Ruyynn | OSINT & PentestingMay 3

Unpopular opinion:

HTTP Request Smuggling isn’t just a “cool technical bug”.

It’s a design-level issue caused by inconsistent HTTP parsing across layers.

CL.TE and TE.CL aren’t the root cause — they’re symptoms.

As long as frontends and backends interpret request boundaries differently, this class of bugs will keep coming back.

Deep dive 👇

https://coderlegion.com/16431/understanding-http-request-smuggling-beyond-the-basics

#RequestSmuggling #WebAppSec #Infosec

Understanding HTTP Request Smuggling Beyond the Basics

HTTP Request Smuggling is often described as a technique to bypass WAFs or exploit parsing inconsistencies. That explanation is technically correct, but incomplete. The real issue is not about crafted payloads. It is about how different components in...

Coder Legion
Ruyynn | OSINT & PentestingApr 20

🔓 Weak JWT secrets are still happening in production in 2024.

If your target uses JWT, try:
1. Decode at jwt.io — check algo & claims
2. Change algo to "none" → send without signature
3. Brute force the secret using hashcat:

hashcat -a 0 -m 16500 <jwt> /wordlist

Tool: jwt_tool by ticarpi — supports many JWT attack vectors at once.

You'll be surprised how many still use the secret "password" or "secret123".

#jwt #webappsec #pentesting

Alonso Caballero / ReYDeSMar 24
🥊 ¡Cero teoría aburrida, 100% acción con laboratorios! 🧪 Explotaremos DVWA para vivir la experiencia de un Pentester profesional. ¿Estás listo para el reto? 💻 ¡30% de Descuento! 📲 WhatsApp: https://wa.me/51949304030 🌎 https://www.reydes.com/e/Curso_Fundamentos_de_Hacking_Web #cyberattack #vulnerability #penetrationtesting #websecurity #webappsec #hacking #ethicalhacking
DaveMar 18

Published the writeup for the authenticated SQL injection vulnerability in Kanboard - CVE-2026-33058.

https://0dave.ch/posts/cve-2026-33058/
https://www.cve.org/CVERecord?id=CVE-2026-33058
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh

#webappsec #cve #sqli

Kanboard CVE-2026-33058 Writeup

Walkthrough of the discovery of an authenticated SQL injection in Kanboard version <= 1.2.50 tracked as CVE-2026-33058

0dave
OffSequenceFeb 28
🚨 CVE-2026-28411: CRITICAL auth bypass in LabRedesCefetRJ WeGIA (<3.6.5) via unsafe extract() on $_REQUEST. Full admin compromise risk. Upgrade to 3.6.5+ now! More: https://radar.offseq.com/threat/cve-2026-28411-cwe-288-authentication-bypass-using-7167a2c8 #OffSeq #Vuln #WebAppSec #PHP
kingthorin_rmFeb 17

I wrote a Blog post about combining ZAP with CyberChef.

#AppSec #WebAppSec #BugBountyTips

https://www.zaproxy.org/blog/2026-02-17-encoder-cyberchef-via-scripts/

Using ZAP's Encode/Decode/Hash Add-on with CyberChef via Encode/Decode Scripts

Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.

ZAP
kingthorin_rmFeb 11

@zaproxy Released add-ons today:

GraphQL ➡️ Fixes the optional integration with the Tech Detection add-on which had been failing.

OpenAPI ➡️ Re-enables Swagger Secret Detector Script Scan Rule, the JS Engine memory leak has been addressed.

#AppSec #DevSecOps #WebAppSec #BugBountyTips

kingthorin_rmJan 26

Please go sign this 🇨🇦 Federal petition to establish a mandatory secure coding policy for the government of Canada:

https://www.ourcommons.ca/petitions/en/Petition/Details?Petition=e-7115

🍁

#SDLC #AppSec #WebAppSec

Petition e-7115 - Petitions

meshcodeJan 12

Stay connected.
Join me on heroic intelligence quests!

Do you feel a need to understand what is worthy of news personally and globally?

Map your life using top #security doctrines from the foundations up.
Let me introduce you to information gathering techniques from the overlap of research into Consciousness and Internet Technologies.

Included are selected map previews and trendy Cyber Security oriented deliverables from my specialization.

Welcome to the "Heroic Intelligence Map Guild" on Skool.

https://www.skool.com/deep-security-maps-lab-4515

#Mapping #Intelligence #Consciousness #Technology #ModernWestern #Skool #course #InfoSec #CyberSec #Alignment #WebAppSec #Vulnerability #RiskManagement #MindMap

First Tier courses available.

Heroic Intelligence Map Guild

For those on a treasure quest.

kingthorin_rmDec 12

Hey Fediverse. Can you get @zaproxy to 15k ⭐️?

#OpenSource #DAST #AppSec #WebAppSec #ITSec #CyberSec #PenTest #BugBountyTips

Current Stars 14500

https://github.com/zaproxy/zaproxy