JWT Security Resources 1. JWT Introduction - jwt.io/introduction 2. JWT Attacks - portswigger.net/web-security/j… 3. OWASP JWT Cheat Sheet - cheatsheetseries.owasp.org/cheatsheets/JS… 4. JWT Vulnerabilities Guide - pentesterlab.com/blog/jwt-vulne… 5. JWT Best Practices - curity.io/resources/lear… 6.

Hunting for 0-days: Where to start? Resource: ibm.com/think/x-force/…

pentest-ai - 6 Claude Code subagents for offensive security research (engagement planning, recon analysis, exploit methodology, detection engineering, STIG compliance, report writing) 0xsteph.github.io/pentest-ai/

A simple vulnerability in postmessage CTI, Been a while since my last bug bounty tip 😂 Not something new, but honestly I liked it Application is integrates with various integration including salesforce, Shopify etc... for example window.opener && window.opener.postMessage({

GitHub repos for bug bounty hunters: 1. github.com/0xmaximus/Gala… 2. github.com/coffinxp/nucle… 3. github.com/0xKayala/Custo… 4. github.com/HackTricks-wik… 5. github.com/cipher387/Dork… 6. github.com/techgaun/githu… 7. github.com/s0md3v/Awesome… 8. github.com/TakSec/google-… 9. github.com/arainho/awesom…

Source to Sink: Improving LLM Vuln Discovery 🔥 youtu.be/bxwEZMhqeR0

Don’t waste time chasing expensive AI tools. If you can’t build it, you don’t really understand it. That’s where most beginners go wrong. Everyone wants to use AI in cybersecurity, but very few actually learn what’s happening behind the scenes. They rely on tools, copy

How to Hack AI Agents & Application by Ben Sadeghipour, inspired by Joseph Thacker (Follow Them for more) 📍 🧵 👇🏻

LLMs Winning at Pwn2Own 👀 youtu.be/c5XAvRbma6Y

Browser extensions for bug bounty hunters: Wappalyzer (Chrome/Firefox) HackTools (Chrome/Firefox) HackBar (Chrome/Firefox) FoxyProxy (Chrome/Firefox) Cookie-Editor (Chrome/Firefox) CORS Everywhere (Firefox) CYFARE Reconner (Firefox) DotGit (Chrome/Firefox) EndPointer

Good resource for a quick search for assets in scope through public BBPs across some of the big platforms. recon.bugtraceai.com

This one has a bit of story behind it. Less than 12h after the report was submitted, it was confirmed by the team. The team didn’t even try to argue about how catastrophic the impact was. They were fast responsive and professional and transparent with their users, something I

x.com/i/article/2039…

CloudFront WAF sets a 403 interception rule for the `/actuator` path, but you can use URL encoding `/%61%63%74%75%61%74%6f%72` (That's, each character of `/actuator` is hexadecimal encoded) to bypass the WAF and directly access Spring Boot #BugHunter #BugBounty #BugBountyTips

I found this Admin portal using Y-Dork site:Target.com inurl:login | inurl:admin | inurl:login | inurl:logon | inurl:sign-in | inurl:signin | inurl:signup | inurl:sign-up | inurl:dash | inurl:portal | inurl:panel | inurl:register | inurl:administrator 🔥🔥🔥🔥🔥

Race conditions in OAuth flows can still happen in custom implementations. Here's how to find it: During the token exchange, the server is supposed to treat an authorization code as single-use. If you race the token endpoint by sending parallel requests with the same code