So I started a YouTube channel and started an iOS hacking series. Check it out! youtube.com/playlist?list=PL… I know I sound like a mong on it but hey, just trying to share some knowledge. I want go get out a new video every couple of days! #bugbountytips #bugbounty

you may think your app's service listening on localhost cannot be accessed by random websites. however, have you considered:

CVE PoC Search watchstack.io/intel/poc-sear…

4 days! Absolute piss take 😂

InfoSec: "Running random Docker containers is a massive security risk." The risk: Spawning a native window to play ASCII DOOM at 60fps.

Day 9 of #BugQuest! 🤠 Yesterday, we listed an overview of the primary ways to discover endpoints. Today, we're diving deep into one of the easiest and most overlooked methods: common configuration files. Files like robots.txt and sitemap.xml were designed to help search engines, but they often leak valuable information about application structure, including endpoints not referenced anywhere else on the target. Swipe through to see a few examples of config files to check and what they can reveal! #BugBounty #HackWithIntigriti #BugQuest

Next.js, cache, and chains: The Stale Elixir A nice work by @zhero___ This zero day brought web cache poisoning to the spotlight. His extensive research showed how source code analysis helped him craft a technique that resulted to CVE-2024-46982. Blog link 👇 zhero-web-sec.github.io/rese…

burp-ai-agent v0.4 github.com/six2dez/burp-ai-a…

I finally let Claude do my pentest this week. Full 5-day engagement, zero human input. Here's what the client got: 😏 clawd.it/posts/10-replaced-b… #bugbounty #pentesting #AI #cybersecurity #infosec #claudeai

4️⃣ JSAnalyzer JSAnalyzer by @_jensec automatically extracts API endpoints, secrets, URLs, and sensitive files from JS responses, with smart noise filtering to reduce false positives! 🤠 🔗 github.com/jenish-sojitra/JS…

reconftw v4.1 github.com/six2dez/reconftw

Built WinGraph, my new project - a BloodHound-style dependency visualizer for every binary in Windows System32 directory. 4,000 DLLs, EXEs. Every import. Every export. One interactive graph. Check it out now : wingraph.m0n1x90.dev/

Reverse engineering Zomato's Android app: Bypassing SSL pinning to find plain-JSON MQTT credentials medium.com/@jatin-dot-py/i-r…

🔥This is a continuously updated pentesting wiki by @Six2dez1 offering tools, techniques, cheat sheets, and guides covering recon, enumeration, web, cloud, mobile, Windows/Kerberos, and Burp Suite. Link: github.com/six2dez/pentest-b…

Using AI to Do Simple Reverse Engineering blog.huli.tw/2026/03/01/en/r…

Tired of hitting 403 errors during your security testing?  NoMore403 by @devploit automates bypass techniques to get past those pesky restrictions.  Try it at 👇 github.com/devploit/nomore40…

Anyone here big on the @msftsecurity programs? I have a few questions about a bug that I've found

Which 'lesser-known' tool in your arsenal gives you a competitive edge? 👇🤖

OWASP Noir just reached a major milestone: 1k stars! 🎉 I feel so honored to see this project grow. To every contributor and user who has supported Noir, thank you for making this possible. I'm excited for what’s next :D github.com/owasp-noir/noir #OWASP #Security