hAPI_hacker

The Hacking APIs Conference is back for 2026! HAC NYC returns May 14th. CFP is open. Got a live API hack? A breach case study? Research that made a security team sweat? Submit it. Vulnerabilities that shipped. Exploits that worked. Defenses that held.

Thank you to everyone who came to my shrek-themed hacking alongside AI talk today at Hacking APIs Con @hAPI_hacker

If you want to know how I, AI skeptic really changed my mind on hacking with AI I’ll be at HackingAPIsCon/apidays New York next week to talk about how I worked WITH an agent rather than fight against it and Ill share some of my AI hacking methodology

🔥 ContinuumCon 2026 June 12-14 Workshops Announced! Stacked with content, plus a special event: This year we'll have a Live AMA with @brysonbort and @strandjs - Q&A, commentary, and the top-tier banter. Workshops 👇 # Roll Your Own Analyst by Rain Jordan Build your own local AI threat intel pipeline with Python & Ollama # Killing Active Directory Attack Paths Once and For All by @techspence Hands-on destruction of major AD attack paths with hardening to mitigate # Hacking Over & Under The Wire by @klrgrz Beginner-friendly SSH & PowerShell using OverTheWire wargames and trying back to tradecraft # Practical Security Engineering by @IceSolst Stand up SAST, DAST, SCA, and secrets scanning for free using GitHub Actions # Prompt Injection Fundamentals & Hack-Along by Eva Benn and @Andrew Bellini Practical, beginner-friendly walkthrough of prompt injection fundamentals. It's a solid on-ramp if you want to get into AI pentesting! # Escaping Sandboxes with AI by @ZackKorman Hands-on techniques for finding and executing AI sandbox escapes # Instant API Hacker by @hAPI_hacker Fast-paced exploitation of the OWASP API Top 10 with the author of Hacking APIs # Smarter AWS WAF: Reduce Noise, Detect Threats & Automate Response by Ihor S. Production-ready AWS WAF with custom monitoring, Slack alerts & automated threat response! # Tactical GRC - Turning Governance Into a Force Multiplier for Security Teams by @fletusposton Build lightweight, engineering-aligned GRC that actually accelerates security work! # How to Analyze Malware by Matthew N. Safe, practical malware analysis workflow for beginners – static, dynamic & real sample walkthrough! # Analyzing WannaCry: A Forensic Method for Recovering Ransomware Data with Open-Source Software by Smit Nayak Deep forensic recovery of WannaCry artifacts using open-source tools – DFIR gold! # StegoDefender: Hunting Malware Hidden in Plain Sight - Advanced Steganography Detection & Payload Extraction by Christopher Dio C. Detect & extract hidden malware from images & files with next-level steganography tools! And we'll be hosting content again this year through the great @getCourseStack platform! Big thank you to all putting the work and time in in to bring this con to everyone! 🙏 @_JohnHammond @JustHackingHQ @AnthonyBendas @Level_Effect Got your ticket yet? 🎟️ Head over to: continuumcon.com

I became good friends with Dan shortly after I passed the ASCP, while I was still at MTN Nigeria. A few days into that friendship, he sent me a message asking for permission to share my name with the then MTN’s Group Chief Information Security Officer, a South African guy. He told me, “Al-Amir, I informed Justin that one of his security engineers at MTN Nigeria cracked our most difficult exam, making him one of the very few to pass it.” I remember reading that and calling my guy Rojo, we both just laughed out of pure joy. I told him to go ahead, you never know the opportunity that’ll come out of it. A few years later, Dan recommended me to the team at APISec Inc. That’s where I met some incredible engineers, Jesse, Jose, Raj, extremely cracked guys. I joined as a Security Engineer, working on research, manually validating test cases/exploits, and then writing code to help the APISec scanning engine automate those checks. It was easily one of the most challenging roles I’ve taken on in my entire life. Eventually, I had to step away for new opportunities, and partly to take care of myself. When I told Dan I was leaving, he did everything he could to convince me to stay. He even tried to create other paths so we could keep working together. It meant a lot. APISec & APISec Uni will definitely feel his absence. He is a legend!

