So.... reconFTW v2.5 out today!

- In this release, I've recovered ProjectDiscovery.io 's subfinder as many ppl prefer it
- New vars added to cfg file to choose amass or subfinder
- If you find your DNS resolution was acting weird now it's fixed!

Full changes:
github.com/six2dez/reconf…

See how Ben Sadeghipour utilizes IPinfo's ASN API to discover additional subdomains that can easily be missed during enumeration.

1️⃣ Find a company's ASN using IPinfo
2️⃣ Enumerate additional subdomains using the ASN's IP ranges.

Here's how👇

youtube.com/watch?v=6rKHTP…

KILL, F, MARRY:

- ZAP
- Burp
- Caido

Discuss 👇🏽😂

Me and Justin Gardner's DEFCON 30 talk is now on YouTube!!! Crossing the KASM -- A Webapp Pentesting Story youtu.be/NwMY1umhpgg

Repurposing my camera bag today

Any hackers in Amsterdam to grab a drink or coffee tomorrow?

☁️In the era of digital transformation, assets are highly dynamic and often difficult to detect and monitor using traditional approaches.

👇Find out how Hadrian helps organizations to discover, classify and assess the risk profile of critical assets
bit.ly/3D8yKt6

When you hear “bug bounty hacker” who comes to mind?

#Recon - Good content from Nahamsec 💪

If you choose the free method in the video, check the Organization field in the domain certificate 😉

Finding Every Domain for a Company
📹: Ben Sadeghipour
Good way to expand Attack Surface!
📺➡️ youtu.be/yffOjRhvhZw

when a brand new bug bounty program launches

Continuous shooting can be heard from Evin prison and fire and smoke can be seen.
The lives of Evin prisoners are in danger.

#مهسا_امینی #زندان_اوین #MahsaAmini

🚀 Ben Sadeghipour is giving a live virtual talk today at Security@! Join the live stream at 1.15 PM PST to learn about ‘Modernizing Attack Surface Management with Hadrian’!
HackerOne #SecurityAt2022
securityat.hackerone.events/2022/live-stre…

Zurich was a success. Do I have any hacker friends in Geneva/Lausanne?

I've found this company's admin panel through Shodan. It's behind htpasswd but when I push cancel it load the entire admin panel and dumps data. I'm pretty sure I can also modify data and send a notification to all their users.

How do you mess htpasswd up so bad?? 🥴

Last week in my poll you asked for some more technical content. Here is a quick braindump of my postMessage testing methodology which has landed some great bugs over the past few live hacking events. Enjoy!
rhynorater.github.io/postMessage-Br…