🔥Telegram İfşa

AI isn’t replacing bug bounty hunters anytime soon, but it’s getting surprisingly close. In this DEF CON talk, Joel Noguera & Diego Jurado (@xbow) show how they built agents that exploit real-world XSS, JWT, and CSRF bugs autonomously youtu.be/YDsHI2acEVA #BugBounty #DEFCON

RFC 2047 "encoded-word" is crazy! It lets you smuggle encoded payloads into email addresses and the craziest thing is that some parsers decode it before validation 👇 Shout out to Gareth Heyes \u2028 for this  🔥

Just dropped a breakdown of one of my most viral reels — XSS explained #XSS #bugbountytips #Cybersecurity #HeTroubleHacker #infosec Viral XSS Reel Breakdown | Hacks Explained EP 1 | HeTroubleHacker youtu.be/4n9OV7P70EU?si…

Automation handles the known. Humans uncover the new. Here are 6 ways to manually find new attack vectors 👇 1️⃣ Redefining the Impossible - "You can't" Search documentation for “X cannot do Y” restrictions. These statements often highlight strong assumptions and logic. Use

I've been working on something behind the scenes for the past couple of months, and I'm finally ready to share it. Disclosed. A curated newsletter about the bug bounty world. getdisclosed.com/subscribe Over the last four weeks, I've been quietly publishing weekly issues and

casually dropping some info, how you can enroll on zoom private BBP! instagram.com/reel/DKjobWfBE…

HackerOne Clubs across Asia-Pacific are adding fresh energy. Welcome to these new Brand Ambassadors! 🇮🇩 ZeeAgil & 🇮🇩 root_geek280 (Indonesia—new club!) 🇮🇳 Aditya Soni & 🇮🇳 Yash Sharma (India North) 🇮🇳 charan (India South) 🇮🇳 Debangshu 🇮🇳🥷 & snifyak (India East) 🇧🇩

After about five years of sifting through and triaging thousands of vulnerability reports, I’ve got a pretty good sense of what makes a report stand out, and what makes it a slog to read. Lately, I’ve noticed more and more folks using AI to jazz up their reports with flowery,

After 9 months+ of cranking, cursing, and cursoring, and drawing on over 20 years experience running #HITB's Call for Papers, I bring you CFP Directory - a single system to make it easier for speakers to submit and organizers to connect and curate talks: cfp.directory

When HTTP/1.1 Must Die lands at DEFCON we’ll publish a Web Security Academy lab with a new class of desync attack. One week later, I’ll livestream the solution on air with Off By One Security! You’re invited :) youtube.com/live/B7p8dIB7b…

When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We (Ian Carroll and I) discovered a vulnerability that could allow an attacker to access the over 64 million chat records using the password "123456". ian.sh/mcdonalds

Shoutout to Intigriti triagers!! Thanks for being awesome to work with! Somehow landed at the top of the 90-day leaderboard…

How to grab subs for a target using subfinder, validate them and extract the text body from each response using httpx and jq, extract a wordlist of keywords using NLP then resolve them using puredns to find valid subdomains 👇 You can also use LLMs and tools like alterx to

Just scored a reward Intigriti, check my profile: app.intigriti.com/profile/hetrou… #HackWithIntigriti

How to turn iframes and window.open into weapons for XSS. From origin manipulation to sandbox escape, this paper by huli is stacked with juicy info.  Huli dives deep into the magical world of iframes and window.open and is definitely worth a read!

hustle. consistency. reward

The recording of "HTTP/1.1 must die: the desync endgame" has now landed on YouTube. Enjoy! youtube.com/watch?v=zr5y6B…

much better

We found a way to access Max Verstappen's passport, driver's license, and personal information. Along with every other Formula1.com driver's sensitive data. It took us 10 minutes using one simple security flaw 🧵

You found a bug. You wrote the PoC. You hit Submit. …but what happens next? 👀 Join Sameer Sameer Bhatt (Debugger) , Senior Triager @HackerOne, as he breaks down what really goes on behind triage, reports, reviews, rejections & rewards! 🎯 Pure triager insights + 🎁 PentesterLab