pratik.eth

New version of Grafana-Final-Scanner, with more CVEs and no false positives 🥳🥳 test it:- github.com/Zierax/Grafana… #bugbountytips

Just came across this insanely clean browser-based pentest cheatsheet 👀 Source: anshu19981.github.io/Pentestcheatsh… 580+ pentesting commands organized for recon, privesc, AD, web testing, pivoting & more, all inside a fast terminal-style UI. No setup. No clutter. Just practical workflows ⚡ Perfect for OSCP/OSEP prep, labs, CTFs, and real-world engagements. #cybersecurity #bugbounty #pentesting #redteam #oscp

RT0x01 Red Teaming Initial Access : ntrunr.github.io/posts/Initial-… highlighted why phishing attacks are still #1. also why bug bounty hunters becomes beast when it comes to Exploit Public Facing Application and chaining them to get into the system. btw can't able to cover all

Autonomous vulnerability hunting with Claude Code and MCP blog.zolutal.io/two-shot-kerne… #infosec #llm

two professors at Wisconsin spent 25 years teaching operating systems together then they wrote a 714 page textbook about "Operating Systems: Three Easy Pieces" it covers virtualizing the CPU virtualizing memory concurrency persistence security and file systems small enough to read in parts and also it is written like a conversation not a typical textbook this is what you read if you want to really understand how operating systems work not just the theory

A friendly reminder on how to NOT accidentally stumble upon exposed financial data in under 2 minutes. 1. Do NOT visit FOFA search engine (en.fofa.info), it's just a search engine, totally harmless, nothing to see here. 2. Absolutely do NOT run this query to find misconfigured S3 buckets leaking invoices: host="s3.amazonaws.com" && body="invoice" && body=".pdf" Because clearly, companies have their cloud security fully under control and there's zero chance you'd find thousands of exposed PDFs with sensitive financial data sitting wide open on the internet. Zero. Chance. Stay curious. Patch your buckets. 🪣🔒 #BugBounty #CloudSecurity #OSINT #AWS #InfoSec #S3 #Misconfiguration

A collection of AI agent prompts for bug bounty and pentesting workflows: github.com/matty69v/Bug-B… #BugBounty #Pentesting #AIAgents #InfoSec #HackingTools

VulHunt by @binarly_io github.com/vulhunt-re/vul… Blog post series: binarly.io/blog/vulhunt-i… binarly.io/blog/vulhunt-i… binarly.io/blog/vulnerabi… binarly.io/blog/vulhunt-i… binarly.io/blog/agentic-v… #infosec

Autonomous penetration testing agent running fully offline github.com/pikpikcu/airec…

lots of people asked me for my recon methodology HYG: github.com/nullthrix/BugB… soon will publish my full WAP methodology... #BugBounty #hacking #security #hackerone #bugcrowd #integrity #yeswehack

🚨 BREAKING: Wiz Research discovered Remote Code Execution on GitHub.com with a single git push The flaw in @github allowed unauthorized access to millions of repositories belonging to other users and organizations 🤯

@hugopicanzo It’s about the mindset, a bit of persistence, and a bit of flair you only gain through practice and spending a decent amount of time failing. Until one day, you see an app and you don’t even need to send a single request to feel there are bugs hiding in it.

A guy didn't have a CS degree wanted to work at Google studied 8-12 hrs/day for months got hired at Amazon instead he open-sourced his entire study plan coding-interview-university - 337k stars on GitHub covers everything: DSA, trees, graphs, dynamic programming, system design, OS, networking github.com/jwasham/coding… the most complete free CS curriculum on the internet

You don't learn reverse engineering by reading about it. You learn by doing it. That's why I built malops.io, a free platform with hands-on RE challenges using real malware: Whether you're starting out or sharpening your skills, this is how you level up.

youtu.be/ryIhM-C8gLo?si… Just dropped a new video on Microsoft IIS vulnerabilities, focused on real-world testing across live targets.. In this video I walk through: • Deep recon using multiple sources and smart dorking techniques • Burp IIS extension + Shortscan for single and bulk target analysis • Advanced ffuf fuzzing methods with my personal extension list • Finding login panels via fuzzing and testing SQL injection with the PUT method [json based] • Response manipulation techniques • Practical 403 bypass strategies • Path restriction and forbidden bypass methods • Information disclosure and sensitive data exposure findings • WAF bypass approaches • Discovering hidden paths from source code and JavaScript I hope you enjoy it and find it useful. Content like this takes a lot of time and effort to put together, especially when it comes to finding live targets to demonstrate real proofs of concept, so you get genuine exposure to how these issues are discovered and tested in real scenarios.

A comprehensive guide for web application penetration testing and bug bounty hunting, covering methodologies, tools, and resources for identifying and exploiting vulnerabilities. github.com/xalgord/Massiv…

🔨 Beginners Guide: How to create a Burp Suite Extension from SCRATCH. Tutorial: youtube.com/watch?v=9yXQ2U… #infosec

@HaifeiLi Also see -- github.com/ksk-itdk/KSK-I… -- github.com/gavz/CVE-2026-…