Pinned.

After months of preparation, countless hours in the lab, and learning experiences, I am excited to share that I have successfully passed the @offsectraining Offensive Security Certified Professional (OSCP) certification! to my study partners @Olufela_Jr @pinedamian thanks.

If you’re African, develop a habit of reading research papers in your domain, especially now in the AI era. Courses are great and all but you get to a point you start to see patterns emerge, things become cyclical and repetitive especially if you’re like me and you care more about the knowledge. Research papers show you what people are experimenting with and what their results are. They show you where the industry is headed and the pieces being figured out and if you’re lucky or simply just badass enough, you’ll see a connection that nobody else has seen and you just might be positioned to act on it faster or in a better way than most since it’s in your domain anyways.

I've never sen anything more accurate

Join in.

And yes AI does scare me, we will likely go through some pretty scary/bad shit to get to the end result. I'm sure the Industrial Revolution was not all sunshines and rainbows. I have a lot of friends that are close to having AI discover some major vulnerabilities. The only thing that appears to hold them back are exploit mitigations, like Opus not knowing a good memory leak to make an exploit reliable. However, the "baddies" could probably easily weaponize it. The friends I have are just doing it for the lulz and to see what AI is capable of (and are trying to submit things to get fixed). I am really anxious to see what happens when the next model drops, will people sitting on dozens of "almost exploits" suddenly get fully working exploits? No idea. The thought scares me but the exploits exist, the "Dual Use" (good/bad) of "cyber" definitely feels like being stuck between a rock and a hard place. Do we try to set AI Back and accept that our software has vulnerabilities, hoping no one finds them? Or do we rip the band-aid off, accept there will be tough times but know eventually the defenders will surpass the attackers? I don't want to downplay @dez_'s work with discovering the Axios Breach. But it really seems like a night of vibe-coding a monitor on public code repositories stopped a catastrophic attack. Pretty sure PyPi has been in the news every year for literally a decade due to someone getting a backdoor into a major library. For some reason, we haven't been able to put great monitors in place and I honestly think some crazy prompting/idea from him could have increased security there more than we had for a decade... That's crazy progress/hope. x.com/dez_/status/2038956586… (3/3)

A 'TECH JACKET" spin-off set in the universe of 'INVINCIBLE' has been greenlit. Releasing in 2027. (Source: bit.ly/47xSuVN)

An absolute goldmine for bug bounty hunters 👀💥 A massive collection of real, disclosed HackerOne reports — organized by vulnerability type, impact, and target 🎯 If you want to go beyond theory and actually understand how real-world exploits work… this is it. Study patterns. Learn impact. Hack smarter. 🚀 🔗 Source: github.com/reddelexc/hackero… #BugBounty #InfoSec #CyberSecurity #EthicalHackin

Anthropic tried to kill 8,100 GitHub repos. Then this happened > They filed a DMCA. GitHub nuked the entire network within hours. Developers got notices for forks of Anthropic's OWN public repo - one guy's fork had zero leaked code. > Boris Cherny, head of Claude Code, had to go on X personally: "This was not intentional. Should be better now." > Meanwhile Sigrid Jin - who used 25 billion Claude Code tokens last year - woke up at 4AM and rewrote the entire thing in Python before sunrise. DMCA can't touch a clean-room rewrite. > It hit 50K stars in 2 hours. Fastest repo in GitHub history. > Today claw-code officially launched as an independent project with a formal press release. And the Rust port merged today - what started as a panic rewrite now ships release 0.1.0. > 140K stars. 102K forks. More than Anthropic's own repo. > 512,000 lines are in the wild forever. What started as Anthropic's biggest embarrassment just became their most dangerous competitor. You cannot make this up.

When Nigeria tech twitter wakes up Y'all should check if you have been compromised axios had a supply chain breach

Instead of downloading and unzipping the whole codebase, here’s a detailed, structured view of every file and folder so you can explore it like a product, not a zip dump: claude-code-info.vercel.app/

TO WHOM IT MAY CONCERN, For those planning to apply for a Schengen Visit Visa: One of the most common reasons for VISA REJECTION is a lack of sufficient proof of ties to your home country. If you are employed, please submit a SIGNED LETTER OF LEAVE from your company. If you are a student, include your ENROLLMENT CONFIRMATION. If you're an artist, the embassy just needs to see that your creative life and income are rooted at home. Since you don't have a boss to sign a leave letter, show them your tax ID or business registration and a link to your portfolio to prove you’re a pro. The best "tie" you can give is future work. bring signed contracts, gallery dates, or posters for shows you have lined up for when you get back. It proves you have a career waiting for you that you can't just walk away from. The embassy carefully checks that you’ll return after your stay. Best wishes!

🔥 bug bounty resource: Galaxy BugBounty Checklist — a massive, structured playbook covering everything from XSS, SSRF, APIs to cache bugs & more. Not just a checklist… it’s basically a mindset for systematic hunting. If you're doing bug bounty and missing bugs, this might be why 👇 github.com/0xmaximus/Galaxy-… Use it smartly, not blindly. That’s where the real wins are. #BugBounty #InfoSec #CyberSecurity #WebSecurity

Claude code source code has been leaked via a map file in their npm registry! Code: pub-aea8527898604c1bbb12468b…

if you think im just some dumb dumb thinking claude can find bugs and all my examples are wrong, just watch 15 min of this talk 😝 youtube.com/watch?v=1sd26pWh…

JWT Security Resources 1. JWT Introduction - jwt.io/introduction 2. JWT Attacks - portswigger.net/web-security… 3. OWASP JWT Cheat Sheet - cheatsheetseries.owasp.org/c… 4. JWT Vulnerabilities Guide - pentesterlab.com/blog/jwt-vu… 5. JWT Best Practices - curity.io/resources/learn/jw… 6. Exploiting JWT - intigriti.com/researchers/bl… 7. JWT Attacks Writeup - infosecwriteups.com/attacks-… #CyberSecurity #JWT #WebSecurity #BugBounty

Just came across this clean browser-based bug bounty toolkit 👀 hackermd-toolkit.netlify.app… It’s basically a well-organized collection of recon vuln testing commands you can copy-paste instantly — no setup, no clutter. Good for: • Quick recon workflows • Remembering tool chains • Speeding up hunting sessions Not a scanner. Not automation. Just a solid command hub 🧠⚡ Use it smart — not blindly. Real bugs still need real thinking. 💀 #BugBounty #CyberSecurity #Infosec

We just open sourced our AI vulnerability scanner 🔥 👉 github.com/0din-ai/ai-scanne… Built for the reality that GenAI security isn’t static: • jailbreaks & prompt injections evolve weekly • agents introduce new attack surfaces • most issues aren’t caught until prod The scanner: continuously probes models with real-world attacks tracks vulnerabilities across LLMs agents turns findings into repeatable security tests Powered by the same pipeline behind 0DIN’s bug bounty threat intel feed. If you're building with AI, you need adversarial testing not just evals. PRs welcome.

Keep your eyes peeled on these endpoints. 👀 /login ➡️ authentication bugs /reset-password ➡️ATO /upload ➡️ RCE /api/v1/user/1001 ➡️ BOLA /search?q=query ➡️ Injection bugs /view?file= ➡️ SSRF /admin ➡️ internal access Which endpoint have you found the most bugs on? 👇

Best way to grow in this industry: share what you learn publicly. Write a blog post about that weird bug you found. It doesn't have to be groundbreaking. Someone out there needs exactly that piece of knowledge right now. My career in cybersecurity started with a blog about my OSCP experience.