Profile avatar
insider.phd
Dr, apparently. Lecturer & Hacker exbugcrowd. #BugBounty hunter & #infosec YouTuber. Research: API sec, #MLsec, #offsec data+hacking. she/her.
342 posts 5,053 followers 1,307 following
Regular Contributor
Active Commenter

I am truely honoured to be a finalist in the volunteer of the year category for the Cyber Security Woman of the Year Award alongside such impactful women. I will be a bit cheeky though and kindly request your vote if you have a minute or 2 today! 1/2

The council of elders will decide your fate

Oddly specific

🎉 Speaker Announcement — Katie Paxton-Fear 🎉 We're excited that special guest @insider.phd will be at BSides Leeds to present 'Bad Vibes, Good job security? The future of security in an AI saturated world'. Catch Katie's talk at 10.30 on the 21st!

Vibe coding is all AI Twitter is talking about, but what is it? If you've ever wondered how to let AI do the coding so you can focus on the vibes today's video is for you. Create the recon tools you've always dreamed of using even if your code isn't quite production ready 1/3

Is this a really dumb idea or a genius idea I have no idea

Fun day out in Liverpool!

Pleased to announce I will be keynoting the first ever Hacking APIs Con at @apidays NYC! It's everything you wanted to know about hacking GraphQL (but didn't know how to Query)

@insider.phd teaching API hacking at the bug bounty village at #bsidessf

Had a blast at the API security happy hour, and not just 'cause it was in a pub!🍻 Big thanks to all who shared how my content helped you - your stories mean the world to me!😊 #APIsecurity #RSAC2025

And I am on the floor at RSA! Want to pick up some InsiderPhD stickers or just come say hi 👋 I’ll be at the Traceable by Harness Booth 3202 (between the two halls by the escalators!)

Firefox treats multipart/x-mixed-replace like HTML. Chrome doesn’t. That tiny difference? It can turn a "non-exploitable" XSS into a real one. Abuse boundary handling, bypass filters, and make your payload land. thespanner.co.uk/making-the-u...

Want to level up your API Hacking? I’m doing a Hands On API Hacking workshop tomorrow at 1pm at the Bug Bounty Village @BsidesSF if you’re feeling stuck with API hacking this is the workshop for you

Hanging out at the Bug Bounty Village @bsidessf listening to @jhaddix talk about how to approach hacking AI using real approaches from his pen tests ✍️✍️✍️

Has infosec had you feeling a bit off? A bit uncomfortable? Bit of a weird vibe? Why not relish those ominous feelings with some bad vibes of your own? Come say hi at @bsidessf and revel (or find a sticker on the outside tables)

Has infosec had you feeling a bit off? A bit uncomfortable? Bit of a weird vibe? Why not relish those ominous feelings with some bad vibes of your own? Come say hi at @bsidessf and revel (or find a sticker on the outside tables)

Wanted to share the final product of my eink project (going to do a full video or maybe a few… this week), but heres a spoiler for the curious

In December Eaton set his sights on McDonald’s, and he cooked up an interesting menu of vulnerabilities, from essentially free food, to massive PII leaks. Curious how he did it? What to know how he pivoted once he got access? What about his API hacking toolkit? 1/2

Here is where I am with my ESP32 labelling project, you can scan an NFC tag and have it populate the label with filament details

One of the most difficult things for me ethically in hacking is jailbreaking physical hardware you own. One the one hand they are security vulnerabilities, and pretty serious RCEs at that and therefore you need to report them to the vendor because they can be abused by attackers

Just dropped another completely free API security lesson on JustHacking, this time we’re looking at WebSocket APIs. In this 30min lesson you’ll learn what a WebSocket is and the types of apps that use them, how to communicate to WebSockets and some of the security issues in them!

Are you interested in API security, no fluff, no marketing just technical API experts sharing what they know? The eyJ webinar series is just that, I am joined by my colleagues for an hour of deep technical analysis, breakdowns of breaches and the latest in API security tooling 1/2

Just completed my second exciting project - a 3D printed knitting machine for socks! Check out it out! I do need to do some manual processing to finish the socks off since I am just making a big tube, but this is going to really speed up vanilla socks!

I can tell I’m improving at CAD because this only took 2 failures not 20

How are people vibe coding entire multiplayer games and I have to beg chatGPT to help me put wires in the right place 😭😭😭

Are you interested in API security, no fluff, no marketing just technical API experts sharing what they know? The eyJ webinar series is just that, I am joined by my colleagues for an hour of deep technical analysis, breakdowns of breaches and the latest in API security tooling 1/2