Starting a new #bugbounty target? Here's a quick guide to help you hit the ground running 🧵👇 : #bugbounty #bugbountytips #cybersecurity

The most important thing to remember while hacking: Have fun

Pic of the Day #infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #cybersecuritytips

Do you want to temporarily proxy your whole terminal tools to Burpsuite or any proxy? Add the following env vars (linux/macos/unix): export http_proxy=127.0.0.1:8080 export https_proxy=127.0.0.1:8080 it would work with any tool opened from the terminal, including any UI app 1/3

You guys always ask me how do I find SQL injections, its just simple. Avoid what everyone does and make your own methodology. Here is mine: 1. I don't normally go if the target is just target.com. I always prefer the target with wide scope. 1/n #BugBounty

Pic of the Day #infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #cybersecuritytips

Year of the Jellyfish - I have just completed this room! Check it out: tryhackme.com/room/yearofthe… #tryhackme #linux #jellyfin #cve #code #cert-style #muirlandoracle #NewYear #newyear #yearofthejellyfish via

Damn...only few hours between my dup report and the original one. Now let's get back to work :D

if your Repeater Tab doesn't look like this while hunting for bugs.... you must be doing something wrong😆 #BugBounty #Hacking

HackerContent provides marketing and content services specifically for cybersecurity companies. We'll pick one person who retweets this and send them a Flipper Zero in the post 🐬. #giveaway

In pursuit of an offensive security career, many people will say you “have” to do X THING to succeed. School, certs, programming, +++ Fuck that. The only commonality across hacking is a strong sense of curiosity and the best ingredient to success is some form of hard work.

The golden bug bounty rule: “Touch the code, pay the bug. Don’t touch the code? Allow to disclose” -Jhaddix

Being naturally curious creates the best hacker in us.

Vibe coding creates Vibe bugs and all is good we all eat

Just published my first blog post "Cache Deception + CSPT: Turning Non Impactful Findings into Account Takeover" You can read the full write-up here: zere.es/posts/cache-de…

I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes! Learn how below: portswigger.net/research/inlin…

While playing a challenge by Salvatore Abello, I found a pretty interesting way to exploit Dangling Markup with a strict CSP. All you need is an <iframe>, <object> or <embed> set to about:blank, with a dangling name= attribute. This vulnerable page should be iframable.

😅

Last week our CISO asked me to present on “zero trust architecture.” I don’t know what that means. I make $340,000 a year. I haven’t touched a firewall since Obama’s first term. But I have a CISSP. I passed by memorizing acronyms. I still don’t know what half of them stand for. I