Are legacy IDV vendors draining your budget with hidden fees and complex contracts? Use our free ROI calculator to see exactly how much you can save with Didit's transparent, pay-per-success model. The results might surprise you.

kshitij vaze A lot after writing github.com/0xAX/linux-ins… many years before llm appearance

Hacking a GraphQL API but introspection is disabled? Clairvoyance, a tool by Nikita Stupin, can reconstruct GraphQL API schema even if the introspection is disabled.  For installation and usage 👇 github.com/nikitastupin/c…

🔥 CVE-2026-23993: HarbourJwt JWT auth bypass via unknown alg. Not just alg=none: unsupported alg => empty signature, so forged token header.payload. passes. Write-up + fix: pentesterlab.com/blog/cve-2026-…

hetmehta.com/posts/n8n-type…

Highly recommended --> intigriti.com/researchers/bl…

CSPT + Arbitrary JSON hosting is such a cracked combo. I feel like a magician every time I pull it off.

Reading through this awesome write up right now on my quest to get a working Chrome RCE <3 blog.perfect.blue/Chromium-Fullc…

Pentesting Next.js Server Actions #Nextjs #Pentesting #ServerActions #BurpSuite #SecurityTools adversis.io/blogs/pentesti…

If you haven't watched ep. 162 yet, we talked with Alex Rice from HackerOne and here are the most important questions and answers: 1. Are they training AI models on researcher reports? (8:50) No. The part of their ToS that mentions AI training was written a long time ago,

Lost in Translation: Exploiting Unicode Normalization With this research, Ryan Barnett (B0N3) and Angel Hacker added another layer of understanding to this area. They introduced a lot of very interesting techniques. Check it out 👇 youtu.be/ETB2w-f3pM4?si…

This blog site of Youssef Sammouda (sam0) is a treasure trove of everything Meta (Facebook, Instagram, Oculus) hacking 👇 ysamm.com

Bro thought the aura would carry him 😭

New series on using Claude for bug bounty 👀. sync your hackerone reports, cross-referencing past findings against new targets etc. The actual workflow, not the LinkedIn fantasy. Feedback from AI-maxers always welcome ❤️ clawd.it/posts/11-teach…

Another read about the topic of "dead subdomains" and why I decided to keep them in argosdns.io argosdns.io/blog/a-dead-su… (But: DNS data will come soon to the platform :))

This blog walks through Android deep link and WebView exploitation, bypassing host validation to exfiltrate credentials from shared_prefs via JavaScript: 8ksec.io/android-deepli… Tested on InsecureShop using ADB + Frida.

… “Declan Rice” “Szoboszlai” Just look at that gap between them and Bruno 😭😭

Any Bruno slander i see from this day forward I’m dropping this image and dipping wtf😭

He’s genuinely better than KDB man