Next stop: London for Black Hat Europe! 🇬🇧 Curious to meet the @yeswehack team, learn more about our Bug Bounty platform, and grab some cool swag? 😎 Come say hi on booth 621, December 10-11! 📅 👉 More info: https://t.co/AdMoMYofpF @BlackHatEvents #BHEU

Burp AI 🤝 Burp Intruder Generate and run Intruder attacks just by prompting Burp AI. It will make a quick list of payloads that you can run straight away or fine tune through Intruder.

If you found a package.json file in the wild, you might find some internal packages vulnerable to a dependency confusion attack 👀 Check for it quicker using this cool new tool by JSMon: https://t.co/zjdmSzRfqy 👇

XBOW raised $117M to build AI hacking agents. Now someone just open-sourced it for FREE. Strix deploys autonomous AI agents that act like real hackers - they run your code dynamically, find vulnerabilities, and validate them through actual proof-of-concepts. Why it matters:

These three extensions will definitely help and save you time during your bug hunting process: Fake Filler, Code Formatter: js, css, json

🎉We thought the best way to celebrate our revamped SOC L1 Learning Path… is with a GIVEAWAY for the community! Because if we level up… you should too. 🚀 How to enter: 1️⃣ Like this post 2️⃣ Follow TryHackMe 3️⃣ Repost/share to your socials 4️⃣ Tag someone who needs to start

Bypass WAF . . "><?/script>"><--<img+src= "><svg/onload?=alert(document.cookie)>> --!> . "-->""/>0xr3dhunt</script><deTailS open x=">" ontoggle=(co\u006efirm)``>" . "-->""/>0xr3dhunt</script><deTailS open x=">" ontoggle=(co\u006efirm(document.cookie))``>" #infosec #bugbountytips

Ever heard of Frida CodeShare? 🎯 It's a community repository featuring pre-built scripts for SSL pinning bypass, root detection, crypto hooks, and more - ready to load instantly. Learn more about Frida in our guide 👇 #BugBounty #BugBountyTips https://t.co/w5HT81dboK

Public APIs: A collective list of free APIs GitHub: https://t.co/0yInG9obgo Video: Boss AI Automations

Our Halloween contest has come to an end! ⏰ Thanks to everyone who joined the fun - and big congrats to @OX0DAYS, who just won a swag pack! Check your DMs 👻 We're counting on you to wear your best @yeswehack outfit for Halloween next year!

Last-minute costume idea: hacker at @YesWeHack 🕷️💻 Don't have what you need? Try your luck to win a swag pack! To enter: 👉 Follow us 👉 Comment your fav Halloween emojis Winners (one here, one on LinkedIn) will be announced Monday, 11AM CET. Good luck, spooky hackers! 💀

Why IDORs are the perfect bug for beginners (with @insiderPhD)👇

Yeeeeah you could manually figure out a payload for DOM XSS... or you could just ask Burp AI to do it for you.

Found an XSS but got blocked by the CSP? https://t.co/0aA3GyIOVz has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇

Hi everyone! I just built a WaybackURLs extension that saves you a ton of time when gathering archive URLs. it supports main domains, wildcards, specific paths and sensitive file extensions. Give it a try and let me know your feedback! https://t.co/vezBMPFpgp

i just Updated my XSS article: added some cleaner, more effective one-liners and integrated DalFox one-liners that support extra options. Check it out. https://t.co/6rXHUfzSZY

Perfect for IDOR hunts, messy APIs, and anyone buried in requests! 🔎 Find more helpful tips here: https://t.co/CU9YqETz2P

IDORs in a nutshell with @insiderPhD 👇

tell me any better XSS methodology than this 😎 Explanation: This oneliner command starts by collecting all URLs from passive sources using gau tool, then filters them for potential XSS parameters using gf patterns. Next, httpx and grep are used to keep only URLs that return

Why spend time manually converting JSON to XML to test for XXE? Just ask Burp AI in Repeater: it handles the transformation and delivers the exploit. @NahamSec demonstrates this massive shortcut for finding complex, overlooked bugs. 👇