الكود ريفيو دايمًا بكسب. 🙏🤣
مرة وأنا شغال على Target، كنت بعمل Fuzzing على كل الـ Paths، وبعدها أعيد نفس الـ Requests لكن أغيّر الـ Host لـ 127.0.0.1، خصوصًا لو IP ما دومين
بالصدفة لقيت الـ Response رجّع لي Headers زيادة، ومن ضمنها X-Clockwork-ID
قلت أمشي أشوف الحكاية دي شنو… كتبتها في Google، طلع Header تابع لمكتبة Clockwork بتاعة PHP Debugging
عملت Stack قريب من الـ Target
(Laravel + Clockwork)، وقعدت أحاول أفهم ليه مجرد تغيير الـ Host خلّى الـ Headers تختلف
بعد شوية Code Review، لقيت السر 🤣
في Middleware فيها Function اسمها isEnabled(). لو Clockwork ما مفعلة او null من الـ config.php، بتشيك إذا الـ Request جاي من localhost، ولو لقتو كده… بتشغل نفسها براها
وصلت عن طريقها لـ Laravel Telescope
عموماً دا اختصار عن الـ writeup التحت دا
https://t.co/ZfvEMDVD3s
You can now run full Windows inside a Docker container.
- 129.7 MiB image
- KVM hardware acceleration
- Web-based viewer
This is actually insane.
Legacy apps, testing, isolated environments,,
- https://t.co/8Crqs7skqW
I earned $6,000 for an SSO bypass in @Hacker0x01 !
💡Tip:
Always test authentication endpoints with encoded whitespace. A simple %20 (trailing space) bypassed SSO completely and fell back to the legacy login flow.
The Issue:👇
The application normalized input after checking for SSO eligibility. By appending an encoded space to the email parameter, the check failed and the request was routed to the standard auth flow.
#bugbountytips #hackerone
Hello guys،
Do you want to Bypass all production EDR ?
Read my new research to enjoy in kicking EDRs defenses.
https://t.co/Y0QMWXM9GZ
The proof-of-concept implementation is available at https://t.co/CAUeRcumK5
#Maldev
Just released the Ultimate IDOR Testing Checklist 🧩
I combined techniques from many sources to cover IDOR scenarios.
Know a technique I missed? Drop it in the comments.
Notion:
https://t.co/Sfc0MbrTeX
GitHub:
https://t.co/WrRA6GDodC
#bugbountytips#IDOR#AppSec#InfoSec
Add `/faketoken` to your wordlist
While fuzzing API endpoints, found a dev-only debug route "faketoken" left exposed in production. It returns a valid JWT for any registered user, just by supplying their mobile number (no auth, no OTP) - 0 Click ATO.
#Bugbountytips
Noise, hysteria, confusion, and AI slop surround CVE-2026-35273 - we believe this is the first-stage SSRF in the Oracle PeopleSoft RCE chain being flung around.
We will share the full chain when we feel the time is right, and when we're bored of the vibecoded PoCs.
Speak soon.
Hey everyone! After rep+, I built a new Chrome extension for access-control testing. Capture two logins, browse as one, and it silently replays every request as the other user + unauthenticated, then diffs the responses to flag IDOR / BOLA / BFLA. No Burp, no proxy. Try it 👇
Google's new algorithm just shrunk 31GB of memory down to 4GB 🤯
TurboVec is a new open-source tool that stores the data your AI app searches through, using 16x less memory.
It runs on Google's TurboQuant, which skips the slow setup step every other tool needs.
→ Faster search than the popular alternative (FAISS)
→ Works on both Mac and standard servers
→ Narrow results to exactly what you want
→ Plugs straight into LangChain and LlamaIndex
Your data never leaves your machine. Runs fully offline, works with Python out of the box.
100% Open Source.
Manually pasting your collaborator URL into every input field is👉 dead.
The https://t.co/QzZGLOjipz Firefox extension scans the page, injects your payload into all of them in ONE click, then streams callbacks live — HTTP, DNS, XSS, SMTP — with impact scoring.
Demo on a jobs-portal : a candidate registers, every field auto-injected, nothing looks wrong. Then an admin opens the user list → the stored payload fires silently from THEIR session → callback hits the dashboard instantly.
3 min demo 👇 you'll want this in your recon flow
#bugbounty #recon #infosec #bugbountytips #hackerone #yeswehack #cybersecurity #pentest #websecurity