Congratulations to @ethicalerik @md_sh3z4n @iam_elang0 and @dchiqui1990 for clearing our Certified Red Team Professional exam! #ADLab #CRTP #AlteredSecurity cc @nikhil_mitt https://t.co/sNUkKHxejc https://t.co/Ieu8xslU8q

Was looking into DOM XSS today and found this resource. It contains research and articles on advanced XSS cases, including the payloads♟️ https://t.co/6gMrgJl4Oy

Altered Security Diwali Giveaway! Win FREE access to: • 1 CRTP seat • 1 CARTP seat How to participate: • Like • Comment & tag your Red Team buddies! • Repost Winners will be randomly announced on October 25, 2025 Our Diwali offers are already live - up to 25% OFF on Red

Use NextJS? Recon ✨ A quick way to find "all" paths for Next.js websites: DevTools->Console console.log(__BUILD_MANIFEST.sortedPages) javascript​:console.log(__BUILD_MANIFEST.sortedPages.join('\n')); Cred = https://t.co/4hiJXDNlmU #infosec #cybersec #bugbountytips

Want to sharpen your SSTI, cache poisoning or business logic error skills? 🧠 The hunters who topped our 2024 leaderboards for these CWEs – @LdrTom, @c0dejump and @kto_94_ – kindly shared their best-practice tips with us 👇 #BugBountyTips https://t.co/5X60u1PuCI

Shout-out to the amazing cybersecurity experts who took on our free mobile security labs and cracked them!💥 Special thanks to: @c3p70r – among the first to dig in & spread the word about us @md_sh3z4n – first to solve “AndroDialer: The Ultimate Phone Experience” @f0rk3b0mb –

Giveaway brought to you by @hackinghub_io: 5x Blind XSS vouchers 5x Web Exploitation vouchers How to enter: 1⃣ Follow @BugBountyDEFCON + subscribe to our YouTube channel 2⃣Follow @hackinghub_io 3⃣ ❤️+🔃 this post 4⃣Comment this post Winners will be picked on Friday 8/29

GIVEAWAY!! 🔥 Hacker Summer 2025 giveaway! We are giving away a total of 2 seats for any of the highly coveted on-demand courses by @AlteredSecurity To participate - Like👍, Repost🔁 and Comment💬 the course/certification name, what makes it useful to you and follow

Hacker Summer 2025 giveaway! I am giving away a total of 3 seats for any of the highly coveted on-demand courses by @AlteredSecurity To participate - please Repost, Comment the course/certification name, what makes it useful to you and follow @nikhil_mitt and @AlteredSecurity

Excited to share that I successfully completed the AndroDialer exploitation challenge by @8kSec. After submitting my exploit, the @8kSec team replied: "Congrats on being one of the first to complete the challenge!" — that honestly made my day. #CyberSecurity #Security #hack

Want to dive into forgotten bug bounty write-ups and blog posts from some of the most notable hackers in our community? 🧐 We promise that you will learn a thing or two about web security! 🤠 In this issue, we feature 5 compelling articles (that are still relevant today) from

https://t.co/e8wLSxMs4T

Excited to share my first technical write-up on attacking an Active Directory environment (Nagoya from @offsectraining's Proving Grounds). Followed TJ Null’s OSCP checklist to tackle Kerberoasting, lateral movement, and privilege escalation. Great learning experience!

10 Burp extensions I actually use... BUT none of them are in the top 30 most popular in the BApp Store! I get tired of seeing the same extensions come up in "top 10" lists. Here are some hidden gems you might not have tried... yet. In no particular order. 🧵👇

🚀 𝗔𝗻𝗱𝗿𝗼𝗶𝗱 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗖𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲- 𝗠𝗶𝘀𝗰𝗼𝗻𝗳𝗶𝗴𝘂𝗿𝗲𝗱 𝗔𝗻𝗱𝗿𝗼𝗶𝗱𝗠𝗮𝗻𝗶𝗳𝗲𝘀𝘁.𝘅𝗺𝗹 ** Like, Comment, Repost, and 3 lucky winners will get 100% discount on our CMPen- Android exam!** 🕵️ 𝗧𝗼𝗺'𝘀 𝗦𝘁𝗮𝘁𝗶𝗰 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀

Our sponsor @TheSecOpsGroup just upgraded their Active Directory Pentesting exam, they have now rolled out C-ADPenX v2! Their exams top-notch, hands-on, realistic, and relevant. If you’ve been thinking of upskilling or validating your offensive security skills, now’s the perfect

How to grab all Graphql query/mutation if introspection disabled? 1. Download all js files to directory js_files 2. Run this command: grep -Eo '(query|mutation) [a-zA-Z0-9_]+\(' js_files -R 1/n #bugbountytips #graphql

“Account Takeover using SSO Logins” by Rikesh Baniya https://t.co/NraShTmauA

$2,500 Bounties in GraphQL Hacking! Started learning GraphQL security in Feb and picked a HackerOne program—luckily, it was all GraphQL! Found multiple bugs, including two high-severity ones which I wrote about. Read here: https://t.co/m7YOM8z4Wo

CSRF Bypass Techniques ! 1. Token Manipulation: - Remove the entire CSRF token parameter or just its value. - Replace the token with a random one of the same length. - Try using a token that is one character longer or shorter than expected. - Inject the