Profile avatar
insider.phd
Dr, apparently. Lecturer & Hacker exbugcrowd. #BugBounty hunter & #infosec YouTuber. Research: API sec, #MLsec, #offsec data+hacking. she/her.
342 posts 5,053 followers 1,307 following
Regular Contributor
Active Commenter
Posts 26 Comments 24

I am truely honoured to be a finalist in the volunteer of the year category for the Cyber Security Woman of the Year Award alongside such impactful women. I will be a bit cheeky though and kindly request your vote if you have a minute or 2 today! 1/2

submitted 1 day ago • 1 comment

The council of elders will decide your fate

submitted 2 days ago • 1 comment

Oddly specific

submitted 2 days ago • 2 comments

🎉 Speaker Announcement — Katie Paxton-Fear 🎉 We're excited that special guest @insider.phd will be at BSides Leeds to present 'Bad Vibes, Good job security? The future of security in an AI saturated world'. Catch Katie's talk at 10.30 on the 21st!

submitted 10 days ago • 0 comments

Vibe coding is all AI Twitter is talking about, but what is it? If you've ever wondered how to let AI do the coding so you can focus on the vibes today's video is for you. Create the recon tools you've always dreamed of using even if your code isn't quite production ready 1/3

submitted 11 days ago • 1 comment

Is this a really dumb idea or a genius idea I have no idea

submitted 29 days ago • 0 comments

Fun day out in Liverpool!

submitted 37 days ago • 0 comments

Pleased to announce I will be keynoting the first ever Hacking APIs Con at @apidays NYC! It's everything you wanted to know about hacking GraphQL (but didn't know how to Query)

submitted 39 days ago • 1 comment

@insider.phd teaching API hacking at the bug bounty village at #bsidessf

submitted 42 days ago • 0 comments

Had a blast at the API security happy hour, and not just 'cause it was in a pub!🍻 Big thanks to all who shared how my content helped you - your stories mean the world to me!😊 #APIsecurity #RSAC2025

submitted 40 days ago • 0 comments

And I am on the floor at RSA! Want to pick up some InsiderPhD stickers or just come say hi 👋 I’ll be at the Traceable by Harness Booth 3202 (between the two halls by the escalators!)

submitted 40 days ago • 0 comments

Firefox treats multipart/x-mixed-replace like HTML. Chrome doesn’t. That tiny difference? It can turn a "non-exploitable" XSS into a real one. Abuse boundary handling, bypass filters, and make your payload land. thespanner.co.uk/making-the-u...

submitted 44 days ago • 0 comments

Want to level up your API Hacking? I’m doing a Hands On API Hacking workshop tomorrow at 1pm at the Bug Bounty Village @BsidesSF if you’re feeling stuck with API hacking this is the workshop for you

submitted 43 days ago • 0 comments

Hanging out at the Bug Bounty Village @bsidessf listening to @jhaddix talk about how to approach hacking AI using real approaches from his pen tests ✍️✍️✍️

submitted 43 days ago • 0 comments

Has infosec had you feeling a bit off? A bit uncomfortable? Bit of a weird vibe? Why not relish those ominous feelings with some bad vibes of your own? Come say hi at @bsidessf and revel (or find a sticker on the outside tables)

submitted 44 days ago • 0 comments

Has infosec had you feeling a bit off? A bit uncomfortable? Bit of a weird vibe? Why not relish those ominous feelings with some bad vibes of your own? Come say hi at @bsidessf and revel (or find a sticker on the outside tables)

submitted 44 days ago • 0 comments

Wanted to share the final product of my eink project (going to do a full video or maybe a few… this week), but heres a spoiler for the curious

submitted 55 days ago • 1 comment

In December Eaton set his sights on McDonald’s, and he cooked up an interesting menu of vulnerabilities, from essentially free food, to massive PII leaks. Curious how he did it? What to know how he pivoted once he got access? What about his API hacking toolkit? 1/2

submitted 61 days ago • 1 comment

Here is where I am with my ESP32 labelling project, you can scan an NFC tag and have it populate the label with filament details

submitted 62 days ago • 1 comment

One of the most difficult things for me ethically in hacking is jailbreaking physical hardware you own. One the one hand they are security vulnerabilities, and pretty serious RCEs at that and therefore you need to report them to the vendor because they can be abused by attackers

submitted 63 days ago • 1 comment

Just dropped another completely free API security lesson on JustHacking, this time we’re looking at WebSocket APIs. In this 30min lesson you’ll learn what a WebSocket is and the types of apps that use them, how to communicate to WebSockets and some of the security issues in them!

submitted 80 days ago • 1 comment

Are you interested in API security, no fluff, no marketing just technical API experts sharing what they know? The eyJ webinar series is just that, I am joined by my colleagues for an hour of deep technical analysis, breakdowns of breaches and the latest in API security tooling 1/2

submitted 84 days ago • 2 comments

Just completed my second exciting project - a 3D printed knitting machine for socks! Check out it out! I do need to do some manual processing to finish the socks off since I am just making a big tube, but this is going to really speed up vanilla socks!

submitted 84 days ago • 3 comments

I can tell I’m improving at CAD because this only took 2 failures not 20

submitted 88 days ago • 1 comment

How are people vibe coding entire multiplayer games and I have to beg chatGPT to help me put wires in the right place 😭😭😭

submitted 89 days ago • 2 comments

Are you interested in API security, no fluff, no marketing just technical API experts sharing what they know? The eyJ webinar series is just that, I am joined by my colleagues for an hour of deep technical analysis, breakdowns of breaches and the latest in API security tooling 1/2

submitted 90 days ago • 1 comment