Wahid Fayad

Still learning every day. The climb in mid December and finishing #3 (bbp) in Australia feels unreal. Very grateful for the journey. Accomplished this year: - XXE on a major social platform - ATO on a major AI - PII leaks - CPDoS across 50+ programs - A valid Google report which affected thousands of domains In 2026 I’m finally reading all my writeups so I can clear all my bookmarks, because this is getting ridiculous😄

I published one of the techniques that I've been using against OAuth providers, honetly, it's led me to discover many flaws, and recently I used it to find a 1-click ATO on one of the most widely visited websites,I hope you find it useful :-) blog.voorivex.team/story-of-abusi…

Spent a week testing AI for vulnerability research. 14 confirmed bugs in 20 min on one target. 5% hit rate on a hardened one. Same AI, same setup. 4 approaches, what worked, what failed, why target selection matters more than model sophistication. xclow3n.github.io/post/7

We got frustrated with dealing with vendor dependencies when reverse engineering large applications. @ITSecurityguard from @SLCyberSec’s Sec Research Team built Hyoktesu to solve this problem forever: github.com/assetnote/hyok… - releasing this today! Blog: slcyber.io/research-cente…

I have been doing bug bounty since 2011 and ran a program for a multinational bank. Put everything I've learned into bugbounty.info. Target selection, recon pipelines, chain patterns, report templates, the business side. Free, no paywall, no course upsell.

Added 3,600+ publicly disclosed HackerOne reports that paid a bounty to the MCP. 👇 github.com/PatrikFehrenba… This should help Claude to decide where to focus on, what attack surface was looked at before, and where new vulnerabilities could be 👀 (in theory 😏)

A really nice Cross-Site Leak writeup.  XSS-Leak by @salvatoreabello For client-side hackers, you would love this in your arsenal because it relies on browser architecture (Chromium) rather than a specific implementation bug in a website. Since Google marked it "WAI" (Works As Intended), this vector is still open for further exploration. Blog 👇 blog.babelo.xyz/posts/cross-si…

أَلْهَىٰكُمُ ٱلتَّكَاثُرُ Competition in [worldly] increase diverts you حَتَّىٰ زُرْتُمُ ٱلْمَقَابِرَ Until you visit the graveyards [Qur'an - At-Takathur - 1/2] Less than 10 days before the end of this blessed month of Ramadan, the final stretch

Discovered 3 HTTP request smuggling vulnerabilities and 1 cache poisoning vulnerability in Cloudflare’s Pingora reverse proxy, all exploitable under the default configuration. These issues resulted in 2 Critical CVEs and 1 High-severity CVE. xclow3n.github.io/post/6

Turning Almost Nothing into a Supply Chain Compromise of Angular with GitHub Actions Cache Poisoning adnanthekhan.com/posts/angular-… #BugBounty

@NahamSec 2️⃣ @infosec_au's So, you want to get into bug bounties? shubs.io/so-you-want-to…

It's time for sharing, this is not a simple write-up, we are sharing our methodology and reasoning, detailing how we approached and hunted the flaw, I hope you like it :] blog.voorivex.team/uxss-on-samsun…

We said we'd sit down with @Hacker0x01 to ask all the hard questions, and we did! In the episode below you'll find everything you wanted to know about whether or not your reports are being used to train LLMs, ToS changes, plans for the future and more! youtu.be/Pa4wWv_ONjM

@zhero___ Ramadan Mubarak bro ❤️

spent hours exploring different approaches to improve the exploit and the result is quite promising; report updated I take this opportunity to wish ramadan mubaarak to my fellow believers, enjoy it fully!

