Alonso Caballero / ReYDeSMar 24
🥊 ¡Cero teoría aburrida, 100% acción con laboratorios! 🧪 Explotaremos DVWA para vivir la experiencia de un Pentester profesional. ¿Estás listo para el reto? 💻 ¡30% de Descuento! 📲 WhatsApp: https://wa.me/51949304030 🌎 https://www.reydes.com/e/Curso_Fundamentos_de_Hacking_Web #cyberattack #vulnerability #penetrationtesting #websecurity #webappsec #hacking #ethicalhacking
DaveMar 18

Published the writeup for the authenticated SQL injection vulnerability in Kanboard - CVE-2026-33058.

https://0dave.ch/posts/cve-2026-33058/
https://www.cve.org/CVERecord?id=CVE-2026-33058
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh

#webappsec #cve #sqli

Kanboard CVE-2026-33058 Writeup

Walkthrough of the discovery of an authenticated SQL injection in Kanboard version <= 1.2.50 tracked as CVE-2026-33058

0dave
OffSequenceFeb 28
🚨 CVE-2026-28411: CRITICAL auth bypass in LabRedesCefetRJ WeGIA (<3.6.5) via unsafe extract() on $_REQUEST. Full admin compromise risk. Upgrade to 3.6.5+ now! More: https://radar.offseq.com/threat/cve-2026-28411-cwe-288-authentication-bypass-using-7167a2c8 #OffSeq #Vuln #WebAppSec #PHP
kingthorin_rmFeb 17

I wrote a Blog post about combining ZAP with CyberChef.

#AppSec #WebAppSec #BugBountyTips

https://www.zaproxy.org/blog/2026-02-17-encoder-cyberchef-via-scripts/

Using ZAP's Encode/Decode/Hash Add-on with CyberChef via Encode/Decode Scripts

Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.

ZAP
kingthorin_rmFeb 11

@zaproxy Released add-ons today:

GraphQL ➡️ Fixes the optional integration with the Tech Detection add-on which had been failing.

OpenAPI ➡️ Re-enables Swagger Secret Detector Script Scan Rule, the JS Engine memory leak has been addressed.

#AppSec #DevSecOps #WebAppSec #BugBountyTips

kingthorin_rmJan 26

Please go sign this 🇨🇦 Federal petition to establish a mandatory secure coding policy for the government of Canada:

https://www.ourcommons.ca/petitions/en/Petition/Details?Petition=e-7115

🍁

#SDLC #AppSec #WebAppSec

Petition e-7115 - Petitions

meshcodeJan 12

Stay connected.
Join me on heroic intelligence quests!

Do you feel a need to understand what is worthy of news personally and globally?

Map your life using top #security doctrines from the foundations up.
Let me introduce you to information gathering techniques from the overlap of research into Consciousness and Internet Technologies.

Included are selected map previews and trendy Cyber Security oriented deliverables from my specialization.

Welcome to the "Heroic Intelligence Map Guild" on Skool.

https://www.skool.com/deep-security-maps-lab-4515

#Mapping #Intelligence #Consciousness #Technology #ModernWestern #Skool #course #InfoSec #CyberSec #Alignment #WebAppSec #Vulnerability #RiskManagement #MindMap

First Tier courses available.

Heroic Intelligence Map Guild

For those on a treasure quest.

kingthorin_rmDec 12

Hey Fediverse. Can you get @zaproxy to 15k ⭐️?

#OpenSource #DAST #AppSec #WebAppSec #ITSec #CyberSec #PenTest #BugBountyTips

Current Stars 14500

https://github.com/zaproxy/zaproxy

Michael GarwegSep 12, 2025

I completed the Web Security Academy lab:
2FA simple bypass

#authentication_bypass #WebAppSec
https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-simple-bypass

Lab: 2FA simple bypass | Web Security Academy

This lab's two-factor authentication can be bypassed. You have already obtained a valid username and password, but do not have access to the user's 2FA ...

Michael GarwegAug 31, 2025

I just completed the Web Security Academy lab:

Authentication bypass via OAuth implicit flow

#AuthenticationBypass #WebAppSec #Cybersecurity

https://portswigger.net/web-security/oauth/lab-oauth-authentication-bypass-via-oauth-implicit-flow

Lab: Authentication bypass via OAuth implicit flow | Web Security Academy

This lab uses an OAuth service to allow users to log in with their social media account. Flawed validation by the client application makes it possible for ...