Educating the next generation of ethical hackers @ https://hackinghub.io https://bsky.app/profile/hackinghub.bsky.socialhttps://bsky.app/profile/hackinghub.bsky.social/post/3mkvgp3p5cr24Let's be honest: the cat's version has more character. Literally 🕶️.02 May 2026 20:01 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mkvgp3p5cr24https://bsky.app/profile/hackinghub.bsky.social/post/3mkssyfqbrm2eWhat if you could find every unique asset a company owns just by looking at their WHOIS data?  If a company registers all its domains under one specific email, you can uncover every domain they've ever registered in seconds. Use this tool👇01 May 2026 19:03 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mkssyfqbrm2ehttps://bsky.app/profile/hackinghub.bsky.social/post/3mknoqx3mub22Tired of buying courses that don't translate to real targets? 🛠️ Get hands-on with our Free Hubs. These are real-world scenarios based on actual pentests and vulnerabilities we've found in the wild. Start learning for free 👇 https://hhub.io/eSLRYyLUEV29 Apr 2026 18:04 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mknoqx3mub22https://bsky.app/profile/hackinghub.bsky.social/post/3mklnaitqpv2gLooking to level up your recon with Nuclei?  @NahamSec shares two tips to better utilize the tool and find what others miss.👇28 Apr 2026 22:32 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mklnaitqpv2ghttps://bsky.app/profile/hackinghub.bsky.social/post/3mk6p6pxs2e2rRecon dry? Default Subfinder hits basic sources only. Without API keys, you're only hitting basic public sources. Add GitHub, Censys, and Shodan keys to ~/.config/subfinder/provider-config.yaml and use the -all flag to include deep-tier sources.23 Apr 2026 19:02 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mk6p6pxs2e2rhttps://bsky.app/profile/hackinghub.bsky.social/post/3mk4w6lcrpc25Can you perform command injection here to read arbitrary files? 👀 drop your answer below👇23 Apr 2026 02:02 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mk4w6lcrpc25https://bsky.app/profile/hackinghub.bsky.social/post/3mjze74mgm32r📝Scenario: ➡️ You found reflected XSS on a low-privilege, unauthenticated search page What’s your next BEST move? 👇21 Apr 2026 16:02 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mjze74mgm32rhttps://bsky.app/profile/hackinghub.bsky.social/post/3mjwn3r6k5n2jWhat if the notifications you trust were actually coming from a hacker? 🕶️ Watch the walkthrough with John Hammond to see how it works👇 https://youtu.be/wrAFZLa1TAk?si=0-FSO_Y3BDMHcbBP20 Apr 2026 14:03 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mjwn3r6k5n2jhttps://bsky.app/profile/hackinghub.bsky.social/post/3mjuqnzvryr2eTest yourself with this NoSQL Injection Challenge 👇19 Apr 2026 20:02 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mjuqnzvryr2ehttps://bsky.app/profile/hackinghub.bsky.social/post/3mjrw5mvwku25Only real hackers will understand this.18 Apr 2026 17:02 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mjrw5mvwku25https://bsky.app/profile/hackinghub.bsky.social/post/3mjp3ofg4ay2yTest yourself by writing a curl command to get admin 🧐17 Apr 2026 14:03 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mjp3ofg4ay2yhttps://bsky.app/profile/hackinghub.bsky.social/post/3mjn3zpppue2gBlind XSS isn't dead; it just requires more patience than you're used to 👇16 Apr 2026 19:04 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mjn3zpppue2ghttps://bsky.app/profile/hackinghub.bsky.social/post/3mjlcw7zjr22hOnly a good hacker can bypass this. Drop your answer below👇16 Apr 2026 02:02 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mjlcw7zjr22hhttps://bsky.app/profile/hackinghub.bsky.social/post/3mjhr6ilydy27An uncommon but elite recon method: Subscribe to every marketing email the target company sends14 Apr 2026 16:06 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mjhr6ilydy27https://bsky.app/profile/hackinghub.bsky.social/post/3mjfh6mdtmi2lHave you hacked a GraphQL API before? Try this one out. Find the flaw. And drop yung banger payload. 