0xacb
@0xacb.com
Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm.
Co-founder @ethiack.com
https://0xacb.com
Co-founder @ethiack.com
https://0xacb.com
Find out if a GraphQL Endpoint is vulnerable to DoS, CSRF or Information disclosure 👇
GitHub - dolevf/graphql-cop: Security Auditor Utility for GraphQL APIs
Security Auditor Utility for GraphQL APIs. Contribute to dolevf/graphql-cop development by creating an account on GitHub.
github.com
December 26, 2025 at 5:46 PM
Find out if a GraphQL Endpoint is vulnerable to DoS, CSRF or Information disclosure 👇
Do you know you could fingerprint technologies right from the terminal? 🕵️♂️
The -td flag of httpx enables Wappalyzer-based detection to identify underlying technologies like CMS, web frameworks, and programming languages.
The -td flag of httpx enables Wappalyzer-based detection to identify underlying technologies like CMS, web frameworks, and programming languages.
December 19, 2025 at 3:30 PM
Do you know you could fingerprint technologies right from the terminal? 🕵️♂️
The -td flag of httpx enables Wappalyzer-based detection to identify underlying technologies like CMS, web frameworks, and programming languages.
The -td flag of httpx enables Wappalyzer-based detection to identify underlying technologies like CMS, web frameworks, and programming languages.
The AI-powered ffuf wrapper by rez0 just got a cool update, it now generates contextual wordlists!
Instead of just suggesting extensions, ffufai can analyze your target and create custom wordlists for fuzzing. Use --wordlists to enable it.
Check it out:
Instead of just suggesting extensions, ffufai can analyze your target and create custom wordlists for fuzzing. Use --wordlists to enable it.
Check it out:
GitHub - jthack/ffufai: AI-powered ffuf wrapper
AI-powered ffuf wrapper. Contribute to jthack/ffufai development by creating an account on GitHub.
github.com
December 8, 2025 at 1:03 PM
The AI-powered ffuf wrapper by rez0 just got a cool update, it now generates contextual wordlists!
Instead of just suggesting extensions, ffufai can analyze your target and create custom wordlists for fuzzing. Use --wordlists to enable it.
Check it out:
Instead of just suggesting extensions, ffufai can analyze your target and create custom wordlists for fuzzing. Use --wordlists to enable it.
Check it out:
While playing the Hack.lu CTF 2025 with xSTF team, I was able to solve a 0day challenge: a new bypass for a previous Grafana CVE, resulting in XSS and Account Takeover!
Read my technical deep dive👇
Read my technical deep dive👇
Grafana CVE-2025-6023 Bypass: A Technical Deep Dive
How do you secure one of Europe’s largest universities against endless cyber threats? Discover how Universidade do Porto and Ethiack turned a sprawling, exposed attack surface into a controlled and proactive cybersecurity stronghold.
blog.ethiack.com
November 27, 2025 at 2:04 PM
While playing the Hack.lu CTF 2025 with xSTF team, I was able to solve a 0day challenge: a new bypass for a previous Grafana CVE, resulting in XSS and Account Takeover!
Read my technical deep dive👇
Read my technical deep dive👇
If you need to generate a target-specific wordlist, make sure to check out @xnl_h4ck3r GAP extension.
It will scan for sus parameters and generate you a complete wordlist with one click of a button. See it in action 👇
It will scan for sus parameters and generate you a complete wordlist with one click of a button. See it in action 👇
November 26, 2025 at 4:04 PM
If you need to generate a target-specific wordlist, make sure to check out @xnl_h4ck3r GAP extension.
It will scan for sus parameters and generate you a complete wordlist with one click of a button. See it in action 👇
It will scan for sus parameters and generate you a complete wordlist with one click of a button. See it in action 👇
When looking for postMessage vulnerabilities, the FancyTracker Firefox extension can be very useful.
