AnkSec

23000$ for Authentication Bypass & File Upload & Arbitrary File Overwrite @h4x0r_dz/23000-for-authentication-bypass-file-upload-arbitrary-file-overwrite-2578b730a5f8" target="_blank" rel="nofollow noopener">medium.com/@h4x0r_dz/2300…

lof web apps that are built by AI, it have .md and mostly 🔥 so any app you test, JSP / PHP / ASP Add for fuzzing the extensions ffuf -w /wordlist -u .com/FUZZ -e .md,.db,.txt,.xml,.sql,.7z,.zip,.tar.gz,.env it will take some time, but it will be back with very good results♥

Here’s how I discovered an Account Takeover using recox.hackerz.space (endpoint discovery function) 👇: #bugbounty #bugbountytips

I just published a new #article on Medium. How I Earned $76,000 Bounty From a Single Program on @Bugcrowd . #BugBounty #Bugcrowd #CyberSecurity #EthicalHacking @Hacker0x01 @yeswehack @intigriti anonhunter.medium.com/how-i-earned-7…

I have been doing bug bounty since 2011 and ran a program for a multinational bank. Put everything I've learned into bugbounty.info. Target selection, recon pipelines, chain patterns, report templates, the business side. Free, no paywall, no course upsell.

LLMs for vulnerability research by @0xAsm0d3us devansh.bearblog.dev/needle-in-the-…

Hey guys, I just launched argosdns.io - if you are into IT security, bug bounty hunting, red teaming, ... this is interesting for you! argosdns.io

🚨 Google told devs: API keys aren't secrets. Gemini changed that. 😱 We found ~3,000 public keys silently authenticating to Gemini - exposing private files, cached data & charging for LLM usage 💥Even Google's own keys were vulnerable. 🔗 trufflesecurity.com/blog/google-ap…

Our pentesting agent found a 1-click ATO to RCE in @openclaw Gateway Control UI in under 2 hours. Local instances can also be exploited with one click. Patched in main, update now. Watch the exploit 👇

Burp AI Agent is now public MCP-powered AI agent (and server) living inside Burp. Instead of a chat next to it, extends itself: tools, actions, live traffic and findings. AIO to reduce context switching while testing Repo: github.com/six2dez/burp-a… Docs: burp-ai-agent.six2dez.com

@Kle0z 😁

🎉Giving away 5x yearly bbradar[.]io Pro subs! 👉Get Live notifications on Discord for new programs and scope changes. 👉Search for assets and find matching programs. 👉View Latest assets/targets/scopes. To enter: ✅Follow @Kle0z . ✅Like this post. ✅Share this post. Winners will be announced on the 30th Of January.

@ryotkak discovered 8 ways to achieve RCE in Claude Code without user approval 🤯 @claudeai allowlisted "safe" commands like echo, sed, and sort, then used regex blocklists to prevent dangerous arguments.  All fixed in v1.0.93 by switching from blocklists to allowlists. Blog link 👇 flatt.tech/research/posts…

New research dropped as Promised. AI assistants are connecting to everything—your cloud, your deployments, your secrets. The OAuth implementations behind these integrations? Many are broken. We found one-click account takeovers in MCP servers powering ChatGPT and Claude integrations. Open Dynamic Client Registration + missing PKCE + no redirect validation = full ATO. Full writeup with methodology and PoC: sicks3c.github.io/research/ato-v… #bugbounty #appsec #oauth #AI

Just found trinetlayer.com one of the best platforms for security study material 🚀 Solid payloads, powerful tools, and really interesting AI labs. Worth checking out if you’re into real-world cybersecurity learning.

Our latest research is out! If you missed a good write-up for nice vulnerabilities, I brought you one! Enjoy the reading! @FearsOff @Cloudflare

Hello everyone ♥ a little bit write-up of #bugbountytip #bugbountytips I am going to write here ..... Title: getting unauthorized access on 3rd party's/workspaces & and building your checklist for quickly locating bugs there via massive recon we know that its helpful to look for google groups/docs/etc.. Slack as well just like when the amazing @h4x0r_dz shared days ago .. Use google dork "site:join.slack.com" so I was not in a good mode the last months to doing Google Dorks, so what I did was build a checklist ready for me & very huge one for EX: groups.google.com docs.google.com join.slack.com and here is just an example you can add more similar workspaces for your checklist thin I extracted all internet endpoints and as example here join[.]slack[.]com otx.alienvault.com/api/v1/indicat… virustotal.com/vtapi/v2/domai… web.archive.org/cdx/search/cdx… you can use the ready tools to do it such as waymore important note: you have to keep your checklist updated every week and from here I just keep looking for the company name or domain name to see if there's anything connected and mostly the company name or domain name in the URL it self EX: tesla join.slack.com/t/Tesla-Intern… Ex For Bugs found: 1 unauthorized access to the workspaces (PII | Information disclose) 2 account takeover as Ex: valid signup employee link 3 account takeover as Ex: valid reset password employee link now about Slack, as an example if you found an invitation link for tesla Tesla join.slack.com/t/Tesla-Intern… and that link was not valid, don't stop here it will redirect for Ex: tesla-internal[.]slack[.]com here back and start looking manually for endpoints of this subdomain as well EX: web.archive.org/cdx/search/cdx… now there are a lot of 3rd party's/workspaces I just shared here slack & Google Docs/groups What I wrote is a bit long and annoying to some, so I apologize. I hope, as usual, that this will be useful to all who follow me here. #Bugounty don't forget to retweet if you like it ♥♥♥

We just dove into our shelf of archived bug bounty write-ups from the most notable hackers! 🤠 In this issue, we selected 5 compelling articles (that are still relevant today) to share with you, from which you can learn something new! 😎 🧵 👇

Me and a friend just landed a bounty for an RCE using a technique I addict it earlier and have kept refining ever since. Grateful for the results. Alhamdulillah. More here: sl4x0.xyz/turning-depend… or sl4x0.medium.com/turning-depend…