Had great fun making this huge lab. ProjectDiscovery create amazing CLI tools, and in this lab we’ll teach you how to use shuffledns, alterx, dnsx, naabu, httpx, katana and tlsx to supercharge your recon game!

Another successful meeting last night. Details for BSides Exeter 2026 will start to trickle out from Monday 3rd November 2025. Time to recharge that #oooarrcyber.

SecurityFest WWWinter Pub is approaching fast and on Friday the 7th of November we'll be at Rollin Bistros in Gamlestaden, Göteborg! Come join us! Some tickets are still available! securityfest.com/wwwinterpub/

Even more smuggling techniques from the awesome Jeppe Weikop with yet another "oh yeah http1 does that" moment. w4ke.info/2025/10/29/fun…

🚀 BSides Exeter 2026 is coming! 💡 Curiosity Built the Cyber Pro 📅 24–25 April | 📍 University of Exeter We’re celebrating the spark that drives every cyber mind — from retro roots to future innovation. 🤝 Sponsorships now open: bsidesexeter.co.uk #oooarrcyber

We're back! This year we're focusing on all those weird and wonderful moments that led you to your cyber careers. Sponsorships are open so feel free to reach out 🔥

Firefox nightly introduces the setHTML() method. Which is like a native DOMPurify. You can easily test it here: portswigger-labs.net/mxss/ Set HTMLSanitizer ✅ Auto update ✅ I'm trying to break it, I encourage you to break it too

Join OWASP Göteborg for an Evening of Cybersecurity Stories from the Field! Where: Zacco Digital Trust, 5th floor – Theres Svenssons gata 13, 417 55 Göteborg When: Wednesday, November 20, 2025, 17:00 – 21:00 meetup.com/owasp-gothenbu…

We have just seen the first shirt design draft - this might be the best yet! We just need sponsors for it now. sponsorship.bsidesexeter.co.uk Time for more #oooarrcyber

Praetorian engineer Siddhant Kalgutkar uncovered CVE-2025-55315, a critical hubs.ly/Q03SbmTF0 vulnerability that earned a $10K bounty and prompted a major security fix from Microsoft. A powerful example of the skill, curiosity, and depth that define offensive engineering at

The details on the CVSS 9.9 request smuggling in Kestrel are finally out! Great find by Praetorian. praetorian.com/blog/how-i-fou…

🛠️ 𝐌𝐞𝐭𝐢𝐬 -- an open-source 𝐀𝐈-𝐩𝐨𝐰𝐞𝐫𝐞𝐝 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐜𝐨𝐝𝐞 𝐫𝐞𝐯𝐢𝐞𝐰 𝐭𝐨𝐨𝐥 by Arm's Product Security team to detect subtle vulnerabilities, improve secure coding practices, and reduce review fatigue.

Already had some success with this completely accidentally (as always). I would highly recommend building yourself a quick reusable turbo intruder script to perform your normal recon and fuzzing at the start of your testing. I can imagine you'll find far more leads this way!

If you're hacking web apps in 2025 - you absolutely need to know about CORS. CORS is a browser security mechanism that allows a web page from one domain to safely request and receive resources from another domain, which is normally forbidden by default by the same-origin policy.

Want to experiment with Anomaly Rank on arbitrary requests anywhere inside Burp Suite? Nick Coblentz made an extension for that! Try it out here: github.com/ncoblentz/Burp…

🚀 Shadow Repeater just got a big upgrade! It now detects response timing differences. thespanner.co.uk/shadow-repeate…

"Burp AI can bring up a new generation of hackers faster and more effectively.​​​​​​" In his new article, hAPI_hacker explores how Burp AI: 🔬 Analyzes requests and adapts when attacks fail. 💬 Explains findings in clear language. 💪 Enhances human decision-making. 👉

HackFriday starts now JavaScript for Hackers is on sale for $13.37 and the deal runs past Hack Friday Boost your payload skills and sharpen your hacking game Grab it while it lasts 🔥 amazon.com/JavaScript-hac…

We have a copy at the office now. Just get it, it's great!

This is both hilarious and an educational read!