Senderwallet

给 Claude Code 装一套漏洞赏金和红队渗透技能包，51 个技能、574+ 报告模式、24 个漏洞类，一装就变身老练研究员。 github.com/elementalsouls…

🔥I am ready to start writing "DeFiHackLabs Solidity Security Testing Guide". Currently, it supports 47 types of vulnerabilities. My todo: 1.Add missed vulnerability descriptions to the test cases written before. 2.Create a Notion version. 3.Create a PDF version.

Beginner smart contract devs, auditors - don’t skip this. This new paper dives deep into real exploitable patterns in Solidity contracts. Reentrancy, overflows, access bugs, all broken down. Read it, or get rekt later: arxiv.org/pdf/2504.21480

Just published a new Solidity security audit report for @etherspot 🤝 This is our second audit for them, but this time for Credible Account Module (ERC-7579, EIP-712). Thank you for trust again! 🫡 Read the report below👇 github.com/shieldify-secu…

A structured course built from personal study notes of the book Linux Basics for Hackers by OccupyTheWeb. github.com/ahegazy0/linux…

When it comes to in-depth technical write-ups, one of my favorite authors is @abhi9u. And this time, he has crafted a beautiful article, "Virtual Memory: A Deep Dive into Page Tables, TLBs, and Linux Internals." Go, give it a read. blog.codingconfessions.com/p/virtual-memo…

An LLM-ready index of 460 Solidity vulnerabilities across 31 protocol types. Scraped from 10,000+ Solodit findings 🤠 github.com/kadenzipfel/pr…

JS & Client-Side Security Resources github.com/zomasec/client…

🚨Junior/Advanced secruity researchers - this is for you!!! A new Training Hub that teaches you web3 vulnerability patterns and thinking as an attacker. Thanks to @ValvesSec, great job👏 URL: training.valvessecurity.com/train

Computer Architecture from Scratch

new tool: grafana scanner with 10 CVE checks from 2018-2025 made it cause existing ones give too many false positives. github.com/Zierax/Grafana… #Pentesting #InfoSec #BugBounty #bugbountytips #Hacking #EthicalHacking

github.com/Zierax/My-Reco… Twice, my account Got restricted again, So this is the methodology for third time I hope my account still alive @github

One of the finest explanations of the CPU pipeline by this MIT course! ocw.mit.edu/courses/6-004-…

If you're serious about mastering client-side bugs, this repo is a goldmine. A curated roadmap covering: • XSS (DOM-based & advanced) • postMessage exploitation • CSP bypass techniques • Prototype Pollution • Real-world writeups & labs Stop jumping randomly between topics, follow a structured path. 🔗 github.com/zomasec/client… #BugBounty #WebSecurity #XSS #AppSec #InfoSec

Level up your bug bounty workflow 🚀 💎 One-Liners by 0xPugal = a goldmine of powerful recon & exploitation commands — all in a single line. 🔥 What you get: • ⚡ Fast recon pipelines • 🎯 Ready-to-use XSS / SSRF / LFI chains • 🧠 Real-world automation workflows • 🛠️ Tool chaining like a pro 🔗 Source: github.com/0xPugal/One-Li… ❌ Don’t just copy-paste ✅ Understand the chain → hunt smarter #BugBounty #CyberSecurity #Infosec #Hacking #Recon #

"Sensitive Information Leak & Missing Authorization via API Endpoint" Join my BugBounty Chennal: t.me/ShellSec - to find info leak bugs in wordpress use my this quick wordlist: /api/v1/export/data /api/v1/config /api/debug/env /api/v2/auth/sessions /api/v1/admin/users /wp-json/wordfence/v1/config /api/v1/billing/details /api/v1/db/stats /api/v1/logs /api/v1/health /api/v1/status /api/v1/internal/settings /api/v1/cloud/credentials /api/v1/user/profile /api/v1/system/info /api/v1/backup/list /wp-json/wp/v2/users /wp-json/wp/v2/settings /wp-json/wp/v2/media /wp-json/wp/v2/posts?status=any /wp-json/wp/v2/pages?status=private /wp-json/elementor/v1/system-info

Spot the Bug 🧠 Plugin execution What’s the issue in this code?👇

Spot the Bug 🧠 Time lock storage What’s the issue in this code?👇

🦖 Day 275 of learning blockchain👾 Got a bug confirmed on Immunefi today. But here’s the truth no one talks about… If you don’t make it, there will be no evidence you ever tried. All the sleepless nights, staring at code until your eyes hurt All the self-doubt when nothing clicks All the silent losses no one sees It will all mean nothing to the world. That’s the painful part. This path doesn’t reward effort — it only rewards outcomes. So you either win… or your struggle disappears like it never existed. And that’s exactly why I’m not stopping.

Bypass SSRF WAF rule blocking access Additional Internal URLs Accepted https://0x7f000001/ | Yes | localhost (hex) | https://[::1]/ | Yes | IPv6 loopback | #BugBounty #BugBountyTips