Rubén Santos García1h ago
OAuth account takeover doesn't need leaked tokens. No state param = CSRF to forced account linking. Loose redirect_uri matching = code theft via open redirect chains. Implicit flow puts tokens in browser history and Referer headers. PKCE bypass when not enforced server-side. SSRF via OpenID dynamic client registration. Six patterns, all with labs. https://www.kayssel.com/newsletter/issue-43/ #OAuth #BugBounty #Pentesting #websecurity #Offsec #InfoSec
OAuth 2.0: Six Ways the Authorization Flow Breaks

Missing state CSRF, redirect_uri hijacking, open redirect code theft, implicit flow token leakage, PKCE bypass, and SSRF via OpenID dynamic client registration

Kayssel
Negative PID SL2d ago

Breaking into offensive security

https://negativepid.blog/breaking-into-offensive-security/

#OffSec #offensiveSecurity #ethicalHacking #redTeam #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid

Breaking into offensive security - Negative PID

Offensive security roles attract people who enjoy thinking creatively, solving puzzles, and understanding systems from the inside out. Whether you want to

Negative PID
Negative PID SL2d ago

How to become a bug bounty hunter

https://negativepid.blog/how-to-become-a-bug-bounty-hunter/

#bugBounty #securityResearch #cybersecurityCareers #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid #offSec

How to become a bug bounty hunter - Negative PID

Many people entering the cybersecurity field believe that the only way to demonstrate their skills to a prospective employer is to hack into their systems.

Negative PID
Negative PID SLMar 19

Open security and OffSec projects

https://negativepid.blog/open-security-and-offsec-projects/

#OpenSource #OffSec #OffensiveSecurity #Cybersecurity #onlineSecurity #Internet #tech #IT #science #STEM #computing #AI #innovation #negativepid

Open security and OffSec projects - Negative PID

Security research is one of the areas where open source has had the deepest and most complex impact. Tools built openly are used to defend critical

Negative PID
Negative PID SLMar 15

Open security and OffSec projects

https://negativepid.blog/open-security-and-offsec-projects/

#OpenSource #OffSec #OffensiveSecurity #Cybersecurity #onlineSecurity #Internet #tech #IT #science #STEM #computing #AI #innovation #negativepid

Open security and OffSec projects - Negative PID

Security research is one of the areas where open source has had the deepest and most complex impact. Tools built openly are used to defend critical

Negative PID
payloadforgeFeb 25
War diary from LLM-assisted pentesting. Needed a vulnerable Eclipse Che instance for my Metasploit PR (CVE-2025-12548). Asked Grok 4 and Claude Sonnet 4.6 — both confidently wrong in different ways. Phantom CLI flags, CrashLoopBackOffs, invisible trailing newlines.
The fix came from plain old human debugging instinct, not a clever prompt.
https://payloadforge.io/i-asked-two-ais-to-help-me-set-up-a-test-environment-heres-what-actually-happened/
#Metasploit #OffSec #ExploitDev #LLM
I Asked Two AIs to Help Me Set Up a Test Environment. Here's What Actually Happened.

Payload Forge
Hack in Days of Future PastFeb 9

If Claude Can Find serious cybersecurity Bug, Who Collects the Bounty?

Bug bounty programs vs. $20/month reasoning — when the brutal question becomes: why pay five-figure bounties if a Claude Code subscription already finds entire classes of bugs? #BugBounty #VulnerabilityResearch #OffSec #AppSec #Infosec #AI #LLM #SecurityResearch #CyberSecurity https://red.anthropic.com/2026/zero-days/

0-Days \ red.anthropic.com

postmodernJan 17

What are people's favorite JavaScript packer/minifier/compiler?

#javascript #obfuscation #packer #offsec #redteam

postmodernJan 13

If you're writing a tiny self-hosted web app for offensive security purposes or for application testing purposes, do you care if the web server/framework checks if there's a Host: header and that it matches the host/IP the HTTP server is listening on? Would you prefer Host: header validation be disabled by default or left on?

#websec #offsec #appsec

yes, `Host:` should always match the host/IP the HTTP server is listening on
12.5%
only if I explicitly defined the allowed hosts
62.5%
too annoying, disable it by default
25%
Poll ended at .
Negative PID SLJan 4

If you're considering offensive security as your next step in your career, there are a few certifications that are the gold standard in the industry. We compared CEH, OSCP, and GPEN to help you decide what's best for you.

#cybersecurity #certifications #offsec

https://negativepid.blog/breaking-into-offensive-security/
https://negativepid.blog/breaking-into-offensive-security/

Breaking into offensive security - Negative PID

Offensive security roles attract people who enjoy thinking creatively, solving puzzles, and understanding systems from the inside out. Whether you want to

Negative PID