Modern Web Firewall: stop account takeovers, weak passwords, cloud IPs, DoS attacks, disposable emails

mapAccountHijack is a tool designed to carry out a MAP Account hijack attack, which exploits the Message Access Profile (MAP) in Bluetooth Classic, enables the theft of MFA and OTPs leading to the successful hijacking of accounts on services that rely on SMS OTPs during login or recovery. Tool leaks phone numbers, emails, can send and retrieve SMS

Welcome to the world of FingerprintJS open source software.

Instagram Penetration Testing and 2FA Detection

Go tool that detects which email addresses have domains which are able to be registered

🔴 CVE-2026-22794 - Appsmith Password Reset Account Takeover via Origin Header Injection | PoC Exploit + Nuclei Template

Analyse et modélisation d’un système de détection de fraude (Account Takeover) pour repérer les connexions suspectes et comportements anormaux.

Software that blocks account hijacking attacks.

CVE-2026-40487 - Postiz <= 2.21.5 - Arbitrary File Upload via MIME-Type Spoofing → Stored XSS → Account Takeover

CVE-2020-13654 - XWiki Platform < 12.8 - Stored XSS → CSRF → Account Takeover

Security research write-up on MFA fatigue risk in Microsoft Personal accounts when Authenticator sign-in notifications are enabled, including evidence, timeline, and a user-side workaround

Xboard / V2Board Unauth Account Takeover - Magic Link Token Leak (CVE-2026-39912)

AuthTables is a microservice that helps detect "Account Take Over" caused by simple credential theft. If bad actors are stealing your users passwords, AuthTables may be useful.

Advanced security research lab on BOLA (CWE-285) and IDOR in RESTful architectures. Features a Flask-based API gateway and a Python-engineered exploit engine demonstrating Account Takeover (ATO) via JSON payload manipulation. Includes enterprise remediation strategies using cryptographically signed session claims and server-side authorization.

Detect suspicious login behavior from raw logs. A simplified open-source version of the BlackIce fraud detection engine.

Near real-time intrusion detection for blacklisting

Various bots for testing web applications

Structured ML investigation into FastText/Word2Vec device fingerprint embeddings for account takeover detection — from PoC through adversarial debate, three experiments, and production deployment analysis.