Jay ツ 🇮🇳

Most JWT content is stuck in 2015. alg=none, weak secrets, basic misconfig screenshots. That’s not where the interesting bugs are. I usually keep this stuff private. This time I’m dropping it publicly ↓ sin99xx.medium.com/jwts-for-peopl…

Super cool work by @s3bsrt HTTP trailers can be a blind spot. Proxies usually ignore them, but backend servers will happily merge them into the main headers, letting you sneak payloads right past security filters. Blog link 👇 sebsrt.xyz/blog/trailing-…

Fascinating account takeover chain discovered in Facebook mobile app by @samm0uda Multiple vulnerabilities combined: * Predictable random numbers * XSS in the JavaScript SDK * Frame protection bypass * Login CSRF One malicious link = full account compromise Meta paid a $66k bounty for this one. ysamm.com/uncategorized/…

We got frustrated with dealing with vendor dependencies when reverse engineering large applications. @ITSecurityguard from @SLCyberSec’s Sec Research Team built Hyoktesu to solve this problem forever: github.com/assetnote/hyok… - releasing this today! Blog: slcyber.io/research-cente…

I have been doing bug bounty since 2011 and ran a program for a multinational bank. Put everything I've learned into bugbounty.info. Target selection, recon pipelines, chain patterns, report templates, the business side. Free, no paywall, no course upsell.

@kiwikiwi_jo Changed my mind!

Vibe coding is the new doom scrolling

A Claude Code skill that decompiles Android APK and AAR files and extracts the HTTP APIs used by the app. Scary. github.com/SimoneAvogadro…

New series on using Claude for bug bounty 👀. sync your hackerone reports, cross-referencing past findings against new targets etc. The actual workflow, not the LinkedIn fantasy. Feedback from AI-maxers always welcome ❤️ clawd.it/posts/11-teach…

Needle in the haystack: LLMs for vulnerability research I've distilled my experience of sending thousands and thousands of prompts for using LLMs to discover vulnerabilities into a single write-up. These are the conclusions I came to.. (link in comment)

One of our own just hit their first 3-digit bounty. 🛡️ Every bounty has a story behind it. Late-night testing. Duplicates. Learning from labs. Community support. From learning web security fundamentals… to solving labs… to attending community events… to facing multiple duplicates before finally landing a valid bounty. This is the journey most researchers go through - persistence is the real skill. Huge congratulations on the milestone and thank you for sharing the journey. We’re proud to see members of the Barracks community turning learning into real impact. Welcome to the growing list of Barracks Graduates. Full story in the comments 👇

Systems teach us how to force ourselves to make critical decision making questions look unfamiliar. A way to see alternatives.

On one of the recent engagements, the target was vulnerable to SQL injection, but the DBMS used was Oracle. During testing, we noticed that the application was filtering SELECT, AND, OR and similar keywords, along with || to prevent string concatenation. After a few attempts, I managed to bypass the application's filtering using newline characters like %0a and %0d in the request. This only allowed bypassing the SELECT keyword; AND and OR operators were still detected. To use a traditional CASE WHEN construct, we needed string concatenation, but || was still being blocked. At that point I tried |%0a| and realized that Oracle actually allows newlines between the concatenation operator. This made it possible to exploit the issue and extract data from the target. The final payload looked something like this: String'|%0a|(case when (select%0ausername%0afrom%0all_users%0awhere%0atrim(username)%0ais%0anot%0anull%0afetch%0afirst%0a1%0arow%0aonly)='' then '1' else to_number(user) end)|%0a|' This forced the application to generate an error when the false condition was triggered. I hope this gives an idea for whoever reads this to never giving up and trying unusual, unexpected stuff during testing. #BugBounty #pentesting

Quite a late realisation 😁

Mumbai and Bangalore outsourcing firms are scaling like I've never seen Infosys added 47,000 engineers in the last 9 months. TCS hiring 2,100 per week. Wipro opened 8 new delivery centers since January. American companies discovered something: Senior engineer in Austin making $180k can be replaced by two L4s in Hyderabad making $18k each plus AI tooling The quality gap closed overnight. Indian teams with Cursor and Claude are shipping features indistinguishable from SF teams at 85% cost savings Accenture's Bangalore office went from 12,000 to 31,000 headcount while their US operations dropped 6,200 people The arbitrage is insane. American mid-level making $140k replaced by Indian senior making $28k who's more productive because they actually use the AI tools instead of complaining about them Cognizant told their US clients: "Same deliverables, same timelines, 70% cost reduction" and enterprise buyers said yes to everything One Fortune 500 moved their entire platform engineering team offshore in October. 23 American engineers averaging $165k replaced by 31 Indian engineers averaging $24k The Indian teams are hungrier. They're learning the AI tools faster. They're not bitter about "being replaced by robots" - they're using the robots to replace American engineers HCL hired 15,000 people in Q3 alone specifically for "AI-augmented development" contracts American engineers spent two years debating whether Copilot would make them obsolete Indian engineers spent two years mastering Copilot to make American engineers obsolete

We finally had @thedawgyg on the pod to talk about his origin story, recent Chrome research and how he optimises his AI workflow, his famous 180K payout on Yahoo and a LOT more. This is an episode we know a lot of people have been looking forward to, check it out! youtu.be/kpFfde3rNFs

What is the problem with CTF ? CTF is a good way to test your hacking skill . You following the clues given in the problem to find a hidden flag can be fun . But it's really not sufficient To be a good hunter . You need to practice your skills in an environment where you are left helpless and you need to build a path your way out. In CTFs you know you are supposed to just find a flag and move on but in real world you are not chasing flags. You chase vulnerabilities. How Warzone helps? Warzone is a specially crafted vulnerable environment designed by Barracks. Where you are provided a vulnerable environment with no clues . You need find your own way and find vulnerabilities. And it's not like normal CTFs you find a flag and never look again . It's a warzone found a vulnerability hunt for the next one. This gives you proper insight how to think as a hunter and you also get to report the vulnerability like a real test report . Your report is assessed by the barracks and it reflects what you need to focus on . And where your skills lacks. If you want to test your real ability, visit app.barracks.army and step into a WarZone. #CyberSecurity #bugbountytip #cyberpunk

🌏 Browser Exploitation 101: A Series of Blog posts for anyone interested in Chrome Browser Exploitation. Part 1: jhalon.github.io/chrome-browser… Part 2: jhalon.github.io/chrome-browser… Part 3: jhalon.github.io/chrome-browser… #infosec

Cloudflare built a Next.js replacement in a week with vibe-coding. We vibe-hacked and found numerous vulnerabilities, multiple critical and high severity. On Cloudflare Workers, one of the bugs leaks one user's session to another by default. hacktron.ai/blog/hacking-c…

This was some really nice research by @zerodaykb from late last year: lab.ctbb.show/research/unico… - this trick can be super useful in secondary contexts!