New Video Out 🙌 In this one i explained how hackers use the Dev tools to find client side bugs, and bypass restrictions. And to not only focus on theory, i have used the dev tools live to find 2 vulnerabilities. Hope you guys will enjoy it 🫡 youtube.com/watch?v=bVL_m0qe…

Hackerone's export as pdf Feature is not working, and has not been working for weeks now. So i decided to vibe code a better version of it: github.com/Magn4/A-working-e…

So, do you want to do Bug Bounty in Mobile Apps? 💰📱 🤔 Frida maybe a headache with actual modern RASP protections, so I published my personal method to Bypass SSL Pinning on Play Store Android Emulators WITHOUT Frida!👇 #bugbountytips #bugbounty #hacking mfumis.com/posts/bypassing-s…

Craaaazy stuff

Had a Self-XSS chain that I struggled to exploit alone, but after some brainstorming and help from @J0R1AN, I was able to successfully exploit it using disk cache here is the writeup medium.com/@spoderx555/escal…

Its seems like this guy found something that could destroy the internet 🤯 hackerone.com/rcss?type=user

Hacking Meetup "Friendly Edition" 🇳🇱 vs 🇩🇪 The @Hacker0x01 Club Netherlands and HackerOne Club Germany are teaming up for a cross-club bug bounty competition - inspired by the HackerOne Ambassador World Cup. #BugBounty #Meetup (1/3)

A guide on how to use the most Underrated HACKING TOOL by @Magn4_ video: youtube.com/watch?v=bVL_m0qe…

2nd MVH in the bag at @Hacker0x01 H1-21 Live Hacking Event in Lisbon 🇵🇹

Found a very cool CSPT bug where a low privilege user can delete every account in the org the entire org itself with 0 interaction at all🔥 Thanks to @Magn4_ for explaining CSPT so well 👌 Need a writeup? Follow me on Medium 👇 mugh33ra.medium.com

Here is my intended solution for this small challenge. Please let me know if you have any other ones. I have used 2 screenshot, the first one explains what each part of the code does, and the second one shows the solution, and how it goes through the code. I would like to mention that the application that had this CSPT had a pretty strong WAF that blocked all of my path traversal payloads, so to bypass it i had to put it in the hash instead of using the query param as it doesn't reach the WAF and its still read by window.location.href Also, big thanks goes to @garethheyes for the nice code snippets tool (hackvertor.co.uk/snippet)

While looking into an application, i found an interesting piece of code that led to an interesting CSPT. And so i decided to share it as a mini Challenge. To solve this you need to take control over the whole path and query params of the POST request. You can run this code in your dev tools console on a website like example.com (see 2nd screenshot for how a successful exploitation should look like) I am interested in seeing how you guys would approach this, and hopefully learn new techniques. PS: I have changed some small details in this snippet to keep the original code confidential.

🚀 First @intigriti Bug Bounty Meetup Stuttgart was a success! 🇩🇪 🔥 great conversations 🔥 knowledge sharing 🔥 awesome atmosphere 🔥 hands-on hacking Huge thanks to everyone who joined 🙌 Next one coming soon 👀

Chained CSPT into full account takeover using a 2FA bypass technique I hadn't seen used in bug bounty before. whoareme.com/blog/cspt-accou…

A good tip for anyone hunting for postMessage vulnerabilities: While testing an app, I found a listener with a weak origin check that handled messages insecurely. The bug was accepted and fixed with a strict origin check. However, while reinvestigating the app, I found a different JS file that took an attacker controllable query param and used it to send the exact same postMessage internally. By adding my payload to that query param, I bypassed the new origin check and got a second bug. Moral of the story: Always look for internal postMessage senders that can act as a proxy. PS: The code below is just an example and is not the exact one I exploited

In this episode ive shared my small experience in client side hacking, so i hope you guys will enjoy it. And Thank you @SalhiMahdi72759 for the invitation, i had a really good time recording it.

Ok now this makes a lot of sense youtube.com/watch?v=fM7GIIyl…

First and hopefully not last Testimony on @Hacker0x01, This really made my day 😁😁😁