extremely useful when pentesting APIs.

モジタバ DeepSeek Hello, you could check my slides for postMessage vulnerability here slides.com/hehedzo/postme…

Just got a reward for a vulnerability submitted on YesWeHack ⠵ -- Improper Access Control - Generic (CWE-284). yeswehack.com/hunters/d3sp0 #YesWeRHackers

CSRF Bypass Techniques ! 1. Token Manipulation: - Remove the entire CSRF token parameter or just its value. - Replace the token with a random one of the same length. - Try using a token that is one character longer or shorter than expected. - Inject the

Burp-Suite-Pro-Scan-Profiles:- Custom scan profiles for use with Burp Suite Pro. To import, select "Burp" in the top left taskbar and select "Configuration library". In the popup, select "Import" and import the json files from this repository. github.com/TheGetch/Burp-…

read this kpwn.de/2023/05/javasc…

We are back for DEF CON 33 this August. To celebrate, we will be giving away 10 more one-month Pentesterlab licenses! To enter: 1️⃣ Follow us on X Bug Bounty Village 2️⃣ Like this post ❤️ 3️⃣ Retweet this post The giveaway is open until Friday (3/21) Good Luck! #BugBounty #DEFCON

🚀 To celebrate the upcoming Azure Red Team Expert cert, we're launching the first Cloud PEASS: Azure PEASS! 🔎 It gets Azure/Entra tokens, finds all your permissions, highlights sensitive ones HackTricksAI and tells you how to privesc! 👉 github.com/carlospolop/cl… #hacktricks

$2,500 Bounties in GraphQL Hacking! Started learning GraphQL security in Feb and picked a HackerOne program—luckily, it was all GraphQL! Found multiple bugs, including two high-severity ones which I wrote about. Read here: blog.koalasec.co/2500-dollars-i…

“Account Takeover using SSO Logins” by Rikesh Baniya rikeshbaniya.medium.com/account-takeov…

How to grab all Graphql query/mutation if introspection disabled? 1. Download all js files to directory js_files 2. Run this command: grep -Eo '(query|mutation) [a-zA-Z0-9_]+\(' js_files -R 1/n #bugbountytips #graphql

Our sponsor The SecOps Group just upgraded their Active Directory Pentesting exam, they have now rolled out C-ADPenX v2! Their exams top-notch, hands-on, realistic, and relevant. If you’ve been thinking of upskilling or validating your offensive security skills, now’s the perfect

🚀 𝗔𝗻𝗱𝗿𝗼𝗶𝗱 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗖𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲- 𝗠𝗶𝘀𝗰𝗼𝗻𝗳𝗶𝗴𝘂𝗿𝗲𝗱 𝗔𝗻𝗱𝗿𝗼𝗶𝗱𝗠𝗮𝗻𝗶𝗳𝗲𝘀𝘁.𝘅𝗺𝗹 ** Like, Comment, Repost, and 3 lucky winners will get 100% discount on our CMPen- Android exam!** 🕵️ 𝗧𝗼𝗺'𝘀 𝗦𝘁𝗮𝘁𝗶𝗰 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀

10 Burp extensions I actually use... BUT none of them are in the top 30 most popular in the BApp Store! I get tired of seeing the same extensions come up in "top 10" lists. Here are some hidden gems you might not have tried... yet. In no particular order. 🧵👇

Want to dive into forgotten bug bounty write-ups and blog posts from some of the most notable hackers in our community? 🧐 We promise that you will learn a thing or two about web security! 🤠 In this issue, we feature 5 compelling articles (that are still relevant today) from

Excited to share that I successfully completed the AndroDialer exploitation challenge by 8kSec. After submitting my exploit, the 8kSec team replied: "Congrats on being one of the first to complete the challenge!" — that honestly made my day. #CyberSecurity #Security #hack

Hacker Summer 2025 giveaway! I am giving away a total of 3 seats for any of the highly coveted on-demand courses by Altered Security To participate - please Repost, Comment the course/certification name, what makes it useful to you and follow Nikhil Mittal and Altered Security

GIVEAWAY!! 🔥 Hacker Summer 2025 giveaway! We are giving away a total of 2 seats for any of the highly coveted on-demand courses by Altered Security To participate - Like👍, Repost🔁 and Comment💬 the course/certification name, what makes it useful to you and follow