👇13 Apr 2026 18:02 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mjfh6mdtmi2lhttps://bsky.app/profile/hackinghub.bsky.social/post/3mjd5hslkih2hDon't waste keystrokes. The alias command is a critical tool for optimizing your workflow and executing frequent commands instantly.12 Apr 2026 20:03 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mjd5hslkih2hhttps://bsky.app/profile/hackinghub.bsky.social/post/3mj5ieuxhsx23Drop your methodology to bypass this 👇10 Apr 2026 14:02 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mj5ieuxhsx23https://bsky.app/profile/hackinghub.bsky.social/post/3mj2xxmfh7k2nLarge organizations often sync profile data across subdomains, moving your session from the core app to sub-apps like /events. The flaw? Different teams often own these products. This is exactly how Naham found the logic gap. Try this hub👉https://app.hackinghub.io/hubs/nahamcrm09 Apr 2026 14:03 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mj2xxmfh7k2nhttps://bsky.app/profile/hackinghub.bsky.social/post/3miyapxhogb2pDo you have a good understanding of XML? Try finding the flaw in this code.  Bonus: Write payload to read /home/carlos/flag.txt 👇08 Apr 2026 12:02 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3miyapxhogb2phttps://bsky.app/profile/hackinghub.bsky.social/post/3miw5opcghh2kThis is a one character bypass. Can you find it? Bonus: Drop the payload 👇07 Apr 2026 16:02 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3miw5opcghh2khttps://bsky.app/profile/hackinghub.bsky.social/post/3mitd5sixef26Can you read the configuration? How?👇06 Apr 2026 13:02 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mitd5sixef26https://bsky.app/profile/hackinghub.bsky.social/post/3miqqxbjxrn25Can you write a payload to read flag.txt? Classic mistake: Blacklist + eval() What’s your payload? 👇05 Apr 2026 12:31 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3miqqxbjxrn25https://bsky.app/profile/hackinghub.bsky.social/post/3miopmouaiq2sYour FFUF command isn’t returning anything useful, is it? The problem usually isn’t the wordlist. You’re likely getting filtered or rate-limited. Slow it down, control your rate, use realistic headers like a browser, and filter the noise so real endpoints stand out. Try now 👇04 Apr 2026 17:02 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3miopmouaiq2shttps://bsky.app/profile/hackinghub.bsky.social/post/3mim3tm3myg23Are you good at writing regex? Here’s a challenge for you. Objective: Extract all the MD5 hashes from this log dump. Rules:         1. No false positives         2. Must match full hashes only Drop your regex right now? 👇03 Apr 2026 16:02 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mim3tm3myg23https://bsky.app/profile/hackinghub.bsky.social/post/3mijopye3oe2jLearning to hack can be frustrating... Every time you try to learn something, you realise that you needed to learn something else first. What you really need is a roadmap that guides you from start to end. That's exactly what we've built for you. https://www.hackinghub.io/02 Apr 2026 17:02 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mijopye3oe2jhttps://bsky.app/profile/hackinghub.bsky.social/post/3mihbmgtspf2kYou don't feel like you know enough about hacking. Guess what? That feeling never goes away. The more you learn - the more you realise you don't know. That's the worst thing about hacking, but also the best. Start your hacking journey with us. https://www.hackinghub.io/01 Apr 2026 18:02 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mihbmgtspf2khttps://bsky.app/profile/hackinghub.bsky.social/post/3miensl4tnb2wIn CTFs, speed matters the most. Most players waste time on full scans first. Pipeline: Fast discovery → Focused enumeration → Background verification Find ports faster with RustScan and use Nmap to get what matters. Question: Why should you never trust RustScan alone?31 Mar 2026 17:03 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3miensl4tnb2whttps://bsky.app/profile/hackinghub.bsky.social/post/3micap4lqxi2kDrop your choice below👇 🔴Red or 🔵blue?30 Mar 2026 18:03 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3micap4lqxi2khttps://bsky.app/profile/hackinghub.bsky.social/post/3mia2bd6him2zPersistence always pays off🕶️29 Mar 2026 21:02 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mia2bd6him2zhttps://bsky.app/profile/hackinghub.bsky.social/post/3mi5jqcdknx2kQuick Guide: GraphQL Introspection ➡️ BOLA/IDOR 👇28 Mar 2026 21:01 +0000at://did:plc:7vku7zchqff2kuymh67gi2cg/app.bsky.feed.post/3mi5jqcdknx2k