RT @thebinarybot: Here's a couple of things worth a try to get an IDOR Comment below if you've other useful tips & techniques. 🧵👇 #bugbo…

RT @securitytrails: Black Friday is here! Get FREE recurring API credits if you like + retweet this tweet. If we get up to 100 RTs everyon…

RT @securitytrails: Black Friday warmup🔥 Get a chance to win a SecurityTrails swag pack: Comfy t-shirt ✔️ Classic (and a favorite) hacker…

Finished my first week part-time bounty hunting with @synack on the @SynackRedTeam. It’s been an awesome experience and the VulnOps triage team is world class!

RT @RachelTobac: Hitting F12 in a browser is not hacking. If your code leaks personal data via public development tools that any person can…

RT @PortSwigger: 🎵 If you're having cert issues I feel bad for ya son, I got $99 problems but the bill ain't one...🎵 All you have to do is…

RT @nomanramzan91: Burp Suite > Proxy > Options > TLS Pass Through. Add these: .*\.google\.com .*\.gstatic\.com .*\.mozilla\.com .*\.googl…

RT @33y0re: Trying to get into .NET lately I ended up putting together a new project as a result. LittleCorporal is an automated Maldoc ge…

RT @jonasLyk: yarh- for some reason on win11 the SAM file now is READ for users. So if you have shadowvolumes enabled you can read the sam…

RT @_batsec_: I've written a tool to escalate from domain user to a full AD compromise using ESC8 by @SpecterOps. You can see in the pictur…

RT @_Hubbl3: Along with the release of our blog post on #XLSEntanglement we have published a git repo with POC code and some examples htt…

Got some feedback that a guide to customizing C2Concealer would be helpful, so this is part 1/3 in a series on how to customize our tool to automatically generate c2 malleable profiles for #cobaltstrike

RT @phraaaaaaa: Process Creation is Dead, Long Live Process Creation — Adding BOFs Support to PEzor Since the release of Beacon Object Fil…

RT @mrd0x: Finally ready! Check out to find out what file extensions are being used by attackers and in what way. D…

RT @0gtweet: Yet another comspec-based #LOLBin to be added to your blue- or red-tinted repos. For couple dozens of predefined commands, "he…

RT @PortSwiggerRes: alert() is dead, long live print() - by @albinowax and @garethheyes

RT @hakluke:

RT @s0md3v: If you find an SSRF vulnerability in an ASP application, try reading trace.axd file. It contains logs of HTTP requests, you can…