It has built-in syntax highlighting and sortes out duplicates. Check it out 👇
https://github.com/Zeetaz/FancyTracker-FF
And the original for Chrome: https://github.com/fransr/postMessage-tracker
It has built-in syntax highlighting and sortes out duplicates. Check it out 👇
https://github.com/Zeetaz/FancyTracker-FF
And the original for Chrome: https://github.com/fransr/postMessage-tracker
November 25, 2025 at 12:03 PM
When looking for postMessage vulnerabilities, the FancyTracker Firefox extension can be very useful.
It has built-in syntax highlighting and sortes out duplicates. Check it out 👇
https://github.com/Zeetaz/FancyTracker-FF
And the original for Chrome: https://github.com/fransr/postMessage-tracker
It has built-in syntax highlighting and sortes out duplicates. Check it out 👇
https://github.com/Zeetaz/FancyTracker-FF
And the original for Chrome: https://github.com/fransr/postMessage-tracker
Want to learn about how a fascinating XSS vulnerability found by @ethiack engine led to an interesting rabbit hole of bypassing WAFs and parameter injection?
Read the blog post here 👇
Read the blog post here 👇
Bypassing WAFs for Fun and JS Injection with Parameter Pollution
Technical deep dive into bypassing a strict Web Application Firewall using HTTP Parameter Pollution, leveraging multi-parameter payload splitting to achieve JavaScript injection and evade detection.
blog.ethiack.com
November 24, 2025 at 2:03 PM
Want to learn about how a fascinating XSS vulnerability found by @ethiack engine led to an interesting rabbit hole of bypassing WAFs and parameter injection?
Read the blog post here 👇
Read the blog post here 👇
When doing recon, if you have a file with a bunch of URLs, you can use @xnl-h4ck3r.bsky.social's urless tool to declutter and reduce the amount of noise in the results.
Check it out here 👇
https://github.com/xnl-h4ck3r/urless
Check it out here 👇
https://github.com/xnl-h4ck3r/urless
November 19, 2025 at 10:36 AM
When doing recon, if you have a file with a bunch of URLs, you can use @xnl-h4ck3r.bsky.social's urless tool to declutter and reduce the amount of noise in the results.
Check it out here 👇
https://github.com/xnl-h4ck3r/urless
Check it out here 👇
https://github.com/xnl-h4ck3r/urless
When faced with a GraphQL endpoint, make sure to run it through amrelsagaei's GraphQL Caido Analyzer plugin.
It will try to expose the server's schema using Introspection queries & you can run custom attacks to test the batch query limit, field suggestions, etc.
It will try to expose the server's schema using Introspection queries & you can run custom attacks to test the batch query limit, field suggestions, etc.
November 17, 2025 at 9:37 AM
When faced with a GraphQL endpoint, make sure to run it through amrelsagaei's GraphQL Caido Analyzer plugin.
It will try to expose the server's schema using Introspection queries & you can run custom attacks to test the batch query limit, field suggestions, etc.
It will try to expose the server's schema using Introspection queries & you can run custom attacks to test the batch query limit, field suggestions, etc.
When testing GraphQL APIs make sure to run graphw00f (https://github.com/dolevf/graphw00f) to fingerprint the specific GraphQL implementation the application is running. Then you can review the Threat Matrix to get likely attack vectors.
November 10, 2025 at 11:53 AM
When testing GraphQL APIs make sure to run graphw00f (https://github.com/dolevf/graphw00f) to fingerprint the specific GraphQL implementation the application is running. Then you can review the Threat Matrix to get likely attack vectors.
