KuiilSec

@vxunderground @HackingDave The new TrustedSec Beacon Object File course 😂🙈👀

Hi, it's tuts-for-nerds giveaway 3. (we gotta move fast, lots of stuff to giveaway). Our friend @HackingDave donated $1,000 to gift to nerds. We'll be gifting $100 worth of stuff to 10 people. Requirements: - Leave a comment with what you want (must be approx. $100/USD, can be multiple items totally $100/USD) - Items requested should be computer related - Preferred if you have PayPal (you can buy the item and we reimburse you, it'll be faster and won't require having your physical access) - Winners will be selected randomly in the next 24 hours. - We will DM winners. - If you do not confirm your win in 24 hours a new winner will be selected - If your DMs are closed, you automatically forfeit your prize Have a nice day

@Regala_ Congrats!

Finally a CVSS I agree on 😌

@albinowax Congrats!

I had planned to present at Black Hat and DEF CON in person, but on Tuesday morning my baby daughter was born six weeks earlier than expected! So, not the ideal time to fly to Vegas. Thankfully she and her mother are recovering well. Hope you enjoyed the recordings, thanks for understanding :)

🚨Coming Soon🚨 Bug Bounty Playbook 3 - Automation #bugbountytips #bugbountytip #BugBounty #infosec #redteam

@HackingDave Happy birthday!

My daughter came to me and gave me a huge hug and wished me a happy birthday. Then she said: "Dad, I hope you know you are the best Dad anyone could ever ask for. You know how to handle every situation, you make us laugh, you are always there for us, you always help us, and we are always safe with you. Best Dad in the world. My friends always expect you to be this mean tough guy based on how you look and when they meet you they are always saying you have the nicest Dad in the world." 🥹🥹

@0xTib3rius BowlingWithBumpersAndChatGPT

Let's imagine I lost it and integrated AI into AutoRecon. What would I rename it? AItoRecon? AutoReconGPT? Something else?

Would help if I linked to the damn tool wouldn't it? 🤪 github.com/Tib3rius/Dynam…

@G0LDEN_infosec blog.huli.tw/en/

Bug Bounty Hunters... Please drop anyone's blog that you have read EVERY article from that you feel as really helped you :) TYTY

@0xTib3rius Happy birthday 🥳

Oh and if you don't think there's gonna be another custom A.I. generated song, you clearly don't know me very well. 😛

@0xTib3rius @PortSwigger

@KuiilSec @PortSwigger Yup. 🫠

Over a decade of unpaid shilling for @PortSwigger finally paid off and they sent me a box. 👀 I'll open it later on stream (~5pm ET).

@intigriti <style>@keyframes slidein {}</style><video style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="'alert\x2823\x29'instanceof{[Symbol.hasInstance]:eval}"></video>

Can you solve this simple XSS challenge? New filters have been applied and patch the previous solutions! Objective: alert-box must popup! 😎 No parenthesis & back ticks allowed!

@GodfatherOrwa The SQLi master at work @GodfatherOrwa

I start hunting on this BMW program 03:00AM in 03:20AM i submitted the first SQL injection Now Iam going to made something new will pickup a 5-15 random hunter from my comments and will try get 5-15 critical/exceptional and invite one collab 50% for each submission

Having a crack at @_JohnHammond’s latest creation on @hackinghub_io got me feeling like

@naglinagli @shockwave_sec Happy birthday!

26 years old today 🎂 officially old 🥲 Hoping for a good year ahead, I definitely set high expectations to achieve for this one, looking forward to replicate the last couple of years traveling & hacking the world with great people, alongside growing @shockwave_sec 🫡

@ADITYASHENDE17 Check for JWT related vulns, (alg:none etc). IDOR to delete members from other teams, parameter pollution to delete people who you shouldn’t be able to delete. Check for other HTTP methods (GET, POST, PUT, PATCH)

WHAT POSSIBLE THINGS YOU CAN DO HERE ? Expecting unique answers #BugBounty DELETE /v1/teams/14538024/members HTTP/1.1 Host: api.site.com Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: api.site.com authorization: Bearer eyJhbGciOiJIUz1NiIsInR5cCI6IkpXVCJ9.yJpZCI6MTQ1MzgwMjQsITE4MDA3LjgzNCwiaWF0IjoxNzEwOTI2MDLjgzNH0.z6GpUt7SMFcrkpHwbcmrjxnZjsXLg content-type: application/json sentry-trace: 0b01d3 Content-Length: 37 {"email":"admin@gmail.com"}

Hi @GodfatherOrwa, are you open for a potential collab? I've shared some details in DM, please check it out to see if it looks interesting to you.

@alp0x01 Nice working with you! Cool chain :)

After some teamwork with @KuiilSec, we managed to bypass it! 🎉 especially, bro did a good job here 🤠@KuiilSec

@CristiVlad25 @PortSwigger Yeah I think it should be possible just like irsdl did for some things with Resharpener, but might take some work.

@KuiilSec @PortSwigger can you?

@CristiVlad25 @PortSwigger Why not add a custom one yourself?