Good morning! I've been using this payload for over a year to discover XSS via open redirect vulnerabilities that bypass WAF. It works great: :DD Payload: javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.cookie #BugBounty #bugbountytips #bugbountytip

Here's a short blog about my methodology behind bypassing in general✨ s0md3v.github.io/blog/magika-by…

A quick and easy way to find forgotten hosts that are still exposed to the internet is by checking the SSL/TLS certificate! 🤑 Here's how you can filter by expired SSL certificates in Shodan! 👇 org:"<company>" ssl.cert.expired:true #bugbountytips

So you want to exploit ADCS ESC8 with only netexec and ntlmrelayx ? Fear not my friend, I will show you how to do it 👇 NetExec now supports "Pass-the-Cert" as an authentication method, thanks to Dirk-jan original work on PKINITtools ⛱️

your perspective of finding information disclosure bugs will change after this video 🔥 youtu.be/abk7wT1EMzw?si…

Very cool write up on a journey to getting RCE through a number of different bugs by Abdullah Nawaf (HackerX007)🇯🇴 and Godfather Orwa 🇯🇴: medium.com/@HX007/a-journ… We made a FREE hub out of it for everyone to try: app.hackinghub.io/hubs/path-to-r…

Master this all FFUF techniques with my custom wordlist for easy bounties 🔥 osintteam.blog/ffuf-mastery-t…

I've automate Coffin pii bug methodology. Now you can find easily.

Bug: SQLi method: oneliner link github.com/h6nt3r/tools/b… #sqli #hackerone #bugcrowd #ethicalhacking

Jobs & Internship opportunities -: ->jobs.null.community (For technical and non-technical infosec jobs/internship) by null - The Open Security Community -> isecjobs.com by @infosec_jobsCOM

As a bug hunter, you might want to look for airflow config files. securityaffairs.com/122941/securit…

ffuf -w subdomains.txt:SUB -w payloads/backup_files_only.txt:FILE -u https://SUB/FILE -mc 200 -rate 50 -fs 0 -c -x http://localip:8080 payload:github.com/coffinxp/paylo…

The Israeli government has started bombing Gaza again, in violation of the negotiated ceasefire, after blocking food, water, and aid for weeks. We must stop sending offensive weapons to the Israeli government. We cannot continue to be complicit in Netanyahu's assault on

💡I’ve been asked numerous times to provide a checklist for auditing a LayerZero integration. ⚡️You asked, so here it is: github.com/windhustler/In… 🧠 I’ve dumped everything I could think of that can go wrong and more. Goran spent years building and breaking the core

I've created benchmark to test LLM capabilities. HackBench tests LLMs' cybersecurity skills using CTF challenges modeled on real-world vulnerabilities. Starting with 16 Security Intern-level tasks, it scales as models improve proving real skill even with test-set contamination

Urx (short for "Extracts URLs") is a Rust-based tool I built to collect URLs from various OSINT archives. Inspired by Gau, it’s designed with the features I needed. I’d love to hear your ideas for improvements! Feel free to share them via GitHub issues or leave a comment

نناديكم من تحت القصف الجنوني نُقسمُ لكم اننا نُحرق الان تكلموا عنا لعل هذا يشفع لكم

Frida Rust bindings github.com/frida/frida-ru…

MCP Security Checklist github.com/slowmist/MCP-S…

Bug-Bounty Tip for new hunters Use subfinder + dnsx to detect potential subdomain takeover candidates with unresolvable records (NXDOMAIN). subfinder -d target.com -silent | dnsx -a -resp | grep -i "NXDOMAIN" Peace✌️ #bugbountytips #streakammo #bugbounty