I just published Scary Bug in Burp Suite Upstream Proxy Allows Hackers to Hack Hackers

1 Click. 0 Warnings. Infinite Regret. 😵‍💫 What if your mic, cam & location got hijacked without a single alert? Yeah… Armaan Pathan isn’t here to scare you — he’s here to show you how it’s done. 🧠💻 🎯 Tech Talk: "1 Click, 0 Warnings: Hijacking mic, camera & geolocation via

Hello Pakistaniyo

🚨 Actress Diane Keaton’s Cause of Death Revealed Read more

🐺 Proud to share my 2024 #HackerOne journey! 232 vulnerabilities reported, 6 critical findings, and a whole lot of learning along the way. Special focus on access control and web security. Here's to making the internet safer, one bug at a time! 🚀 Thank you @Hacker0x01 for the

🚨🚨🚨Big Announcement! Introducing On-Demand Mobile Security Courses🚀 We’re thrilled to announce the start of pre-registration for our On-Demand Courses! At 8kSec Academy, you can advance your Mobile Security skills and earn certifications anytime, from anywhere🌍 Available

Checkout our new blogpost! In this post we talk about SAML and the recent Ruby-SAML Auth bypass. CVE-2024-45409: Ruby-SAML Auth Bypass in GitLab https://t.co/VYZ3YG0oXD

August was a productive month. While I didn't hit my 30k USD target, I did discover some excellent puzzle-solving business logic and BAC issues.

Yay, I was awarded a $10,250 bounty on @Hacker0x01 for reporting multiple BACs! https://t.co/a8QZVJ0uEx #TogetherWeHitHarder

In August, I submitted 23 vulnerabilities to 4 programs on @Hacker0x01. #TogetherWeHitHarder

I was diagnosed with ALS a year ago. I am fighting this disease with everything I have, while still managing the Zoom BBP! To raise funding for ALS, I am participating in the ALS Walk in Denver on October 6, 2024. If you'd like to help, go here

I recently uncovered significant XML External Entity (XXE) and Server-Side Request Forgery (SSRF) vulnerabilities while hunting in a private bug bounty program. These flaws in Tibco WebFOCUS Reporting Server and Epson ePOS Printers allowed me to exfiltrate sensitive data,

In April, I submitted 59 vulnerabilities to 8 programs on @Hacker0x01. #TogetherWeHitHarder

Learn inner workings of XPC communication between processes on iOS, intercept and modify XPC messages for advanced insights - https://t.co/Z6QEBUncOB Follow us on social media.#Frida #iOSsecurity #XPC #CyberSecurity #MobileSecurity

I've made $500k+ from SSRF vulnerabilities. Here are my tricks:

It’s incredibly frustrating when you can't sign up, and the client assigns credentials and other bug bounty hunters to change your password or delete your account while executing test cases. Fellow researchers, please consider the impact on others before making such updates or

In March, I submitted 62 vulnerabilities to 6 programs on @Hacker0x01. #TogetherWeHitHarder https://t.co/iOOKjJC12S 😎😎😎

Yay, I was awarded a $5000 bounty on @Hacker0x01 for reporting multiple bugs! ❤️ https://t.co/a8QZVJ0uEx #TogetherWeHitHarder

In February, I submitted 15 vulnerabilities to 3 programs on @Hacker0x01. #TogetherWeHitHarder

Just published a Burp Suite extension I wrote for @TomNomNom's tool jsluice🥳 jsluice++ allows you to scan traffic from Burp Suite's Sitemap/Proxy using jsluice while providing a user-friendly UI for easier results inspection and more🔍 Check it out 👇 https://t.co/vkFif1Xyvd

Setting Up an iOS Pentesting Lab on a Non-Jailbroken iDevice