US-Iran history they don’t teach you:
On this day in 1988, the US warship USS Vincennes shot down Iran Air Flight 665 with two surface to air missiles, killing all 290 passengers on board.
The US refused to issue an official apology or acknowledged wrongdoing, and official investigations were treated as an afterthought.
Months after the tragedy on the campaign trail, President George H. W. Bush said “I will never apologise for the United States. I don’t care what the facts are.”
Remember when Minister Umahi dismissed journalist Laila Salami’s request for the environmental impact assessment for Coastal highway?
Lagos is a sinking city & weak environmental governance accelerates this reality.
When your government is led by an O-
"Match & Replace is one of the most underrated features in HTTP proxies."
- a guy who used it at a live hacking event to earn a $20k bounty
What's the biggest vuln you've found with a Caido workflow?
The ONLY tip you need if you’re starting from zero.
@the_IDORminator gives solid advice on how you can get STARTED hacking without spending a dime. 😎
Check it out! 👇
https://t.co/aNx4pOuVEW
TokenTwin Checker is a Burp Suite extension designed to automate authorization testing across multiple authenticated users. It helps security researchers and bug bounty hunters quickly identify Broken Access Control (BAC), IDOR, and horizontal privilege escalation vulnerabilities by replaying requests using different authentication contexts.
Resource: https://t.co/caG4ghUF1t
This bootcamp is your ticket to:
1. Build an agent that actually has real economic capabilities and earning potential.
2. Compete for a $5000 prize pool.
3. Potential fast-tracking to Stage 2 of our $1M grants program: https://t.co/d89PNnCUvk
It's been exactly 1month and 4days since I renewed my @MTNNG FibreX Subscription (N30,000) and I have not gotten value for my money. I have been left stranded without Internet connection and @MTNNG is not ready to resolve it.
@fccpcnigeria@bosuntijani@NgComCommission
Param Miner brute forces header and parameter names in the background while you browse - and reports everything it finds in the All Issues tab.
This is great for uncovering cache poisoning bugs, like in the example below!
Check out Tomas' post and article on hacking Google using Git integrations. One of these reports even won him Most Valuable Hacker (MVH) at Google's bugSWAT event in Vegas last year!
Last Thursday night I ran out of fuel on Third Mainland Bridge, 11pm, Phone at 2%, No power bank… I want to tell you what happened next.
I pushed the hazard lights on and sat in the car trying to think, Cars were flying past me, Nobody slowed down… Not one person…
🧵1/2 A must watch Playlist on Secure Code Review for BEGINNERS:
Language is Python & this playlist focuses on vulnerabilities like XXE, Command Injection, SQL Injection, XSS and more.
👇full playlist and youtube channel
Password resets? Try these:
- Host header poisoning
- Param pollution via duplicate identifiers
- Brute-forcible token
- Token leak to 3rd party via Referer
- Inbox bombing
- Token not invalidated after use
- Token reflected in response
- User enumeration
What else?