🧩 100 Things Every Bug Bounty Hunter Should Check on the API Level HTTP methods allowed Missing or weak authentication Missing or weak authorization JWT signature verification bypass Token reuse after logout Hardcoded API keys API key leakage in responses Rate limiting

tell me any better XSS methodology than this 😎 Explanation: This oneliner command starts by collecting all URLs from passive sources using gau tool, then filters them for potential XSS parameters using gf patterns. Next, httpx and grep are used to keep only URLs that return

New Android BEERUS framework for dynamic analysis & reverse engineering BEERUS brings Frida auto-injection, sandbox exfiltration, memory dumps, Magisk integration and more for on device app analysis by @HakaiOffsec #AndroidSecurity #Frida #ReverseEngineering #MalwareAnalysis

just found out AI can now see through walls using WiFi signals. > privacy is the greatest myth of 21st century.

Some good tools for doing DNS enumeration: https://t.co/d9HCvb3DuG https://t.co/dAGGISNxVa https://t.co/PI7XsP9eBQ https://t.co/VKBMt32e0k https://t.co/PPKJXhc52Y

How to solve a CTF challenge that requires PAC, BTI, and relative vtables bypass (HITCON CTF 2025) https://t.co/LZDFojees7 Credits @bruce30262 #infosec #ctf

GitHub - stuxctf/PAYGoat: PAYGoat is a banking application built for educational purposes, focused on exploring and understanding common business logic flaws in financial platforms.

Discover smart business solutions, network, and innovate the future. #OdooMombasa #innvousodoo

Today's the day, and all roads lead to Sarova Whitesands Beach Resort! See you at the Odoo Business Show Mombasa 2025. #odoomombasa #innovusodoo

🎁Monthly Giveaway🎁 Hack The Box 6-month VIP+ - Follow, Like, and Retweet to join! - Winners will be picked randomly on 5 June. #hackthebox #giveaway #projectsekaictf

Undetectable WebShell https://t.co/MNCLbvjdMu

Built Synqs, a simple tool to sync multiple calendars so people only book you when you're actually free. No overlaps. Generate a booking link, share it, and you're good. Try mine 👉 https://t.co/y9Xny5VyLw Want early access? DM/email me. Self-host? 👉

xsubfind3r: Give It a Spin! It doesn’t interact directly with its target , minimizing detection risks while uncovering subdomains. The subdomain list you get from a tool like xsubfind3r is more than just a bunch of hostnames, it’s a roadmap to a target's external footprint.

A Ugandan leader went for cancer treatment in Germany but built a grand church back home when he recovered, not a hospital. Sam Kutesa even invited President Museveni to open it

#Defcon33 is here with us & thanks to @BlackInCyberCo1, we get to showcase the best from the international community. If you are a challenge creator & wish to contribute, please #ping @JonesBaraza or DM. @CTF_Room is once again privileged to be a #CTF partner alongside @KC7cyber.

Linux Kernel Vulnerability Exposes Local Systems to Privilege Escalation, PoC Published

Lazarus Group use PumpFun to vanish $1.5B They launched #500000 and vanished $44M I spent 10h to reveal their laundering scheme Here's what's happening and what's next👇🧵

Bybit’s $1.5B hack is bullish - Lazarus has diamond hands. Led by Park Jin Hyok, now wanted by the FBI. They’ve just drained $1.46B in staked ETH & ERC-20 tokens from Bybit, making it the biggest crypto hack ever, twice the size of the second-largest breach. How did they pull

Excited to be attending #DevSecCon2024 at Sote Hub! A great opportunity to dive into the world of #DevSecOps, learn cutting-edge security practices, and connect with like-minded tech enthusiasts. Let’s secure the future, one code at a time. #sotehub #DevSecCon2024

Locked in #DevFestPwani #DevFest2024