Just dropped a deep dive on GitHub recon for hackers 🕵️‍♂️
From .env leaks to .git/ exposures in prod, commit spelunking, and juicy GitHub Actions misconfigs.
Includes tools, dorks, and real-world tips 🔍
🧵 Read the full guide: https://www.kayssel.com/newsletter/issue-5/

#infosec #cybersecurity #bugbounty #hacking

SSRF can look simple until it leaks cloud creds or hits internal services.

In this issue:
⚔️ Real payloads
🧪 Redis via Gopher
👻 Blind SSRF tricks
🔧 Tools & labs

📬 https://www.kayssel.com/newsletter/issue-4/
#cybersecurity #infosec #bugbounty #hacking

Want to level up your smart contract audits?
I just dropped a guide on how to use Slither's Python API to:
✅ Analyze Solidity structure
✅ Detect unused code
✅ Build custom detectors
✅ Improve output with Rich
Read it here 👉 https://www.kayssel.com/post/web3-18/
#cybersecurity #Web3 #infosec #bugbounty

This week’s focus: Kerberos attacks every pentester should master.

Learn about AS-REP Roasting, Kerberoasting, Pass-the-Ticket, and more, with practical tips and lab recommendations.

📬 Read the new issue here: https://www.kayssel.com/newsletter/issue-2/

#infosec #cybersecurity #bugbounty

Just dropped something new.

🧠 A post about purpose. Why we do what we do — not just in cybersecurity, but in life.

What if purpose isn’t something you find, but something you build?

If you’ve ever felt stuck, lost or disconnected from what you do, this might help you recalibrate.

→ https://www.kayssel.com/post/mentaility-1/

I also started a newsletter to share offensive security techniques weekly:
Web2/Web3 hacking, Active Directory, mobile. No fluff. Just sharp, practical tactics.

→ https://www.kayssel.com/newsletter/

If you’d like to support the work:
→ https://buymeacoffee.com/kayssel

#cybersecurity #infosec #mentalhealth

🐍 New post: Entry #17 in my Web3 Security Series!

Learn how Slither works under the hood and why it's a must-have for smart contract audits.

Catch bugs before they catch you 👇
https://kayssel.com/post/web3-17/

#infosec #cybersecurity #web3 #bugbounty

Think gas in Web3 is just a transaction fee?
Think again.

Gas mismanagement can break your smart contracts—blocking withdrawals, corrupting logic, and opening up attack vectors.

I wrote a full breakdown with code examples and audit tips:

🔗 https://www.kayssel.com/post/web3-16/
#infosec #cybersecurity #bugbounty #web3 #smartcontracts #pentesting

🚀 New Post: Testing Smart Contracts Beyond Unit Tests 🔍

Unit tests aren’t enough! I dive into:
✅ Fuzzing for hidden bugs
✅ Invariant testing for stability
✅ Advanced testing with Foundry

🔗 Read now: https://kayssel.com/post/web3-15/

#infosec #cybersecurity #web3 #pentesting #smartcontracts

🚨 Bybit hack: $1.4B stolen 🚨

I've been working with colleagues on analysing how attackers exploited Safe{Wallet}, manipulating approvals to drain funds.

🔗 Full analysis: https://www.nccgroup.com/sg/research-blog/in-depth-technical-analysis-of-the-bybit-hack/

#cybersecurity #blockchain #web3 #infosec

🔍 ERC-20 Tokens: What You Need to Know (and How to Hack Them) 💀💰

ERC-20 is the standard behind most Ethereum tokens, but not all implementations are secure.

In my latest article, I cover:
✅ What makes an ERC-20 token work
⚠️ Common vulnerabilities (reentrancy, approval race conditions, integer overflows)
🛠️ How pentesters can exploit & secure them

If you’re working with smart contracts, this is a must-read!

