JWT-HACK | HAHWUL
JSON Web Token Hack Toolkit # Cargo cargo install jwt-hack # Brew brew tap hahwul/jwt-hack brew install jwt-hack JWT-HACK is a CLI tool for analyzing…
Category: Mix
![[tl;dr sec] #282 - Weaponizing Dependabot, Ultimate Guide to JWT Vulnerabilities, Multi-Agent Automated Vulnerability Discovery](https://image.cybernoz.com/wp-content/uploads/2025/06/tldr-sec-282-Weaponizing-Dependabot-Ultimate-Guide-to-JWT.png)
[tl;dr sec] #282 – Weaponizing Dependabot, Ultimate Guide to JWT Vulnerabilities, Multi-Agent Automated Vulnerability Discovery
Using Dependabot to merge malicious code and bypass branch protections, JWT attack guide with mitigations and labs, AI agents found a new Linux Kernel USB…
Addressing API Security with NIST SP 800-228 — API Security
According to the Wallarm Q1 2025 ThreatStats report, 70% of all application attacks target APIs. The industry can no longer treat API security as a…
A Better Way to Think About AI Job Replacement
You don’t have to believe that companies want to fire all their employees to see AI’s threat to jobs. That’s negative framing. Most company leaders…
What does it take to become CREST-accredited? Top 10 questions answered.
CREST is the gold standard for quality assurance accreditation in the cybersecurity industry. It is a globally recognised not-for-profit cybersecurity authority that rigorously assesses organisations…
Finding Hidden Parameters: Advanced Enumeration Guide
Reconnaissance plays an integral part in bug bounty hunting, with hidden parameter discovery an even more crucial role as they are often left with inadequate…
Hive Five 226 – Mastery vs. Management
I took my laptop on the road and outside several times this week while it was sunny, and it made me appreciate light mode in…
How I See AI Affecting Education
By default AI will magnify gaps between good and bad students June 1, 2025 I’ve got a one-liner for what AI will do to education.…
I Have Two Groups of AI Friends
I have two groups of very smart cybersecurity friends, and they see AI completely differently. The first group thinks AI is mostly a scam, like…
Caido | HAHWUL
How to make plugin Create a new repository using the Caido’s starterkit-plugin GitHub template feature. Then, you can install dependencies and build it using the…
ZAP 2.15 Review | HAHWUL
ZAP 2.15가 릴리즈되었습니다. OWASP를 나오는 이슈로 인해 2.14가 빠르게 출시됬던 상태라 2.15까지의 기간 또한 짧았네요. 오늘은 2.15 버전에 대해 빠르게 리뷰해봅니다. Scripts as First Class…
Placeholder Trick for Security Testing
Optimizing Security Tests with Match and Replace in Burp/Caido/ZAP 최근에 저는 Burpsuite, Caido, ZAP을 모두 사용하고 있습니다. 기존 환경에서 Caido가 추가되었고, 여러가지를 실험중에 있습니다. 이…