𝗥𝗲𝘀𝗲𝗮𝗿𝗰𝗵 𝗪𝗼𝗿𝘁𝗵 𝗥𝗲𝗮𝗱𝗶𝗻𝗴 - 𝗪𝗲𝗲𝗸 𝟳, 𝟮𝟬𝟮𝟲 Parser Differential, TypeScript and AI ⨐ 𝗕𝗿𝗲𝗮𝗸𝗶𝗻𝗴 𝗗𝗼𝘄𝗻 𝗖𝗩𝗘-𝟮𝟬𝟮𝟲-𝟮𝟱𝟬𝟰𝟵: 𝗛𝗼𝘄 𝗧𝘆𝗽𝗲𝗦𝗰𝗿𝗶𝗽𝘁 𝗧𝘆𝗽𝗲𝘀 𝗙𝗮𝗶𝗹𝗲𝗱 𝗻𝟴𝗻'𝘀 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 A great explanation of the recent vulnerabilities impacting n8n. If you are working in security on TypeScript projects, it's a must read. hetmehta.com/posts/n8n-type…. ⚒️ 𝗜𝗻𝘁𝗿𝗼𝗱𝘂𝗰𝗶𝗻𝗴 𝗔𝘂𝗴𝘂𝘀𝘁𝘂𝘀: 𝗢𝗽𝗲𝗻 𝗦𝗼𝘂𝗿𝗰𝗲 𝗟𝗟𝗠 𝗣𝗿𝗼𝗺𝗽𝘁 𝗜𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻 𝗧𝗼𝗼𝗹 Praetorian is back with another tool (one of their 12 Caesars): Augustus... Make sure you check it out! praetorian.com/blog/introduci…. 🤺 𝗪𝗵𝗲𝗻 𝗧𝘄𝗼 𝗣𝗮𝗿𝘀𝗲𝗿𝘀 𝗗𝗶𝘀𝗮𝗴𝗿𝗲𝗲: 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗶𝗻𝗴 𝗤𝘂𝗲𝗿𝘆 𝗦𝘁𝗿𝗶𝗻𝗴 𝗗𝗶𝗳𝗳𝗲𝗿𝗲𝗻𝘁𝗶𝗮𝗹𝘀 𝗳𝗼𝗿 𝗫𝗦𝗦 If you enjoy parser differential issues, you are going to love this exploit. Don't think "It's a CTF challenge" or "It's just an XSS", read between the lines to find the real gold. blog.voorivex.team/when-two-parse…. 🤖 𝗥𝗖𝗘 𝗶𝗻 𝗚𝗼𝗼𝗴𝗹𝗲'𝘀 𝗔𝗜 𝗰𝗼𝗱𝗲 𝗲𝗱𝗶𝘁𝗼𝗿 𝗔𝗻𝘁𝗶𝗴𝗿𝗮𝘃𝗶𝘁𝘆 - $𝟭𝟬𝟬𝟬𝟬 𝗕𝗼𝘂𝗻𝘁𝘆 A detailed blog post on hacking Antigravity with a lot of interesting details on its inner workings. hacktron.ai/blog/hacking-g…. 🚛 𝗧𝗿𝗮𝗶𝗹𝗶𝗻𝗴 𝗗𝗮𝗻𝗴𝗲𝗿: 𝗲𝘅𝗽𝗹𝗼𝗿𝗶𝗻𝗴 𝗛𝗧𝗧𝗣 𝗧𝗿𝗮𝗶𝗹𝗲𝗿 𝗽𝗮𝗿𝘀𝗶𝗻𝗴 𝗱𝗶𝘀𝗰𝗿𝗲𝗽𝗮𝗻𝗰𝗶𝗲𝘀 Probably one of the lesser-known features of HTTP... Trailers. This post provides details on the feature and explains how they can be leveraged to find security issues. sebsrt.xyz/blog/trailing-….

Sometimes you spot a sink and know it's vulnerable, but proving it is a challenge. @SLCyberSec's team broke through layers of crypto to reach a pre-auth deserialization sink in OpenText Directory Services. Breaking the encryption was a journey. slcyber.io/research-cente…

can merely visiting a website lead to cross-site data exfiltration from any site without user interaction? a ""minimal"" PoC has been validated, successfully exfiltrating, as a demonstration, the victim’s gmail address report submitted, hoping to provide more details soon

Read New Write-up: Single request DoS #BugBounty #BugBountyTip exploit5lovers.medium.com/classic-single…

My research, “Next.js, cache, and chains: the stale elixir” ranked 7th in the @PortSwigger top 10 web hacking techniques of 2025 I’m truly honored and grateful, this is one of the most meaningful recognitions for a researcher, thank you!

I recently discovered several vulnerabilities in MCP servers across different attack scenarios (DOM XSS, Stored XSS, SSRF, etc.) and decided to publish a blog post to share my knowledge. Hope you enjoy it! :D blog.voorivex.team/shaking-the-mc…

[453094710][reward: $250000] Out-of-bound read in the jmp table of ActiveMediaSessionController leads to sandbox escape. crbug.com/453094710