André Baptista's banner
André Baptista's profile picture

André Baptista

@0xacb19,211 subscribers

Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm. Co-founder @ethiack

Shorts

A researcher found an Instagram vuln letting anyone access Note videos with audio that should've been silent by default. Just by paying attention and using Devtools :) Meta paid $1000 for this finding. Video credits: i12gocaj

A researcher found an Instagram vuln letting anyone access Note videos with audio that should've been silent by default. Just by paying attention and using Devtools :) Meta paid $1000 for this finding. Video credits: i12gocaj

62,609 views

DMARC can reveal more domains associated with a target. allows you to find domains using the same DMARC record. Check it out 👇 There's also a python tool:

DMARC can reveal more domains associated with a target. allows you to find domains using the same DMARC record. Check it out 👇 There's also a python tool:

66,285 views

When testing GraphQL APIs make sure to run graphw00f ( to fingerprint the specific GraphQL implementation the application is running. Then you can review the Threat Matrix to get likely attack vectors.

When testing GraphQL APIs make sure to run graphw00f ( to fingerprint the specific GraphQL implementation the application is running. Then you can review the Threat Matrix to get likely attack vectors.

38,561 views

RFC 2047 "encoded-word" is crazy! It lets you smuggle encoded payloads into email addresses and the craziest thing is that some parsers decode it before validation 👇 Shout out to Gareth Heyes \u2028 for this 🔥

RFC 2047 "encoded-word" is crazy! It lets you smuggle encoded payloads into email addresses and the craziest thing is that some parsers decode it before validation 👇 Shout out to Gareth Heyes \u2028 for this 🔥

32,474 views

Manually hunting for endpoints and hidden parameters in web apps? Another nice tool from / XNL -н4cĸ3r (and @xnl-h4ck3r in the new Sky) is xnLinkFinder that crawls targets, extracts links, discovers secrets, and builds target-specific wordlists. All from Burp files, ZAP exports, HAR files, or URLs. Try it out 👇

Manually hunting for endpoints and hidden parameters in web apps? Another nice tool from / XNL -н4cĸ3r (and @xnl-h4ck3r in the new Sky) is xnLinkFinder that crawls targets, extracts links, discovers secrets, and builds target-specific wordlists. All from Burp files, ZAP exports, HAR files, or URLs. Try it out 👇

14,437 views

We won the MVH title at #h1702 🔥 Ben Sadeghipour Alex Chapman

We won the MVH title at #h1702 🔥 Ben Sadeghipour Alex Chapman

39,412 views

If you need to generate a target-specific wordlist, make sure to check out / XNL -н4cĸ3r (and @xnl-h4ck3r in the new Sky) GAP extension. It will scan for sus parameters and generate you a complete wordlist with one click of a button. See it in action 👇

If you need to generate a target-specific wordlist, make sure to check out / XNL -н4cĸ3r (and @xnl-h4ck3r in the new Sky) GAP extension. It will scan for sus parameters and generate you a complete wordlist with one click of a button. See it in action 👇

13,642 views

Videos

No more content to load