🚨
As of tomorrow I am permanently reducing my course cost by 50% to $100 so more people have access to it and can get those bounties while they are still hot. And yes, they are still hot. The internet is still full of stupid problems waiting to be found for those looking, at least for now...
https://t.co/ZQDJvWYVZb
I suspect we have about 2 years of decent #bugbounty hunting left before most companies have access to and properly leverage the tools like Mythos that effectively replace "most" hackers.
Using the EXACT methods in this course, I found 20+ critical bugs on a target in a matter of hours the other day. Nothing fancy. The internet is just too dang big to fix and patch in a small amount of time, even if AI is finding the bugs. Internal legacy human processes with 500 steps are still bottle-necking remediation.
What the bug bounty world becomes next is anyone's guess. My suspicions, hackers will be paid flat rates for hacking and/or patching targets any way they can (be it AI, manually, or both). So, here's to the next evolution of hacking, which is hopefully round-table LHE's where we all work together on targets to harden them as best as possible, instead of working against each other to try to "be the best hacker".
Re-post for a chance to win 1 of 5 course coupons for a give away on May 14th. I'll have Grok pick the winners.
Stealing Salesforce OAuth Tokens via the WAF: A write-up on SFRA context and escalating XSS to Account Takeover using the WAF as a gadget. Hope you enjoy it
https://t.co/vUNKbjUeWk
Day TWO of FIVE days of celebrating our 2 year ARCANUM-VERSARY! @arcanuminfosec
3rd Giveaway = FOUR seats to our new course by @the_IDORminator "Zero to [BAC] Hero" !
👍 1 Like = 1 Entry!
♻️ 1 Share = 2 Entries!
Winners announced 1/21! Syllabus link below 👇
🎄 Root-XMAS is back! 🎅
Every day, from 1 to 24 December, come and enjoy not chocolates but a new challenge ⚡️
🔥 Level: all
🎁 Prizes to be won for the fastest, the brightest, the most... determined
👉 Register now: https://t.co/isM22ldnaT
Giveaway and new course 🚨
I just released a nuclei course and we have made it a part of our Black Friday bundle. You can get all of our courses for the price of one.
🎁I’ll give some away. All you gotta do is RT & reply with which bundle you want!
https://t.co/U3ijsLW98N
Earlier this year, @infosec_au and I discovered multiple vulnerabilities that allowed us to access the back office admin panel of ClubWPT Gold (the World Poker Tour's website) where we could manage customer data, KYC, and more.
Read the writeup here:
https://t.co/K2402UPWYk