you can also use the DOM clobbering technique to trigger alert(), I often use this for WAF bypasses, since not many targets implement a custom window object like previous tweet

Thought I’d finish May with 0 triages, but after 25 days of finding nothing, I finally landed one. Routine’s hard when things don’t go your way, but hacking is mostly about showing up and not giving up. Nothing fancy about this bug, just a clean shell, no…

CSRF Multiple POST requests. GitHub Gist: instantly share code, notes, and snippets.

If you want to generate a new window on a webpage, there are probably only two options: one is to embed resources on the same page using tags such as iframe, embed, and object, and the other is to use

Free Article link: Hereeee!!!

From rate limits to no limits: How IPv6's massive address space and a crafty botguard bypass left every Google user's phone number vulnerable

Google Dorking, also known as Google Hacking, is a technique that uses advanced search operators in Google Search to find information that is not easily accessible with normal search terms.

@rez0__ “bug bounty as we know it probably dies.”

Couldn’t of said it better myself tbh. Although I think we are 3-5years away from this. People doing bug bounties full time should be planning for the future (I know I am)