Inlay

ProfileReplies

Scanning 65,000 ports in just a few seconds with the power of Rust! 🦀

The ETag Oracle Cross-Site ETag Length Leak by @arkark_ This technique weaponizes 1-byte ETag length variations to trigger 431 header overflows, detectable via Chromium's history API. Blog here👇

Super cool work by @s3bsrt HTTP trailers can be a blind spot. Proxies usually ignore them, but backend servers will happily merge them into the main headers, letting you sneak payloads right past security filters. Blog link 👇

A really nice Cross-Site Leak writeup by salvatoreabello For client-side hackers, you would love this in your arsenal because it relies on browser architecture. Since Google marked it "WAI", this vector is still open. Blog 👇

I may have organized a challenge (or two) for upCTF by @xstf_team, starting in 14 hours! Register now for a chance to win cool prizes 🥷

This blog site of @samm0uda is a treasure trove of everything Meta (Facebook, Instagram, Oculus) hacking 👇

Lost in Translation: Exploiting Unicode Normalization With this research, ryancbarnett and 4ng3lhacker added another layer of understanding to this area. They introduced a lot of very interesting techniques. Check it out 👇

Find hidden API parameters in seconds, not hours. Arjun scans 25,890 parameter names with just 50-60 requests in under 10 seconds.

WontFix can be an RCE Goldmine SOAPwn by chudyPB #5 in PortSwigger Web Hacking Techniques of 2025 Blog link 👇

Playing with HTTP/2 CONNECT by @fl0mb.bsky.social This research explores how HTTP/2 CONNECT can be utilized for port scanning. It may also bypass traditional network inspection tools, which opens up a lot of possibilities. Check the blog👇

16d

19d

13d

24d

19d

25d

26d

15d

18d

28d

0xacb

As web applications evolve, so do their data processing pipelines—handling Unicode normalization, encoding, and translation before storing or executing user ...

youtu.be

In this post, I will introduce XSS-Leak (“Cross-Site-Subdomain Leak”), a technique for Chromium-based browsers that leaks cross-origin redirects, …

blog.babelo.xyz

Black Hat USA 2025 | Lost in Translation: Exploiting Unicode Normalization

XSS-Leak: Leaking Cross-Origin Redirects

🤖 The Modern Port Scanner 🤖. Contribute to bee-san/RustScan development by creating an account on GitHub.

GitHub - bee-san/RustScan: 🤖 The Modern Port Scanner 🤖

github.com

HTTP parameter discovery suite. Contribute to s0md3v/Arjun development by creating an account on GitHub.

github.com

GitHub - s0md3v/Arjun: HTTP parameter discovery suite.

Cross-Site ETag Length Leak | XS-Spin Blog

A novel XS-Leak technique that turns ETag length differences into a cross-site oracle via 431 errors and History API.

blog.arkark.dev

Trailing Danger: exploring HTTP Trailer parsing discrepancies

www.sebsrt.xyz

ctf.xstf.pt

upCTF

The goal of this blog is to share write-ups about bugs i have found in Facebook and reported to them under the Facebook bug bounty program.

ysamm.com

Youssef Sammouda (sam0) personal blog

In HTTP/1, the CONNECT method instructs a proxy to establish a TCP tunnel to a requested target. Once the tunnel is up, the proxy blindly forwards raw traffic in both directions. This mechanism is most commonly used to tunnel TLS traffic through forwarding proxies. While digging through the HTTP/2 s...

blog.flomb.net

Playing with HTTP/2 CONNECT - Flomb Blog

SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL

Welcome back! As we near the end of 2025, we are, of course, waiting for the next round of SSLVPN exploitation to occur in January (as it did in 2024 and 2025). Weeeeeeeee. Before then, we want to clear the decks and see how much research we can publish. This

labs.watchtowr.com