🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

On June 23rd i'll be giving my "Credential Operations" / "Operationalizing Cybercrime Data for Red Teamers and Offsec" training for FREE! It's gonna be 🔥🔥🔥 Registration link in 1st reply 👇

IP whitelisting is fundamentally broken. At Assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: github.com/assetnote/newt…

1. Got auth bypass 2. Started clicking the newly accessed internal app 3. Got rickrolled Wild bug bounty first :P

Top 10 shirt

Sitting in on a great phishing talk at BSidesDSM

Thanks BSidesDSM for allowing me the opportunity to teach what I know about recon!

Only ONE WEEK left to join as a sponsor of Bug Bounty Village at DEF CON 33. The deadline is June 15. If your team wants a presence in the heart of hacker-led security research, now's the time. Reach out and let's make it happen. #BugBounty #DEFCON #BBV #BugBountyVillage

Godfather Orwa 🇯🇴 HackerOne H4x0r.DZ Hey bugcrowd, your turn now to do what's right!

Hey the community! I feel the need to react to x.com/GodfatherOrwa/…, as it targets me specifically and is doing a clear defamation there. I guess it's useless to say that the claims of me telling that I'll block people based on the fact that they're muslim is a complete lie,

This week, Disclosed. Shubs wins the LHE with Salesforce. Free NahamCon talks. Tools for fuzzing, IP whitelisting, and JWT automation. Plus: SSRF in Lichess, OAuth deep dives, and the return of leHACK. Full issue + links → getdisclosed.com Highlights below 🧵

Create and run Linux containers as lightweight virtual machines on your Mac with Container. Open source, written in Swift, and optimized for Apple silicon. No Docker or similar needed. · GitHub repo: github.com/apple/container · Intro presentation: developer.apple.com/videos/play/ww…

I just found the coolest csp bypass ever! did you know that a valid pdf can ALSO be valid javascript? (details below)

Trying but failing miserably. If I can get caught up this weekend while trying to move then I’ll consider actually working normal hours.

I really like the tools built by / XNL -н4cĸ3r (and @xnl-h4ck3r in the new Sky) , they have certainly helped me many times during my tests. If you like his tools and can support his development: ko-fi.com/xnlh4ck3r

My new research Escalation of Self-XSS to XSS using modern browser capabilities. blog.slonser.info/posts/make-sel…

Check out the newest episode of the MLSecOps podcast where I talk about assessing AI enabled applications! 🔗Transcript, audio/video, and links to episode resources available at bit.ly/43Ils3Q

I re-wrote all my recon tools to include benchmarking. There is difference between how normal people find sub domains and how I find subdomains:

Remind me to never move myself again. Started 7 am and I’m currently 30 minutes out with the last trailer full.

This is a fantastic read about how the world is changing and how @[email protected] would approach his career starting over in the now. I agree with 100% of his advice. securing.dev/posts/if-i-wer…