If you still haven't: set up a JS file monitor to send you notifications via Telegram or Slack every time your target app JavaScript gets updated, a great way to stay on top of updates 👾
https://github.com/robre/jsmon
There's also a fork with Discord support:
https://github.com/robre/jsmon
There's also a fork with Discord support:
GitHub - seczq/jsmon: a javascript change monitoring tool for bugbounties
a javascript change monitoring tool for bugbounties - GitHub - seczq/jsmon: a javascript change monitoring tool for bugbounties
github.com
November 7, 2025 at 9:38 AM
If you still haven't: set up a JS file monitor to send you notifications via Telegram or Slack every time your target app JavaScript gets updated, a great way to stay on top of updates 👾
https://github.com/robre/jsmon
There's also a fork with Discord support:
https://github.com/robre/jsmon
There's also a fork with Discord support:
If you found a package.json file in the wild, you might find some internal packages vulnerable to a dependency confusion attack 👀
Check for it quicker using this cool new tool by JSMon: https://app.jsmon.sh/tools/npm-validator 👇
Check for it quicker using this cool new tool by JSMon: https://app.jsmon.sh/tools/npm-validator 👇
November 6, 2025 at 10:07 AM
If you found a package.json file in the wild, you might find some internal packages vulnerable to a dependency confusion attack 👀
Check for it quicker using this cool new tool by JSMon: https://app.jsmon.sh/tools/npm-validator 👇
Check for it quicker using this cool new tool by JSMon: https://app.jsmon.sh/tools/npm-validator 👇
Looking into a potential SSRF or OR but the server checks against a URL whitelist?
Try the backslash trick! Due to a difference in URL specifications, some parsers will treat '\' the same as '/', while others will not.
Here's an example payload: https://<attacker-url>\@<whitelisted-url>/
Try the backslash trick! Due to a difference in URL specifications, some parsers will treat '\' the same as '/', while others will not.
Here's an example payload: https://<attacker-url>\@<whitelisted-url>/
November 4, 2025 at 9:37 AM
Looking into a potential SSRF or OR but the server checks against a URL whitelist?
Try the backslash trick! Due to a difference in URL specifications, some parsers will treat '\' the same as '/', while others will not.
Here's an example payload: https://<attacker-url>\@<whitelisted-url>/
Try the backslash trick! Due to a difference in URL specifications, some parsers will treat '\' the same as '/', while others will not.
Here's an example payload: https://<attacker-url>\@<whitelisted-url>/
Tomorrow I'll be speaking at https://lisbonai.xyz
We're building faster than ever with AI. But are we building securely?
I'll show how agents can perform penetration testing and introduce Hackian: an autonomous agent that identifies vulnerabilities before attackers do.
We're building faster than ever with AI. But are we building securely?
I'll show how agents can perform penetration testing and introduce Hackian: an autonomous agent that identifies vulnerabilities before attackers do.
November 3, 2025 at 12:37 PM
Tomorrow I'll be speaking at https://lisbonai.xyz
We're building faster than ever with AI. But are we building securely?
I'll show how agents can perform penetration testing and introduce Hackian: an autonomous agent that identifies vulnerabilities before attackers do.
We're building faster than ever with AI. But are we building securely?
I'll show how agents can perform penetration testing and introduce Hackian: an autonomous agent that identifies vulnerabilities before attackers do.
Reposted by 0xacb
Just had an amazing time working with Shopify in Toronto 🍁
Thanks @hacker0x01.bsky.social for organizing such an incredible event and bringing awesome researchers together.
#togetherwehitharder #h1416 #shopify #hacking #goleafs
Thanks @hacker0x01.bsky.social for organizing such an incredible event and bringing awesome researchers together.
#togetherwehitharder #h1416 #shopify #hacking #goleafs
October 30, 2025 at 9:37 AM
Just had an amazing time working with Shopify in Toronto 🍁
Thanks @hacker0x01.bsky.social for organizing such an incredible event and bringing awesome researchers together.
#togetherwehitharder #h1416 #shopify #hacking #goleafs
Thanks @hacker0x01.bsky.social for organizing such an incredible event and bringing awesome researchers together.
#togetherwehitharder #h1416 #shopify #hacking #goleafs
If you found a dangling DNS record, you might be able to take control of it 👀
Be sure to check https://github.com/EdOverflow/can-i-take-over-xyz, which has an extensive list of vulnerable services and guides on how to claim them.
Be sure to check https://github.com/EdOverflow/can-i-take-over-xyz, which has an extensive list of vulnerable services and guides on how to claim them.
