Such a wonderful trip with the gang! Thanks for making it a memorable one 🤟 Abdullah Nawaf (HackerX007)🇯🇴 Godfather Orwa 🇯🇴 Hussein Daher Alex Moshkov #PHDays #Moscow

Legendary gang, legendary photo — and something we’ll never forget! 😄 #PHDays

From SSRF to RCE and transfer money in core banking. It is really cool red team case. A perfect combination of external and internal vulnerabilities for each other to bypass the monitoring and detection of the blue team. Present by my colleague Q5Ca youtu.be/xBnMrNCuO_w?si…

🔥🇯🇴

🇯🇴🔥🔥❤️

What’s happening here is really strange! HackerOne is playing judge! A minor disagreement broke out between a few people on X—so why is HackerOne banning them from the platform? Conflicts between bug hunters on Twitter happen all the time, yet H1 has no right to step in and

❤️🔥 this is amazing !!! Great idea from Great man❤️

This is your chance to be a speaker at PHDays Indonesia — one of the biggest and most exciting conferences! It’s a great opportunity to meet top-tier security researchers from around the world. What are you waiting for?

The endpoint was : /storage/users.csv Also try more endpoints like /storage/orders.csv /storage/transactions.csv /storage/reports.csv /storage/customers.csv /storage/backups/users_backup.csv /storage/tables/profiles.csv /storage/tables/roles.csv /storage/tables/invoices.csv

💥 ADVANCED XSLT INJECTION: From Info Disclosure to RCE 🔥 Rare. Powerful. Quiet. This is the kind of injection that silently owns backend XML-based applications. 📚 What Is XSLT Injection? XSLT (Extensible Stylesheet Language Transformations) is used to transform XML

الحمد لله Happy for securing new private program I’m planning to start sharing writeups insha’Allah for the vulnerabilities I find. Here’s a Telegram channel where I’ll be posting soon: t.me/BB0xAshraf

🔥🔥🔥🔥

I look forward to seeing you at Security BSides Ahmedabad 0x6! As always, I promise to deliver my very best, as is my custom. All the topics I will present are based on real-world scenarios I have encountered throughout my career—scenarios that have helped me rank among the top 50

(1/7) Full Organization Takeover Using a Developer Account The Problem: Normally, an API key created by a user with limited permissions (like a Developer) should only be able to do developer-level actions — things like viewing logs, pushing code, or reading team info.

Amazing project! I really advise you to take a look !!

Israel just murdered Anas Al-Sharif. He warned the world they were going to kill him, and no one stopped them

The Israeli forces slaughtered Al Jazeera’s Anas al-Sharif. Those vile bastards! They’ve been gunning for him with threats for ages. Anas was a fearless hero, pouring raw passion and truth into every report. He was our unfiltered lens, and that’s exactly why those cowards

One of the most critical vulnerabilities I’ve found in my bug bounty career! Critical bugs aren’t as hard as most people think—they’re out there, but they require focus and a bit of patience. At first, I thought I’d accessed data for 80,000 users, but later I discovered it was

I earned $20,000 for my submission on @bugcrowd bugcrowd.com/hackerx007 #ItTakesACrowd Auth bypass into any user account using a backdoor parameter (meant to be for support) , which allows an attacker to log in and bypass auth & 2FA using just the username. It works for both