ph0r3nsic 🕷️

A channel dedicated to cybersecurity — sharing daily updates, insights, and powerful tools from the infosec world. Instead of keeping interesting links and resources to myself, I decided to share them with the community — helping others discover great reads and useful tools. 👇🏻

Very good points The state of Bug Bounty in 2026 aituglo.com/state-of-bug-b…

@the_IDORminator And you can use this to find new directories: x.com/ph0r3nsic/stat…

Found an interesting path traversal by manually tinkering. I was getting blocked by software filtering, then by WAF. This bypassed both. #bugbountytips Instead of: page.php?file=\..\..\..\..\dir1\dir2\dir3\dir4\fileName.ext Try: page.php?file=\.\..\.\\.\..\.\\.\..\.\\.\..\.\dir1\dir2\dir3\dir4\fileName.ext For whatever reason, this bypassed both software and WAF controls. May be a fringe thing but worth adding to your traversal checklists. Having the slashes the wrong direction and intermixing with single dots and double slashes caused (I'm guessing regex) to have an aneurysm.

It's true: today you create the most powerful tool. Tomorrow, it becomes the simplest tool.

@bsysop /.claude/settings.json "effortLevel": "max"

AI Tuning TIP: Many people change the model but leave effort untouched, missing a big part of the tuning. The effort setting controls how much reasoning the model applies. Low -> faster responses Medium -> balanced (default) High -> better for complex problems #AI #BugBounty

@busf4ctor Good Job bro!

It's finally out there! We’ve been planning this for a while, and honestly, it’s just the start. Keep an eye out for the blog posts we’re dropping soon because they’re basically a playbook on how to make a killing on AI targets in bug bounty.

Simple trick to iframe sandbox wallesonmoura.com.br/2026/01/21/tri… #iframe #sandbox #bugbounty #bugbountytips

Telegram: t.me/ph0r3nsicNotes

A channel dedicated to cybersecurity — sharing daily updates, insights, and powerful tools from the infosec world. Instead of keeping interesting links and resources to myself, I decided to share them with the community — helping others discover great reads and useful tools. 👇🏻

Carefully curated links, not just random blog updates — saving powerful chains you can revisit anytime! Stay sharp and grow with the ethical hacking community. Discord: discord.gg/58eFp42PQm

If you have an LFI (Local file include), you can discovery internal paths with this technique: #bugbountytips

Yay, I was awarded a $3,000 bounty on @Hacker0x01! hackerone.com/ph0r3nsic #TogetherWeHitHarder

@samwcyo @iangcarroll Good work, simple and impactful

When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We (@iangcarroll and I) discovered a vulnerability that could allow an attacker to access the over 64 million chat records using the password "123456". ian.sh/mcdonalds

@arthurair_es @infinitelogins WHAT??? husahusahusauh

@infinitelogins @ph0r3nsic

Just imported a fresh list of users to the #Disclosed Hacker Directory! Check to see if your account is there. If you want an account and don't have one, make sure to subscribe to the newsletter and fill out the onboarding survey (link in thread).

root. for. your. friends. 🤼 it's more than a phrase, it's a deeply held belief. it's way of living, really. if you want to reject jealousy and thrive in your work and relationships, check out my latest blog post.

Bug hunters, level up with GBRlink! 🔍 - Advanced link analysis - Subdomain takeover detection - Registrable domain mapping - Get 20% off with STARTER0325. Join now: deeplooklabs.com/gbrlink #bugbounty #bugbountytips

F

If you can get UUID of users in NBA program, ping me to collab :) #BugBounty

A hunter shares exact stats and earnings of his first 12 months of hunting feat. @shreyas_chavhan #bugbounty #bugbountytips #bugbountyhunter

Medusa by @Ch0pin is a game-changer for mobile bug hunters 📱🕵️ With its FRIDA-powered framework, you can automate tasks like bypassing SSL pinning, tracing function calls, and modifying app behaviour in real time. Perfect for uncovering vulnerabilities in Android & iOS apps! 🔍 Check it out 👉 github.com/Ch0pin/medusa #BugBountyTips #YesWeRHackers

Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here: portswigger.net/polls/top-10-w…