🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Celebrate the wins (even if they're dupes) 🎉

I created a tool called "Creatures Of Habit" which accepts a GitHub username/organisation finds all public repos and extracts endpoints from popular web frameworks github.com/BuildHackSecur…

We’re excited to announce that Ben Sadeghipour (@nahamsec) will be speaking at the Bug Bounty Village at DEF CON 33! Stay tuned for more details on their talk, you won’t want to miss it. #BugBounty #DEFCON #BBV #BugBountyVillage

We’re excited to announce that Adam Langley (Adam Langley) will be speaking at the Bug Bounty Village at DEF CON 33! Stay tuned for more details on their talk, you won’t want to miss it. #BugBounty #DEFCON #BBV #BugBountyVillage

How to Test and Confirm RCE, Then Exfiltrate Data (no firewall): Step 1: Test if RCE is possible with something like ;whoami Since the app doesn’t return output (blind RCE), you need a side-channel to confirm it. Continued in thread 👇

Getting blocked by servers while using cURL? Most sites don’t like requests from cURL and will often block it because it's a red flag for bots or scraping tools. Try changing your User-Agent header, like this: curl "https://hackinghub[.]io" -A "<NEW-USER-AGENT>"

On the HackingHub end for the fourth of July festivities, the labs I put together for the Linux For Hackers Fundamentals course are all ready -- and neato code 'jhlinux' gets it for ten dollars off :) Wowee zowee! Quick link here: hhub.io/jhlinux

De NL HackerOne Community organiseert een 10-daagse Bug Bounty Challenge (17–27 sep)! Remote hacken + afsluitende fysieke meetup op 27 sep bij 5CA in Utrecht incl. borrel 🍻 🔗 Meer info: h1.community/events/details… 👾 Discord: discord.gg/9epVjkEdjU 🧑‍💻 Max 50 fysieke plekken!

Scanning github repos is a great way to find juicy information, secrets and credentials! Trufflehog makes this easy. With one scan you can find AWS keys, FTP creds, crypto keys and more! Check this out👇

Feels like so long ago since I released a video. I feel kinda rusty

This Tiny JWT Mistake = Massive Bug Bounty (with a real world example!) watch here 👉🏼 youtu.be/0R3xHx7fPUM

Wild how I sat on this video for 5 weeks thinking it wasn’t good enough… finally post it today and now I'm getting DMs from people saying how much they loved it. Creative self-doubt is undefeated. 🫠

Next SecMeet0x04 is almost here — and this time I’m sitting down with Ben Sadeghipour We’re going deep into the real bug bounty grind: from getting started, building momentum, going full-time… and yes — talking money too. 💰 Stay sharp — it’s coming. #SecMeet #AmrSec #NahamSec

I’ve been taking L after L for the last 2 months. Can this year be over already 🥲

“Hack. Hustle. Repeat.” That’s the vibe of this SecMeet — and no better guest for it than Ben Sadeghipour . We broke it all down: -From your first bug to full-time bounty life -Leveling up without burning out -Smart money moves in a world of big payouts -Real advice from someone