Excited to announce that the course is now LIVE! 🔥 🥳 Get INSTANT access to ALL modules and start your path to landing your first pentest job NOW!.Discount expires after Black Friday.

This #BlackFriday, I am giving away my course "Hack like a white hat" for the first 1k students on Udemy. Available until 29th. Enroll, learn, and don't forget to leave a feedback! Enjoy:

Next week I will be in NYC. What places do you recommend for food? I heard fast food is a must try. Leave me your replies.

Interesting. .

🕵️‍♂️Love a good CTF with a twist?👀Dive into this video where I leverage log poisoning, unveiling the dark secret of a notorious corporation.🕵️‍♀️📽️ #CTF #LogPoisoning #MustWatch.

RT @Yassineaboukir: extremely saddened by the tragic and deadly 6.9 magnitude earthquake that hit home in Morocco 🇲🇦 the death toll has alr….

RT @vysecurity: DevTunnels, blue are going to begin searching for Get ready ahead of time and use domains like:. g….

I always had a background voice that some hacker will deface my apps when I was a developer. It was my main motivation to learn web hacking. Today, I am sharing how it's done so you secure yours. #webdevelopment #ethicalhacking .

RT @MDSecLabs: In our latest post, @breakfix details how we were able to publish a malicious VSCode extension to the marketplace and levera….

RT @vxunderground: We would like to express our condolences to Blue Teamers. Microsoft has announced Microsoft Excel will now support Pyt….

ehmm. attack chain*.

At the beginning of my #Hacking journey, I struggled with Active Directory. Years later, here is a humble contribution to the community: becoming Domain Admin using a classic chain attack.

Found an accessible SMTP server without authentication during an engagement. What do you think I did? 🤔

I never wanted having an Instagram account, and when I did, I will NEVER want to create one.

I invest days prepping #redteam pretexts and scenarios, only to find that the customer's email policy blocks new domains🤦‍♂️.@Flangvik @domchell what's your strategy for maintaining a good domain reputation to use for upcoming engagements? Or just switch to social media?.

I think I just found a Cloudflare #XSS bypass, and customer trusted the WAF. The app was using jquery, so I leveraged it to get and run my own script. And the WAF saw nothing.

#Pentesting guys out there, I have a GET param that gets injected into a HTTP call. I have path traversal and can only control the path of the backend API, not the hostname. I have direct access to the API, so fuzzing the API is irrelevant. Any exploitation ideas? RT for reach.

Only one spot left! Go get the last coupon! .It goes without saying that if you are already a pentester, don't even bother with challenge 🙃.

One spot claimed, two spots are waiting for two curious minds.

There is a happy surprise inside📦.

Episode 2 is up! I read the code to understand and bypass a SQL injection.