testing

Just completed the Wiz Bug Bounty Masterclass 🎓 Learned the fundamentals of bug bounty hunting and successfully solved 9 hands-on challenges 🏆 wiz.io/bug-bounty-mas…

Azure isn’t secure just because it’s in the cloud. 👀☁️ BSides Ahmedabad 0x7 Training presents: Hacking Azure — From Zero to Cloud Admin 🔥 A hands-on offensive cloud security training where you’ll attack real Azure tenants, abuse identities, escalate privileges, map attack paths, and execute real-world cloud attack techniques. No fluff. No fake lab simulations. Just practical cloud offense. ⚡ 🎯 Trainer: Vaibhav Lakhani 📅 24–25 September 2026 This one’s for the builders, breakers, and red teamers. 🚀 Book Now: secwiser.com/bsides-ahmedab… #BSidesAhmedabad #AzureSecurity #CloudSecurity #RedTeam #CyberSecurity #OffensiveSecurity #InfoSec

I published a Claude Code artifact to help with understanding Claude Code orchestration. claude.ai/public/artifac…

@hetmehtaa Happy birthday brother

#NewProfilePic Changing it on my Birthday! Let’s see if people will continue to recall me

Cyber fam… the clock’s ticking. ⏳🔥 Only 5 DAYS LEFT to grab the Early Bird offer for BSides Ahmedabad 0x7. 2 days of conference. Hands-on trainings. Real conversations. CISO panels. Crazy networking. And the cyber community all under one roof. ⚡ September is going to be BIG. 🎟️ Grab your tickets before the Early Bird window closes. Book now : secwiser.com/bsides-ahmedab… #BSidesAhmedabad #BSidesAhmedabad0x7 #CyberSecurity #InfoSec #CyberConference #Networking #EthicalHacking

jsmonhq/apiffuf: API URL fuzzer that cross-joins hosts and paths into normalized URLs, probes them over HTTP, and reports responding endpoints. github.com/jsmonhq/apiffuf

⚠️ ACCESS EXPIRING SOON ⚠️ Early Bird privileges detected… but only for ONE LAST WEEK ⏳ Patch your FOMO, secure your discount, and deploy your registration before the timer hits zero ⏳ Grab your pass NOW!🔗➡️ secwiser.com/bsides-ahmedab… #BSidesAhmedabad #infosec #EarlyBirdDiscount #Hacking

AI systems are the new attack surface. Time to learn how to build them… break them… and defend them. 🔥 BSides Ahmedabad Training presents: Build, Break & Defend AI Systems A hands-on, offensive + defensive deep dive into Agentic AI, MCP vulnerabilities, prompt injection, OWASP Agentic Top 10, guardrails, and real-world AI attack scenarios. ⚡ No boring theory overload. Just practical labs, live exploitation, and real defense strategies. 🎯 Trainers: Shashwath Aiyappa Nagarjun Meenakshi Ganesh Akif Asif 📅 24–25 September 2026 Book Now➡️🔗: secwiser.com/bsides-ahmedab… #BSidesAhmedabad #AISecurity #AgenticAI #PromptInjection #AI

The Claude Code tooling I have been mentioning in my recent bounty posts is a forked version of strix-claude-code Started using it a few months ago. Added a triage step that spawns a new agent with no context to verify findings, cut my false positives down a lot. Got $3000 + $100 on intigriti for bypasses of resolved reports, $500 on h1, an RCE I am still verifying Not full proof. Still get false positives, still spend days verifying pocs. But overall it works really well Open sourcing it today: github.com/arshadkazmi42/…

Introducing apiffuf (ffuf for APIs) 🔓 An API URL fuzzer that cross-joins hosts × paths → normalizes URLs → probes over HTTP → reports live endpoints. apiffuf -hosts targets.txt -paths wordlist.txt → github.com/jsmonhq/apiffuf #bugbounty #recon #appsec #infosec #cybersecurity