🔗 https://www.kayssel.com/post/web3-14/

#cybersecurity #infosec #hacking #web3 #smartcontracts

🚨 Smart Contract Exploit! 🚨

A tiny oversight can lead to catastrophic losses. Learn how selfdestruct lets attackers bypass deposit limits & drain entire contracts—and how to stop it. 🏴‍☠️💸

🔗 Read now: https://www.kayssel.com/post/web3-13/
#infosec #cybersecurity #web3 #hacking #pentesting #smartcontracts

💣 UUPS Proxies: Efficient or exploitable?

They're favored for their upgrade flexibility and gas savings, but they also introduce major risks:
⚠️ Weak access control on upgrades
⚠️ Storage collisions between versions
⚠️ Exposed critical functions

I’ve broken down the key vulnerabilities and what to watch for during an audit. 🛡️
🔗 https://www.kayssel.com/post/web3-12/

#pentesting #infosec #cybersecurity #web3 #hacking

🚀 Proxies: The Art of Staying Upgradeable Without Losing Your Address
Ever deployed a smart contract only to spot a glaring flaw later? Transparent proxies can save the day—no redeployment chaos, just seamless upgrades. Learn how they work, deploy your own, and master their security pitfalls.

Read the full chapter here 👇
https://www.kayssel.com/post/web3-11/

#web3 #blockchain #smartcontracts #pentesting #infosec #cybersecurity #hacking

✨ New Chapter on the Blog! ✨
This time, I’m diving into Solidity’s delegatecall—a feature as powerful as it is dangerous. Using the Grimoire Contract, I’ll show you how attackers can exploit it and how you can safeguard your code.

🔗 Read it now: https://www.kayssel.com/post/web3-10/
PS: Ready to become the Master Wizard? 🧙‍♂️

#cybersecurity #infosec #web3 #smartcontracts #hacking #pentesting

🕵️‍♂️ Is your blockchain secret really... a secret?

In my latest post, I uncover how Solidity storage slots turn "private" data into public knowledge—and how to keep those secrets locked tight!

🔗 Read here: https://www.kayssel.com/post/web3-9/

#blockchain #web3 #infosec #cybersecurity #pentesting #hacking #smartcontracts

🚨 Hack a Smart Contract with 1 Wei?
Learn how an underflow exploit turned a tiny deposit into a full contract drain. Discover the steps & prevention tips! 🛠️💻

📰 Read more: https://www.kayssel.com/post/web3-8/

#cybersecurity #blockchain #web3 #infosec #pentesting

🎯 Master the Sandwich Attack! 🛠️
Ever wondered how attackers profit by sandwiching transactions on the blockchain? In my latest deep dive, I simulate a vulnerable contract, deploy it with Anvil, and automate attacks using a Python bot. Learn the mechanics & defenses!

👉 Dive in: https://www.kayssel.com/post/web3-7/

#blockchain #ethereum #smartcontracts #cybersecurity #hacking #pentesting #infosec

Ever wondered how price manipulation via AMMs works?
⚡ Using a flash loan, you can exploit vulnerable smart contracts relying on AMM prices.

In this deep dive, I show:
🛠️ The DragonBet exploit.
🧮 Reward manipulation math.
🔒 Strategies to defend.

👉 Check it out: https://www.kayssel.com/post/web3-6/

#cybersecurity #infosec #web3 #etherium #hacking #pentesting

🔍 Active Directory Pentesting Just Got Better!
I've recently revisited and updated my Active Directory series to ensure it's packed with actionable insights for Red Teamers and pentesters. 🚀

📚 Dive in to learn:
✅ Domain enumeration.
✅ Exploitation techniques.
✅ Persistence strategies.

👉 Start Here: https://www.kayssel.com/series/active-directory/

#hacking #redteam #pentesting #infosec #cybersecurity

🚨 New Article: Understanding Front-Running in Ethereum!
Explore how attackers exploit transaction prioritization, simulate vulnerabilities with Foundry and Anvil, and learn effective strategies like commit-reveal schemes to protect your dApps.

Read now: https://www.kayssel.com/post/web3-5/

#infosec #cybersecurity #web3 #smartcontracts #hacking