Use google dork "site:join.slack.com" you will find tons of exposed invitation links to workspaces. you can join these workspaces even if the option "Require admin approval" is on. because these leaked invites are made by the admins it Self

[Day 12] Of Starting My Career As Web3 SR. -72% of Patrick's Security Course Covered -Covered -> Flash loans, Arbitrage , Centralisation vulnerability, upgradeability of smart contract, proxy contract -Everything writen down in my notes for easy access

I have had 8/10 success in Rate Limiting Bypass for sometime now.

Fun fact. In Lugano, Switzerland, there's a striking statue celebrating the anonymity of Satoshi Nakamoto, the mysterious creator of Bitcoin. Designed by Valentina Picozzi, when viewed head-on, it disappears almost entirely.

How to look for JS files Vulnerability for fun and profit? medium.com/@Skylinearafat… #JSFiles #BugBounty #CyberSecurity

Even though they never caught the hacker, Why? Well, because he ran somewhere.

Just dropped my first write-up! Found a juicy auth bypass that gave me admin access through response tampering. Check it out and let me know what you think! medium.com/@arrasgotcha/a… medium.com/@arrasgotcha/a…

😂😂🙌 those days

~IDOR New video out too... youtu.be/WlDlNDi3pbY #bugbounty #bugbountytips

How to grab all Graphql query/mutation if introspection disabled? 1. Download all js files to directory js_files 2. Run this command: grep -Eo '(query|mutation) [a-zA-Z0-9_]+\(' js_files -R 1/n #bugbountytips #graphql

I was about to die in Africa I had 0 Cash. Only crypto. Here is the full story: live demo with Swypt cofounders (Michael Loupa, unwrap()) here at ZuAfrique 🇰🇪👇

I’m seeing more and more of the new wave of top security researchers come from Cyfrin Updraft. Keep crushing it all, and we will do our best to keep making your lives as researchers better 🦾

Video of my talking in #PHDays at PT Security youtu.be/CJnXjWXXB1Y?si… Hope you like it and enjoy it #bugbounty #bugbountytip #bugbountytips #infosec

🚨 PRO TIPS for XSS Hunters Stop pasting the same alert(1) everywhere! 🙅‍♂️💻 ✅ First, ask: Where does your input land? 📝 In a <textarea>? 🔒 Inside an attribute? 📄 Between tags? 🎯 Tailor your payload to the context. It’s not about luck — it’s about logic 🧠 </textarea><script

Just released WPProbe v0.6.0! It now includes a bruteforce mode and a hybrid scan (REST endpoints + bruteforce). Check it out: github.com/Chocapikk/wppr… (Thanks ibrahimsql for the PR)

12 API hacking bug bounty tips you must try on your target! 😎 🧵 👇

1. Deflation attack in Silo Labs (v2 is live) vault during a Code4rena contest Share = _assets.mulDiv(_newTotalSupply + 10^_decimalsOffset(), _newTotalAssets + 1, _rounding) What the problem here? totalAssets is based on redeemable market shares, but market rounding can cause an issue

josephthacker.com/hacking/2025/0…

Happy fathers day to all the hardworking dads out there. 🥳