Are you testing a Java Spring Boot app that uses RBAC to protect API endpoints? Spring Security may use AntPathRequestMatcher for access rules. If the rules are written too strictly like locking down /api/v1/users but not /api/v1/users/ an authorization mismatch can happen 👇🧵

The depth of your assumptions and the persistence of your efforts determine your skill ceiling 🕶️

Don't get stuck in the "massive subdomain" trap 👇

"Where do I start with Bug Bounty? Where do I actually sign up and register?" It’s the most frequent question we receive from the community. Here is the answer👇

API gateway path normalization abuse. Gateways and backend APIs may normalize URL paths (like .. ; %2f) differently. For example, a gateway might evaluate the raw path, while the origin server decodes it (%2f → /) and resolves it, changing the final route.

Let's be honest: the cat's version has more character. Literally 🕶️.

What if you could find every unique asset a company owns just by looking at their WHOIS data?  If a company registers all its domains under one specific email, you can uncover every domain they've ever registered in seconds. Use this tool👇

Tired of buying courses that don't translate to real targets? 🛠️ Get hands-on with our Free Hubs. These are real-world scenarios based on actual pentests and vulnerabilities we've found in the wild. Start learning for free 👇 https://hhub.io/eSLRYyLUEV

Looking to level up your recon with Nuclei?  @NahamSec shares two tips to better utilize the tool and find what others miss.👇

Recon dry? Default Subfinder hits basic sources only. Without API keys, you're only hitting basic public sources. Add GitHub, Censys, and Shodan keys to ~/.config/subfinder/provider-config.yaml and use the -all flag to include deep-tier sources.

Can you perform command injection here to read arbitrary files? 👀 drop your answer below👇

📝Scenario: ➡️ You found reflected XSS on a low-privilege, unauthenticated search page What’s your next BEST move? 👇

What if the notifications you trust were actually coming from a hacker? 🕶️ Watch the walkthrough with John Hammond to see how it works👇 https://youtu.be/wrAFZLa1TAk?si=0-FSO_Y3BDMHcbBP

Test yourself with this NoSQL Injection Challenge 👇

Only real hackers will understand this.

Test yourself by writing a curl command to get admin 🧐

Blind XSS isn't dead; it just requires more patience than you're used to 👇

Only a good hacker can bypass this. Drop your answer below👇

An uncommon but elite recon method: Subscribe to every marketing email the target company sends

Have you hacked a GraphQL API before? Try this one out. Find the flaw. And drop yung banger payload. 👇

Don't waste keystrokes. The alias command is a critical tool for optimizing your workflow and executing frequent commands instantly.

Drop your methodology to bypass this 👇

Large organizations often sync profile data across subdomains, moving your session from the core app to sub-apps like /events. The flaw? Different teams often own these products. This is exactly how Naham found the logic gap. Try this hub👉https://app.hackinghub.io/hubs/nahamcrm

Do you have a good understanding of XML? Try finding the flaw in this code.  Bonus: Write payload to read /home/carlos/flag.txt 👇

This is a one character bypass. Can you find it? Bonus: Drop the payload 👇

Can you read the configuration? How?👇

Can you write a payload to read flag.txt? Classic mistake: Blacklist + eval() What’s your payload? 👇

Your FFUF command isn’t returning anything useful, is it? The problem usually isn’t the wordlist. You’re likely getting filtered or rate-limited. Slow it down, control your rate, use realistic headers like a browser, and filter the noise so real endpoints stand out. Try now 👇

Are you good at writing regex? Here’s a challenge for you. Objective: Extract all the MD5 hashes from this log dump. Rules:         1. No false positives         2. Must match full hashes only Drop your regex right now? 👇

Learning to hack can be frustrating... Every time you try to learn something, you realise that you needed to learn something else first. What you really need is a roadmap that guides you from start to end. That's exactly what we've built for you. https://www.hackinghub.io/

You don't feel like you know enough about hacking. Guess what? That feeling never goes away. The more you learn - the more you realise you don't know. That's the worst thing about hacking, but also the best. Start your hacking journey with us.

In CTFs, speed matters the most. Most players waste time on full scans first. Pipeline: Fast discovery → Focused enumeration → Background verification Find ports faster with RustScan and use Nmap to get what matters. Question: Why should you never trust RustScan alone?

Drop your choice below👇 🔴Red or 🔵blue?

Persistence always pays off🕶️

Quick Guide: GraphQL Introspection ➡️ BOLA/IDOR 👇

This is patched now. But what flaw did it leave behind? Is it actually that bad?👀 👇 Drop your theories below

Missed Fetch the Flag 2026? The targets are still live.  All challenges are available for practice. Prove your logic across 6 categories:  AI,  Crypto,  Forensics,  PWN, RevEng, and Web. Pick your favorite. Hack. Learn.👇 https://app.hackinghub.io/hubs/snyk-fetch-the-flag-2026

A trained eye sees the flaw in seconds. How good is yours? 👀👇

That moment when the bypass you found at 3 AM actually worked.

Did you see the flaw? 👀👇

Stop reading old write-ups and start practicing on the real thing. 🕶️ HackingHub labs are built differently. Every environment is a clone of a real-world vulnerability found in the field. This is how you actually learn to hack.  Get started👇 https://app.hackinghub.io/hubs/

1 day left before the Bug Bounty Village takes over #BSidesSF. 🛠️ Advanced Workshops with Caido 🚩 A dedicated WEB CTF 🏆 Massive Prize Pools Your logic vs. our challenges. Are you in?

This one is a bit subtle. Did you catch it?👇

Keep your eyes peeled on these endpoints. 👀 /login ➡️ authentication bugs /reset-password ➡️ATO /upload ➡️ RCE /api/v1/user/1001 ➡️ BOLA /search?q=query ➡️ Injection bugs /view?file= ➡️ SSRF /admin ➡️ internal access Which endpoint have you found the most bugs on? 👇

The latest Hubs are live. We aren’t playing here. You either own the logic or you’re out of the deal. 🕶️ Stop playing at being a hacker and prove you're one 👇 https://app.hackinghub.io/hubs/

They moved the stack to nginx. They thought the migration was clean. But they forgot to scrub the recursive paths.

Does this look secure enough to you, or are you already seeing the bypass? Confirm below. 👇

You can master the Linux fundamentals required for hacking in just 7 hours. We’ve updated the course with @JohnHammond to include the "big three" of text manipulation and editing: Sed, Awk, and Vim. 2 hours of fresh content are waiting for you.

Tampering attempt failed. What’s your next move? 🕶️ Drop your answers below👇

IIS Filename Enum Hub 🕶️ The system recently migrated from IIS to nginx, but the developers left a trace behind. A single file remains from the old environment. Can you find it? 👇 ✅Get started: https://app.hackinghub.io/hubs/iis-filename-enum