bypass-dev… 6. medium.com/@regan_temudo/… 7. medium.com/@arrheniuspael… 8.

Request Smuggling ? Here are 10 blogs to learn more about them 1. medium.com/@StealthyBugs/… 2. infosecwriteups.com/exploiting-htt… 3. ricardoiramar.medium.com/the-powerful-h… 4. gupta-bless.medium.com/exploiting-htt… 5. medium.com/cyberverse/ear… 6. medium.com/@knownsec404te… 7. osintteam.blog/slip-in-unnoti… 8.

I'm thrilled to finally share my research on HTML parsing and DOMPurify at @GreHack 2024 📜 The research article is available here: mizu.re/post/exploring… The slides are available here: slides.com/kevin-mizu/gre… 1/3

Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE. Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here: assetnote.io/resources/rese…

How I Found P1 Vulnerability Using Google Dork h0x1d.medium.com/how-i-found-a-… #bugbounty #bugbountytips #bugbountytip

OSCP Preparation Guide 2025 OSCP-Resources by Verylazytech lnkd.in/dWAquxk3 How I Prepared & Passed OSCP in 3 months by Prajit Sindhkar lnkd.in/df6DghDG OffSec OSCP Exam with AD Preparation (Newly Updated) lnkd.in/dWpD-AMZ The World’s First OSCP+ Exam

Day 1 ! : .env leaked How to find : FUZZ all Endpoints and find leaks Wordlist : github.com/Bo0oM/fuzz.txt…

Free Ethical Hacking Course Giveaway CSEH + CEH Key Topics Covered: * Ethical Hacking Foundations * Introduction to Ethical Hacking * Ethical Hacking Steps * Creating Your Ethical Hacking Lab * Operating System Fundamentals * Vulnerability Assessment * OSINT Techniques *

another research effort with inzo led to the discovery of two new vulnerabilities in React Router (14M+ downloads/week), resulting in: - CVE-2025-43865 (High-8.2) - CVE-2025-43864 (High-7.5)

One of our current intern, vincent shared his Chrome-atic escape adventure using CVE-2024-30088 Epic obstacles documented in it too! starlabs.sg/blog/2025/07-f…

hacktron.ai/blog/posts/pyt…

I've been in crypto for over 10 years and I’ve Never been hacked. Perfect OpSec record. Yesterday, my wallet was drained by a malicious Cursor extension for the first time. If it can happen to me, it can happen to you. Here’s a full breakdown. 🧵👇

Short writeup about bug which helped me to win Meta BountyCon 2024 hacking event vulnano.com/2025/09/remote…