ghostlulz

API Hacking - Cracking JWT Tokens ghostlulz.com/blog/api-hacki… Pre Account Takeover ghostlulz.com/blog/pre-accou… XSS With Polyglots ghostlulz.com/blog/smart-xss… React JS SourceMaps to XSS ghostlulz.com/blog/reactjs-s… Bypass AI Powered Wafs ghostlulz.com/blog/bypass-ai… #bugbounty #bugbountytips #bugbountytip #infosec #xss #OWASP #redteam #pentest #hackerone #bugcrowd

CTF in 2026

@antonosika @AikidoSecurity I highly doubt this scan is going to pass the audit sniff test but okay lol 😂

Today Lovable became the first vibe coding tool with built-in penetration testing. Any Lovable-built app can now get the same quality of security testing companies typically pay $5k-$50k for, in a couple hours, for $100 per test, powered by @AikidoSecurity. Our built-in security scanning and platform already get builders far, and now you can prove it with a pentest that supports SOC 2, ISO 27001, client security questionnaires, or investor due diligence. This is a huge leap for safe building.

@SohomScales Thanks 🙏

🚨Bug Bounty Playbook V3 🚨 If you read my first two books version 3 is going to take things to the next level. I teach you how to make your own enterprise grade platform to automate bug bounty hunting. COMING SOON! #bugbountytips #hackerone #bugcrowd #bugbounty #infosec

@TheUnfound_Door I could haha. But I get very obsessed over whatever Im doing and end up putting everything else on the back burner so it never works out.

@HackingTeam777 What a cool site!

@Jhaddix Its all pretty neat. You can apply AI to all kinds of things within the offensive security space. We are building a fleet of AI Agents like this at stealthnet.ai (@StealthNetAI ) to automate penetration testing.

People saying the tech is far away, AI agents finding simple bugs is very achievable. Like if you know some code, strategy, how to use the models... VERY achievable.

@taha_marzak20 This is actually going to be an entire course so I can get more in depth on certain topics. I plan on releasing it soon!

@ghostlulz1337 where can we order the book

Red teamers, no need to “pull” clipboard data when Windows already saves it all on disk for you in a neat little file 🗿 (including past clipboard items) inversecos.com/2022/05/how-to…

Web Cache Deception ghostlulz.com/blog/web-cache… Dependency Confusion ghostlulz.com/blog/dependenc… Exploiting PDF Generators ghostlulz.com/blog/exploitin… Pre Account Takeover ghostlulz.com/blog/pre-accou… API Hacking - Cracking JWT Tokens ghostlulz.com/blog/api-hacki… #bugbountytips #infosec #redteam #pentesting #hackerone #bugcrowd #bugbounty #bugbountytip

It’s done and in my platform already . At least the initial version is . I’m working on the web app agent now . We app agent is similar expected you give it a username password . It figures out how to login and all the other stuff . It’s similar to XBOW web agent . We only sell to companies . If your company is interested we can do a demo . Just let me know .

@ghostlulz1337 how is the progress is going on in it? as we are interested in pilot program of this tool!

🚨AI Agents for API Hacking 🚨 I’ve been developing an AI agent that automates API pentesting. Parses swagger, crafts the perfect payload, analyzes the response, and adapts mid run. Already popping XXE , IDOR, and much more that traditional scanners missed. Sneak peek CLI below; slick UI coming soon. Follow my company @StealthNetAI and I for more. We are building a fleet of offensive security agents to automate penetration testing. #AppSec #AI #owasp #bugbounty #bugbountytips #redteam #infosec #vc #venturecaptial #aiagentstartup #startup #hackerone #bugcrowd #hackthebox

No need to bypass AV/EDR when you can just use Chrome Remote Desktop as your backdoor. Check out the blog post from @TrustedSec trustedsec.com/blog/abusing-c…

ChainLight dropped a 330-page analysis of all Web3 Hacks in 2024.

@phantomcybersec Nice stuff I havnt heard of this technique !

The wait is over! Our stealthy Windows persistence technique (PhantomPersist) is now out! Read the blog post here: blog.phantomsec.tools/phantom-persis…

⚠️ AI Agent for API Hacking ⚠️ Just integrated the agent into our fleet. It no longer relies on the CLI you can now upload API docs, and it thinks through the entire API pentest. 📄 Parses Swagger API docs 🧠 Plans attacks 💥 Fuzzes endpoints 🔍 Finds XXE, IDOR, and more 📝 Writes the pentest report Traditional scanners don’t stand a chance. Follow @StealthNetAI we’re building a fleet of autonomous AI agents to automate every kind of pentest. More updates to our fleet of AI powered hackers are coming ! #AppSec #AI #RedTeam #BugBounty #OWASP #HackTheBox #Startups #Cybersecurity #VC #Infosec #AIagents #bugbountytips #hackerone #bugcrowd #venturecaptial #automatedpentest