Abdul Qadeer Khan

@PythonDvz 🤣 developer be like 😦🤣

🤣🤣🤣

You're mapping the main API of your target, but hit a wall due to authentication. You’re thinking of brute-forcing the API. But what if a dev published the API docs for a contractor and forgot to remove the Authorization headers or environment variables? 👇🧵

@Bugcrowd 😂

🦾❤️ #BugBounty

Automated penetration testing assistant using local LLMs github.com/sooryathejas/M…

A ✔️critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. which likely impacts over 300,000 servers globally, is tracked as CVE-2026-7482 (CVSS score: 9.1)

wcurl_option_injection_poc.sh 🐉🪲

📅 Our next live hacking event is landing in Lisbon this month. More details soon as we gear up for another collaboration. #H121 #TogetherWeHitHarder

I've earned the Hash Cracker Badge on TryHackMe for Cracking all those hashes tryhackme.com/r/0xqadeer/bad… #tryhackme via @tryhackme

DoS on PayPal via web cache poisoning hackerone.com/reports/622122

Security researchers, @arc wants your help. As part of the Arc Bug Bounty Campaign, the team has open-sourced the Arc testnet and launched a bug bounty challenge on HackerOne. Dig into the code, run a local node, and put the network to the test before mainnet. Your findings help strengthen Arc from day one. Join the program: bit.ly/4vre6xw

Secrets leaking in HTTP responses? 🔍 The TruffleHog Burp extension by @trufflesec passively scans proxy traffic for exposed credentials - API keys, tokens, SSH keys - directly in server responses. With 800+ detector types, it even checks whether secrets are still live. 👉 github.com/trufflesecurit… #BugBountyTips

Claude code source code has been leaked via a map file in their npm registry! 👨🏻‍💻

#OSAI is officially here! 📣🐺 OffSec’s newest certification for hands-on offensive operations against AI-enabled systems is now available for purchase with Learn One, Course & Cert Bundle, and Learn Enterprise. Built for practitioners who want to apply an adversary mindset to modern AI systems and stay ahead as the attack surface evolves. 🔗 offsec.com/courses/OSAI/

We’re LIVE at #RSAC 🔥 Booth is open. LEGO pieces are out. Conversations on continuous security are already rolling. Come find us 👀

@medusa_0xf Yes Sir 😔

What’s GPT full form? (Answer without google)

Do you remember when you joined X? I do! #MyXAnniversary

OSAI is now available for pre-sale! 🚨🐺 portal.offsec.com/checkout/produ… For a limited time, secure an exclusive pre-release offer: Get 120 days of lab access for the price of our standard 90-day Course & Certification Bundle. That gives you more time, but for the same price. Here’s everything that you’ll get: 🌟 Access to the OSAI (AI-300) course* ⏱️ 120 days of access (usually 90 days!) ✔️ One exam attempt 🎮 50+ Proving Grounds Play labs 🐉 Bonus access to KLCP / PEN-103 *Access begins upon course release, targeted for March 31, 2026 Secure your OSAI access now!

The Gauntlet: Arctic Howl starts in just a few days! Have you registered? Create an account: 🔗 offsec.com/events/the-gau… Join the event: 🔗 portal.offsec.com/events/5544035… 💥 4 (defensive) scenarios 🏆 Limited-edition prizes 🧠 First PWN bonuses 🎮 Free entry via Proving Grounds

As a developer, which localhost do you prefer??