You've found a GraphQL target... But you don't have much time to test your target for every vulnerability... 😴 Here are 4 tools you can easily use to find over 5+ vulnerabilities in GraphQL APIs! 🤑 A thread! 👇

happy to release my new article entitled: Next.js and cache poisoning: a quest for the black hole zhero-web-sec.github.io/research-and-t… good reading;

Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code

Prompt Injection can impact all aspects of the CIA security triad (Confidentiality, Integrity and Availability). arxiv.org/abs/2412.06090

Find xss with KNOXSS Find subdomains. subfinder -d domain -all | httpx -o subs1 subdominator -d domain | httpx -o subs2 Merge all subs in one file cat sub1 subs2|anew subs Find history. cat subs | wayback |anew xss-wayback katana -list subs -o xss-katana cat subs | gau

With DomLogger++ by Kévin GERVOT (Mizu), tracking DOM interactions has never been easier for XSS testing! ☝ This powerful tool logs DOM modifications in real time, helping you pinpoint vulnerable elements and uncover interesting behaviours 🕵️ Check it out 👉 github.com/kevin-mizu/dom…

Excited to be named in Yogosha’s Top 10 Security Researchers for Q1 2025! 🎉 Big thanks to the Yogosha team for the shoutout. Congrats to all the talented researchers on the list!🕵️‍♂️🔒 #BugBounty #CyberSecurity #Yogosha

Detailed blog post: embracethered.com/blog/posts/202…

jineeshak.github.io/posts/Chaining… #bugbountytips

And congrats to Saif Abdullah Khan Mahi 🇧🇩 (aka badhacker0x1), xl00t, Batee5a (aka Batee5a), 0x0Asif🇧🇩 (aka 0x0asif), z3r00t, Vijith Vellora and Jzee Rx for being in the top 10!

Turns out my #PHRACK article is live! 🔥 > The Art of PHP — My CTF Journey and Untold Stories! Kinda a love letter to those CTF players & PHP nerds! Hope all the credit goes to the right ppl. Also huge thanks to [email protected] for not forgetting me, TMZ for the edits, and the

We’re expanding localized pricing to India! 🇮🇳 Individual plan prices drop by nearly 65%: 💸 Monthly: ~1,750 INR → 625 INR 💸 Yearly: ~17,500 INR → 6,250 INR Know a hacker in India who’s been waiting? Tag them. 👇 caido.io/blog/2025-08-2…

Happy to be in the top 10 for the 3rd consecutive quarter!!

Frida 17.4 introduces Simmy, a new backend for Apple’s Simulators on macOS. Spawn, attach, and instrument apps — just like on a real device.

Bug Bounty Tool: Kiterunner bruteforces API routes using contextual wordlists to uncover hidden endpoints fast: GitHub github.com/assetnote/kite…

Me and a friend just landed a bounty for an RCE using a technique I addict it earlier and have kept refining ever since. Grateful for the results. Alhamdulillah. More here: sl4x0.xyz/turning-depend… or sl4x0.medium.com/turning-depend…

I’ve added here github.com/orwagodfather/… PDF file for XSS, it can bypass any waf for who looking for Stored XSS , and it can be changed to blind if you want to Simply I encoded the payload as ASCII hex You can edit the payload over notepad++ #bugbountytips #bugbountytip

Need to find the APIs the devs forgot about? Combine waymore with xnLinkFinder or similar. - waymore: Gathers the archived URL responses. - xnLinkFinder: Extracts the hidden paths and parameters. GitHub repos 👇 github.com/xnl-h4ck3r/way… github.com/xnl-h4ck3r/xnL…

No jailbreak. No problem. 🔓 I built a tool that bypasses iOS SSL Pinning using OpenVPN + iptables — works with Burp Suite & mitmproxy out of the box. 👇 GitHub github.com/SahilH4ck4you/… #CyberSecurity #BugBounty #iOS #Pentesting

Claude Bug Bounty Hunter - Claude Code skill for AI-assisted bug bounty hunting - recon, IDOR, XSS, SSRF, OAuth, GraphQL, LLM injection, and report generation github.com/shuvonsec/clau…