0xacb
@0xacb.com
Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm.
Co-founder @ethiack.com
https://0xacb.com
Co-founder @ethiack.com
https://0xacb.com
When testing GraphQL APIs make sure to run graphw00f (https://github.com/dolevf/graphw00f) to fingerprint the specific GraphQL implementation the application is running. Then you can review the Threat Matrix to get likely attack vectors.
November 10, 2025 at 11:53 AM
When testing GraphQL APIs make sure to run graphw00f (https://github.com/dolevf/graphw00f) to fingerprint the specific GraphQL implementation the application is running. Then you can review the Threat Matrix to get likely attack vectors.
If you found a package.json file in the wild, you might find some internal packages vulnerable to a dependency confusion attack 👀
Check for it quicker using this cool new tool by JSMon: https://app.jsmon.sh/tools/npm-validator 👇
Check for it quicker using this cool new tool by JSMon: https://app.jsmon.sh/tools/npm-validator 👇
November 6, 2025 at 10:07 AM
If you found a package.json file in the wild, you might find some internal packages vulnerable to a dependency confusion attack 👀
Check for it quicker using this cool new tool by JSMon: https://app.jsmon.sh/tools/npm-validator 👇
Check for it quicker using this cool new tool by JSMon: https://app.jsmon.sh/tools/npm-validator 👇
Found an XSS but got blocked by the CSP?
https://cspbypass.com has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇
https://cspbypass.com has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇
October 21, 2025 at 9:16 AM
Found an XSS but got blocked by the CSP?
https://cspbypass.com has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇
https://cspbypass.com has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇
Time to reveal what I was doing with @teknogeek.io back in '19.
All the hard work and sleepless nights have paid off!
All the hard work and sleepless nights have paid off!
August 26, 2025 at 9:02 AM
Time to reveal what I was doing with @teknogeek.io back in '19.
All the hard work and sleepless nights have paid off!
All the hard work and sleepless nights have paid off!
Just released a new recollapse version thanks to @ryancbarnnet and @4ng3lhacker after their talk in BlackHat today.
What’s new?
💥Mode 6: Fuzz case folding/upper/lower
💥 Mode 7: Fuzz byte truncations
💥 Recollapse can now be used as a python library and is available on PyPI
Check it out 👇
What’s new?
💥Mode 6: Fuzz case folding/upper/lower
💥 Mode 7: Fuzz byte truncations
💥 Recollapse can now be used as a python library and is available on PyPI
Check it out 👇
August 8, 2025 at 1:38 AM
Just released a new recollapse version thanks to @ryancbarnnet and @4ng3lhacker after their talk in BlackHat today.
What’s new?
💥Mode 6: Fuzz case folding/upper/lower
💥 Mode 7: Fuzz byte truncations
💥 Recollapse can now be used as a python library and is available on PyPI
Check it out 👇
What’s new?
💥Mode 6: Fuzz case folding/upper/lower
💥 Mode 7: Fuzz byte truncations
💥 Recollapse can now be used as a python library and is available on PyPI
Check it out 👇