Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training

Buy Me Coffee:
https://www.buymeacoffee.com/nahamsec

Live Every Sunday on Twitch:
https://twitch.tv/nahamsec

Free $100 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b

Follow me on…

My small collection of reports templates (This is a fork of orignal repo from https://github.com/gwen001/BB-datas) - jaikishantulswani/bb-reports-templates

Possible RCE and denial-of-service issue discovered in Kafka Connect

1337 Wordlists for Bug Bounty Hunting. Contribute to 0xPugal/fuzz4bounty development by creating an account on GitHub.

An XSS exploitation command-line interface and payload generator. - t3l3machus/toxssin

Hello, welcome to my new article, this article will talk about a vulnerability called XXE - XML external entity injection.
First, let me…

This blog post explores a CRLF injection vulnerability in the Location header of an HTTP response and how it could be used to chain it with other attacks.

Hello Snapchat,
Snapchat has viral video feature callled spotlight which alone was the biggest trend and increase snapchat users and profit in millions.
I found a way to delete anyone's spotlight...

Security advisory at https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g86r-x755-93f4

A Bash script and Docker image for Bug Bounty reconnaissance. Intended for headless use. - chvancooten/BugBountyScanner

Android Bug Hunting. Contribute to themultimind/Android-Pentesting development by creating an account on GitHub.

Welcome to a 5 part series on Recon with ProjectDiscovery! * Part 1 * Part 2 * Part 3 * Part 4 * Part 5 *

Subdomain enumeration is an essential reconnaissance technique in the fields of penetration testing and bug bounty hunting. In this part of our series…

Server-side prototype pollution is hard to detect black-box without causing a DoS. In this post, we introduce a range of safe detection techniques, which we've also implemented in an open source Burp