New issue of our newsletter; Executive Offense! The New Perimeter - Supply Chains and AI Environments executiveoffense.beehiiv.com/p/the-new-peri… Subscribe 🫶

Day 30/#30daysofApisecU Covered OWASP API Top 10, API pentesting, and security fundamentals hands on. Worked through crAPI, DVAPI, and realworld API finding flaws, breaking auth, and understanding what defenders miss. Will continue my journey with GraphQL. @ce3nerd @hAPI_hacker

Day 28&29/#30DaysofApisecU I tested my brother's RestAPI and reported to him what I found. I practiced all I learnt from @hAPI_hacker course on APIsecU and book. looking forward to testing more real life API @akintunero @commando_skiipz @ce3nerd @KoredeSec

I just did an interview with @SecWeekly, with teasers for my upcoming #BHUSA presentation "Can AI Do Novel Vulnerability Research: Meet the HTTP Terminator", plus reflections on the Top Ten Web Hacking Techniques of 2025 & 2026. Watch it here: youtube.com/watch?v=fOWhhT…

Meet the Burp Ambassadors: @rana__khalil 🌍 Rana Khalil is a security educator and founder of Rana Khalil’s Academy. Her mission: make web app testing accessible to more people. #BurpAmbassador #BurpSuite

We've launched a new @WebSecAcademy topic on exploiting AI-powered security scanners! Learn how to use indirect prompt injection to steal data, cause damage & trigger exploit chains!

Meet the Burp Ambassadors: @0xTib3rius 🇺🇸 Tib3rius is a professional pentester and well-known content creator - you’ve probably seen his livestreams or training content. 👀 #BurpAmbassador #BurpSuite #pentesting

hELLO the tIME HAS cOME oNCE AGAIN on my cONTENT cALENDAR for me to continue to scream and shout about oUR VIRTUAL EVENT ContinuumCon 2026 jUNE 12 - 14 continuumcon.com livestream run of show is free & public but all workshop sessions get into hands-on labs see u there ✌️

@malik_cybersec @akintunero @commando_skiipz @ce3nerd @KoredeSec I’ve only got one chapter on GraphQL, but @dolevfarhi and @Nick_Aleks have a whole book on it: nostarch.com/black-hat-grap…

Day 26/#30DaysofAPIsecU Continue learning GraphQL by reading this book by @hAPI_hacker building my skills around API hacking @akintunero @commando_skiipz @ce3nerd @KoredeSec

700🥳

Full breakdown of the model degrade on Anthroptic I’ve been hot on for the past month. Solid level of transparency and analysis from them. anthropic.com/engineering/ap…

Meet the Burp Ambassadors: @apps3c 🇮🇹 Federico Dotta is an offensive security researcher with a deep focus on Burp Suite extensibility. #BurpAmbassador #BurpSuite #BurpExtensibility #BApps

Cybersecurity architects work between all the rocks and all the hard places. Engineering. Legal. Finance. Executive leadership. Often without authority over any of them. The decisions made early in the design phase echo through the environment for years, long after the people who made them have moved on. I wrote the foreword for the second edition of Lester Nichols' Cybersecurity Architect's Handbook, releasing May 11, 2026. It covers foundations, governance, toolset decisions, career roadmaps, and adaptive strategy for the people holding that position in 2026. Read the full foreword on The Hab: hapilabs.ai/blog/cah Preorder the book to secure your copy. #detailBullets_feature_div" target="_blank" rel="nofollow noopener">amazon.com/Cybersecurity-…

At the AWS Summit in London today? Come say hi to your friendly neighbourhood hacker and win a 3D printer, I’m at stand B5!

Meet the Burp Ambassadors: @hapi_hacker 🇺🇸 Corey Ball brings 15+ years of experience in IT & cybersecurity, with a sharp focus on API security. #BurpAmbassador #BurpSuite

Meet the Burp Ambassadors: @soyelmago 🇦🇷 Alan Levy is a Buenos Aires-based security consultant, content creator, and founder of @BugBountyArg. He’s also behind LATAM’s first online bug bounty conference: BountyMagicCon. #BurpAmbassador #BurpSuite