Challenging myself to learn code reviews (with a focus on PHP web apps) in the next 21 days 🔍 Starting with PentesterLab ‘s code review badge, I’ll keep this thread updated with my journey🧵 Drop down any other good code review learning resources👇🏻

The new write-up has just arrived. Have a nice read. bergee.it/blog/turning-c… #BugBounty #bugbountytip HackerRats - Uncle Rat ❤️ (XSS Rat) #bugbountytips zseano

Approximately one-third of software packages from the Python Package Index (PyPi) are vulnerable to a design feature that allows an attacker to automatically execute code when downloaded on a computer, according to .Checkmarx research. #cybersecurity bit.ly/3wAegps

Update: A Threat Actor claims to have completely compromised Uber - they have posted screenshots of their AWS instance, HackerOne administration panel, and more. They are openly taunting and mocking Uber.

Why you should care about IDORs thexssrat.medium.com/why-you-should…

Vulnerable code snippets time⏳ Level: Easy🪲 #BugBounty #YesWeRHackers Found the issue? Explain how in the comments!👇

See also TrollStore, a "Jailed iOS app that can install IPAs permanently with arbitrary entitlements and root helpers because it trolls Apple" // by [email protected] github.com/opa334/TrollSt…

Vulnerable code snippets time ⏳ Level: Medium 🐝 { Hint } Do you really need all the chars or just one?🤔 #BugBounty #YesWeRHackers Found the issue? Explain how in the comments! 👇

The group chat during a CTF:

Reviewing the code of a complex codebase can be very overwhelming. Here are a few things that I do when I’m starting auditing the code🧵

Finally validate the fundamentals, 30 exercices to solve, very interesting journey with this back to basic for consolidating my knowledge OffSec #WEB100 #OSWA

"Containers are secure by default, right?" 🫣 There are two categories of concerns for container security: - Image security (What vulns exist in the image that someone could exploit?) - Runtime security (What might an attacker be able to do if they gain access?) 1/N

Une règle simple pour des sauvegardes en toute sécurité : 3 - 2 - 1 3 copies 2 sauvegardes 1 sauvegarde hors de votre domicile #worldbackupday

Ambushed by AngularJS: a hidden CSP bypass in Piwik PRO portswigger.net/research/ambus…

That's NOT all, folks! 🥕 The recently discovered Looney Tunables CVE impacts the default installations of most major Linux distributions. But how can it be exploited? Read about it on our #blog. Link in comments 👇 Want to try it for yourself? Get hands-on practice on the

Counter-Strike 2 HTML injection bug exposes players’ IP addresses - Lawrence Abrams bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

10 ans 🥳 #MonAnniversaireTwitter

I am delighted to announce that I have obtained the CBBH certification from Hack The Box ! #CyberSecurity #Certification Hack The Box academy.hackthebox.com/achievement/ba…