Mantis

So I started a YouTube channel and started an iOS hacking series. Check it out! youtube.com/playlist?list=… I know I sound like a mong on it but hey, just trying to share some knowledge. I want go get out a new video every couple of days! #bugbountytips #bugbounty

CVE PoC Search watchstack.io/intel/poc-sear…

4 days! Absolute piss take 😂

InfoSec: "Running random Docker containers is a massive security risk." The risk: Spawning a native window to play ASCII DOOM at 60fps.

Day 9 of #BugQuest! 🤠 Yesterday, we listed an overview of the primary ways to discover endpoints. Today, we're diving deep into one of the easiest and most overlooked methods: common configuration files. Files like robots.txt and sitemap.xml were designed to help search engines, but they often leak valuable information about application structure, including endpoints not referenced anywhere else on the target. Swipe through to see a few examples of config files to check and what they can reveal! #BugBounty #HackWithIntigriti #BugQuest

Next.js, cache, and chains: The Stale Elixir A nice work by @zhero___ This zero day brought web cache poisoning to the spotlight. His extensive research showed how source code analysis helped him craft a technique that resulted to CVE-2024-46982. Blog link 👇 zhero-web-sec.github.io/research-and-t…

burp-ai-agent v0.4 github.com/six2dez/burp-a…

I finally let Claude do my pentest this week. Full 5-day engagement, zero human input. Here's what the client got: 😏 clawd.it/posts/10-repla… #bugbounty #pentesting #AI #cybersecurity #infosec #claudeai

@hakluke @xnl_h4ck3r 4️⃣ JSAnalyzer JSAnalyzer by @_jensec automatically extracts API endpoints, secrets, URLs, and sensitive files from JS responses, with smart noise filtering to reduce false positives! 🤠 🔗 github.com/jenish-sojitra…

reconftw v4.1 github.com/six2dez/reconf…

Built WinGraph, my new project - a BloodHound-style dependency visualizer for every binary in Windows System32 directory. 4,000+ DLLs, EXEs. Every import. Every export. One interactive graph. Check it out now : wingraph.m0n1x90.dev

Reverse engineering Zomato's Android app: Bypassing SSL pinning to find plain-JSON MQTT credentials @jatin-dot-py/i-reverse-engineered-zomatos-food-rescue-feature-here-s-what-i-found-inside-f7043d3710ee" target="_blank" rel="nofollow noopener">medium.com/@jatin-dot-py/…

🔥This is a continuously updated pentesting wiki by @Six2dez1 offering tools, techniques, cheat sheets, and guides covering recon, enumeration, web, cloud, mobile, Windows/Kerberos, and Burp Suite. Link: github.com/six2dez/pentes…

Using AI to Do Simple Reverse Engineering blog.huli.tw/2026/03/01/en/…

Tired of hitting 403 errors during your security testing?  NoMore403 by @devploit automates bypass techniques to get past those pesky restrictions.  Try it at 👇 github.com/devploit/nomor…

Anyone here big on the @msftsecurity programs? I have a few questions about a bug that I've found

@BuildHackSecure Rigorous? Idk I'm sure there's something there 😂

@BuildHackSecure Repeated Colon Exams? 🤣

What does RCE stand for? ( Wrong answers only )

@_CryptoCat @rapid7 Oh man that's sick! Congratulations!

Couldn't be more excited to announce I'm joining the vulnerability research team at @Rapid7 next week! 🥳 Really looking forward to teaming up with some seriously talented researchers and digging into real-world threats and vulnerabilities. Stay tuned 😎