🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

👻 Hacking SSO: Pre Account Takeover 👻 No email verification ➕ SSO 🟰 full account compromise. Read more on my blog: ghostlulz.com/blog/pre-accou… #bugbountytip #bugbountytips #hackerone #bugcrowd #infosec #redteam #CyberSec #bugbounty

🪲 Interesting SOQL injection bug in "contentDocumentId" parameter in Salesforce applications found by MasterSplinter, exposing user docs mastersplinter.work/research/sales…

I just found the coolest csp bypass ever! did you know that a valid pdf can ALSO be valid javascript? (details below)

15 and hacking his way to an impressive portfolio. 😯 Patrick’s journey started early: “I got into technical writing at 11 after exploiting an info leak on my middle school’s website. It was simple, but it meant a lot to me back then,” he says. 💭 Get the full story and his top

New tool drop by Assetnote! 🛠️ Some instances only accept incoming traffic from 'trusted' sources such as AWS, GitHub/GitLab CI, etc. Newtowner is a simple tool to help bypass these weak IP whitelisting rules! 😎 Check it out! 👇 github.com/assetnote/newt…

Latest Bug Bytes is live! 🚀 This month's issue is as usual packed with bug bounty tips: ✅ Becoming an Intigriti Pentester! ✅ Exploiting CORS in 2025 (and even when SameSite is set to ‘Strict’) ✅ A forgotten tool to quickly score new hidden endpoints (right before you close

I don't know who needs to hear this, but if you have Param Miner installed in Burp Suite, you can use $randomplz anywhere (repeater, etc) to get a random value that can be useful as a cache buster #bugbounty

Notes on finding the server origin IP behind CDNs! 👇 #HackWithIntigriti

just got a new mac what should i install?

ok my new blog is live, will update with older blog posts soon! 👉 pwnfunction.com

Is your XSS held back by script-src CSP policy? Try one of the following JSONP endpoints to bypass CSP! 👇

"Funky chunks: abusing ambiguous chunk line terminators for request smuggling" - quality research by Jeppe Weikop! Also thankfully it doesn't overlap with my upcoming presentation 😅 w4ke.info/2025/06/18/fun…

⏰ It's CHALLENGE O'CLOCK! 👉 Capture the flag before Thursday the 26th of June 👉 Win €400 in SWAG prizes 👉 We'll release a tip for every 100 likes on this tweet Thanks ToG for the challenge 👇 challenge-0625.intigriti.io

Done with testing your target? Don't close Burp Suite yet! ❌ JSON2Paths by Somdev Sangwan can help you find a few quick bounties before you wrap up! 🤑 This simple Python tool helps you find hidden API endpoints and app routes by fetching Burp Suite's history! 🔗

The best writeup i read related to Chaining Vulnerabilities medium.com/@ahmdhalabi/th… medium.com/@Hx0_0h4nf1/ho…

📢Just published - Our new white paper comparing Semgrep's Code and Community editions! We dove into both versions of this popular tool to see what the differences were and how they performed against each other. doyensec.com/resources/Comp… #doyensec #appsec #security #semgrep

For some bug bounty hunters, the Log4Shell hunt never truly ended... 😈 While most moved on, some researchers know this vulnerability is still hiding in production systems across the web, even today 👀 We just published a comprehensive guide showing exactly how to uncover

Hacker Summer 2025 giveaway! I am giving away a total of 3 seats for any of the highly coveted on-demand courses by Altered Security To participate - please Repost, Comment the course/certification name, what makes it useful to you and follow Nikhil Mittal and Altered Security

I hope everyone got some rest after DownUnderCTF this weekend. My colleague hashkitten wrote up a blog post on a novel technique for SQL Injection in PDO's prepared statements, required to exploit the “legendary” challenge, which only got one solve: slcyber.io/assetnote-secu…

To celebrate our badge launch, we're giving away FIVE free 6-month licenses to @pentesterlab. ✅ Comment BADGELIFE and retweet this post to enter. Additionally, pre-order a custom badge at shop.bugbountydefcon.com for a chance to win one of FIVE Annual VIP+ subscription to