André Baptista

We won the MVH title at #h1702 🔥 @NahamSec @ajxchapman

Looking for new bypasses or gadgets in Chrome? Google publicly shares upcoming Chrome features through 'Intent to Ship' posts for community review. Definitely worth keeping an eye on 👇 groups.google.com/a/chromium.org… Shout-out to @ctbbpodcast for the tip!

I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4

This week, Disclosed. #BugBounty DEF CON 33 Badge Pre-Orders, Bug Bounty Village Agenda, HackAICon Announcement, NullCon Scholarships, Caido Acquires Shift, and more Highlights below 👇 Full issue → getdisclosed.com ------------ SPOTLIGHT @BugBountyDEFCON opened…

Vibe coding became a thing. Everyone can now code, but where does that lead us regarding security? We turned our time machine on and did a little trip to 2035 to get some answers 👀 vibeinsecurity.com

Love the nowafpls Burp extension by @assetnote to bypass WAFs but using Caido? @Rhynorater recreated it for @CaidoIO. Check it out 👇 gist.github.com/Rhynorater/ace…

We are super excited to share that we acquired the Shift Plugin (shiftplugin.com) and we are making it free to Caido paid users 🚀 Shift is a Caido plugin that is a smart AI companion for your hacking. It can craft payloads, Match&Replace rules, HTTPQL queries and much…

DMARC can reveal more domains associated with a target. dmarc.live/info/<target-domain> allows you to find domains using the same DMARC record. Check it out 👇 There's also a python tool: github.com/Tedixx/dmarc-s…

A cool recon trick to find more targets is to check out CSP policies for juicy assets. csprecon can do this for you 👉 github.com/edoardottt/csp…