Authorized testing on a production API endpoint. Opus 4.7 confirmed the SQL injection was real but couldn't pull any database names. sqlmap said false positive. I switched to DeepSeek V4 Pro inside Claude Code and it figured out a trick: make the database answer yes/no questions by crashing on purpose. The payload wraps CASE WHEN around two XML casts. If the condition is true, it parses broken XML like < and throws HTTP 500. If false, it parses clean XML like and returns HTTP 200. WAF was watching for SQL keywords, not XML errors. Extracted 19 database names. DeepSeek V4 Pro succeeded where both Opus and sqlmap failed. Two hours. Twenty cents. Setup: Mapped Claude Code to DeepSeek V4 Pro by creating ~/bin/claude-deep with ANTHROPIC_BASE_URL=api.deepseek.com/anthropic and ANTHROPIC_MODEL=deepseek-v4-pro[1m]. No config changes needed, original claude command stays untouched. No cybersecurity restrictions!!! Image 1: sqlmap output showing "false positive" / "all tested parameters do not appear to be injectable" Image 2: Claude Code terminal showing 19 databases extracted in ~2 hours Image 3: DeepSeek platform dashboard showing $0.20 total cost Image 4: Why this trick is different from standard blind SQLi types and why sqlmap has no built-in vector for it

@ngosytuanbug @h4x0r_dz @Bugcrowd Good brother when you share a blog ?

after a month try hunt on @Bugcrowd ( mostly public BBP) , i see everything very good. They can do very fast when the number of reports is huge Thank DeepSeek-V4-Pro for some good research SO BIG RESEARCH WITH ME for big famework😂( i will have blog about it later) #bugbounty

No quotes No spaces No Parentheses No Semicolons Still SQLi.... Collab with @or4nge16hehe @r9.mody/sql-injection-in-numeric-parameter-int-without-common-special-characters-ae31e15ea3e3?postPublishedType=repub" target="_blank" rel="nofollow noopener">medium.com/@r9.mody/sql-i… #bugbounty

A bugbounty hunter found and reported 3 leaked secrets using Jsmon. Feedback from Jsmon's intercom chat😁! Run a free scan now at app.jsmon.sh/signup

Claude Code picked the scope change from bountylens.com MCP Tested it within 10 minutes popped FULL SSRF github.com/bountylens/mcp 🤣🤣 What a time to be alive

I had published My ATO Testing via Password Reset Methodology at GitHub: github.com/wadgamaraldeen… #bugboutnytips #AccountTakeover #Cybersecurity #AppSec

The people shaping the global cybersecurity community aren’t just building defenses. They’re building the culture around hacking itself. 🔥 We’re excited to welcome @Dinosn as a Keynote Speaker for BSides Ahmedabad 0X07. Straight from Swiss 🇨🇭, Nicolas is widely known as a hacker, community-driven security professional, and one of the most influential voices on X within the cybersecurity space. He is currently the Head of Threat & Vulnerability Management at @Henkel Recognized among the Top 23 cybersecurity influencers by @SentinelOne and featured in’s “200 Cybersecurity Influencers On Twitter Making a Difference,” by @CheckPointSW , Nicolas has built a reputation for connecting researchers, hackers, and defenders worldwide.🌍 He is also recognized with @SynackRedTeam Titan Recognition three times and Mentor of the Year honors for his contributions to the global security community. 🏆 Expect insights from someone who lives and breathes the hacker mindset every single day.🔥 Get ready for conversations that challenge perspectives and inspire the next generation of security researchers.⚔️ 🎟️Secure your spot now: secwiser.com/bsides-ahmedab… #BSidesAhmedabad #cybersecurity #bugbounty #hacking #cybersecurity

Just got a reward for a vulnerability submitted on @yeswehack -- Cross-site Scripting (XSS) - Reflected (CWE-79). Waf bypass: <mctx%2FOnCoNtEnTvIsIbIlItYaUtOsTaTeChAnGe%3Dalert%601%61%09STYLE%3Ddisplay%3Ablock%3Bcontent-visibility%3Aauto>

the engineer who built Claude Code just dropped a 28-minute video on how to write prompts that actually work I've seen $300 courses that don't cover what he shows in the first 10 minutes CLAUDE.md files, memory shortcuts, parallel sessions, prompting patterns all in one video and completely free works whether you're a developer, a beginner, or someone who's been using Claude for months based on this, I put together 18 things you can copy and use in Claude today full guide in the article below

Your AI coding assistant can be turned into a worm. Hidden in a README file, a prompt injection can hijack your coding agents and spread from respository to repository like the old school MySpace XSS Worm. youtu.be/4PBD-9IG13I