GitHub - EdOverflow/can-i-take-over-xyz: "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records. - EdOverflow/can-i-take-over-xyz
github.com
October 29, 2025 at 10:31 AM
If you found a dangling DNS record, you might be able to take control of it 👀
Be sure to check https://github.com/EdOverflow/can-i-take-over-xyz, which has an extensive list of vulnerable services and guides on how to claim them.
Be sure to check https://github.com/EdOverflow/can-i-take-over-xyz, which has an extensive list of vulnerable services and guides on how to claim them.
Modern websites use a lot of intermediary servers - caches, load balancers, proxies, and so on. You can try to send the 'Max-Forwards' header with your request to limit the amount of servers it will reach. It's defined in HTTP specs primarily for TRACE and OPTIONS methods, though.
October 27, 2025 at 10:59 AM
Modern websites use a lot of intermediary servers - caches, load balancers, proxies, and so on. You can try to send the 'Max-Forwards' header with your request to limit the amount of servers it will reach. It's defined in HTTP specs primarily for TRACE and OPTIONS methods, though.
Reposted by 0xacb
October 24, 2025 at 8:00 PM
Recon tip: Run xnl-h4ck3r's waymore on the target you're testing. It searches for URLs from multiple sources, the Wayback Machine, Common Crawl, URLScan and more. It also provides a lot of options to filter your results.
Check it out here 👇
Check it out here 👇
GitHub - xnl-h4ck3r/waymore: Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X!
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal & Intelligence X! - xnl-h4ck3r/waymore
github.com
October 22, 2025 at 9:15 AM
Recon tip: Run xnl-h4ck3r's waymore on the target you're testing. It searches for URLs from multiple sources, the Wayback Machine, Common Crawl, URLScan and more. It also provides a lot of options to filter your results.
Check it out here 👇
Check it out here 👇
Found an XSS but got blocked by the CSP?
https://cspbypass.com has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇
https://cspbypass.com has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇
October 21, 2025 at 9:16 AM
Found an XSS but got blocked by the CSP?
https://cspbypass.com has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇
https://cspbypass.com has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇
Thanks @hacker0x01.bsky.social for the amazing LHE!
Had the chance to work with TikTok and OKX and found some cool vulns, including two 0days. Will try to publish a write up once they're fixed!
Also, big congrats to the new MVH champion @corraldev.bsky.social for the huge mic-drop at this event 🤯
Had the chance to work with TikTok and OKX and found some cool vulns, including two 0days. Will try to publish a write up once they're fixed!
Also, big congrats to the new MVH champion @corraldev.bsky.social for the huge mic-drop at this event 🤯
October 2, 2025 at 11:58 AM
Thanks @hacker0x01.bsky.social for the amazing LHE!
Had the chance to work with TikTok and OKX and found some cool vulns, including two 0days. Will try to publish a write up once they're fixed!
Also, big congrats to the new MVH champion @corraldev.bsky.social for the huge mic-drop at this event 🤯
Had the chance to work with TikTok and OKX and found some cool vulns, including two 0days. Will try to publish a write up once they're fixed!
Also, big congrats to the new MVH champion @corraldev.bsky.social for the huge mic-drop at this event 🤯
Need to search through JSON output?
Make JSON greppable with @tomnomnom's gron 👇
Make JSON greppable with @tomnomnom's gron 👇
GitHub - tomnomnom/gron: Make JSON greppable!
Make JSON greppable! Contribute to tomnomnom/gron development by creating an account on GitHub.
github.com
September 30, 2025 at 2:05 PM
Need to search through JSON output?
Make JSON greppable with @tomnomnom's gron 👇
Make JSON greppable with @tomnomnom's gron 👇
On my way to @hacker0x01.bsky.social #h165 to pop some shells on TikTok and OKX ✈️
September 28, 2025 at 7:47 PM
On my way to @hacker0x01.bsky.social #h165 to pop some shells on TikTok and OKX ✈️