If you are tired of googling for #BugBounty writeups, I made a little tool that lets you search writeups easily. You can also pull the search data in JSON format if you need it. #cybersecurity #bugbountytips #infosec #100DaysOfCode

Do you want me to revive the newsletter? It was last sent 4 yrs ago 😂. The newsletter would be aimed at filtering out the crap and giving content for notes. Ideas I have:.Interesting techniques, payloads, etc. from content I consume. What I want to avoid:.Information overload.

Vulnerable app for learning web, android, API and LLM security 👇.

It includes practical scenarios like. 🔐 Authentication Testing. SQL Injection: Attempt SQL injection in the login form. Weak Password Reset: Brute-force the 3-digit PIN for password resets. JWT Manipulation: Test for vulnerabilities in JWT token handling. Username Enumeration:.

This is 🔥 👇. Open source vulnerable banking application that teaches you not 1 but 4 different types of skills!. - Mobile security (mobile app). - Web security (website). - API Security (API integration).

Useful primer for beginners on meanings of request headers and responses.

screenshotted the magical number before it goes any higher 📈

Join the community now!.

I find it weird that SSL and TLS are grouped together as "SSL/TLS" like they are some kinda partners in crime. Even by Big 4 auditors in their reports. ffs, SSL and TLS are vastly different as protocols. Someone skipped the cryptography 101?.

🐛 The #BugBounty hunting community is live, and yeah. Anyone can join. I'm not gate keeping it! . The idea is to share valuable resources that helped you. Focus on sharing quality articles. End of every month I am targeting to include specific ones on.

unwillingly took the jump to premium to bypass the engagement shadow ban, does it work?

Apparently, there is a new kind of marketplace for red teamers and pentesters to sell advanced techniques, exploits, payloads, etc. Is there a market for this? I reckon such sellers would already have known trusted channels to go through.

"DO NOT HIGHLIGHT ANY NEGATIVES" 😂👌. Careful when you ask LLMs for analyzing papers.

Example use case:. Used this 4 years back to find a few cases of Log4j RCE in a pentest target by utilising Match & Replace rules.

10 Burp Power user tips:. #2. Match and replace. reminder that it is still relevant as a Burp Power user.

POV: You deep into the game, and someone randomly drops a shell into your PC 🤣. You'd be shell shocked. #cybersecurity #infosec.

On a separate note, you gotta admire the social engineering skill to ace that many interviews, and hold onto the jobs coasting for months? . This dude's a smart ass, he'd be a killer red teamer.

It should be a wakeup call to those that it costs way less to setup basic playbook for background, reference checks and security policies.

Your "giga chad 10x engineer" might just be one guy working 10 jobs at once. Quick back of the envelope calculation: at just $100k average salary per job, that's. $100k * 10 = $1M ARR (annual run rate). Isn't that more profitable than many YC startups?. #Startups #CyberSecurity

RT @nmatt0: Whether AI hype is real or not, the best path forward is to find a niche and go deep. Focus on what you can control and ruthle….