@5tfn.bsky.social
Reposted
In a shameless effort to promote my book. I've crafted some very special vectors for you. If you like them please purchase my book to read more.
www.amazon.com/dp/B0BRD9B3GS
www.amazon.com/dp/B0BRD9B3GS
September 26, 2025 at 11:20 AM
In a shameless effort to promote my book. I've crafted some very special vectors for you. If you like them please purchase my book to read more.
www.amazon.com/dp/B0BRD9B3GS
www.amazon.com/dp/B0BRD9B3GS
Reposted
The new chapter in my interactive Go Concurrency book is about Semaphores.
You'll have a Rendezvous with some helpful synchronization tools and even overcome a few Barriers.
If you know what I mean 😉
antonz.org/go-concurren...
You'll have a Rendezvous with some helpful synchronization tools and even overcome a few Barriers.
If you know what I mean 😉
antonz.org/go-concurren...
Gist of Go: Semaphores
Limiting the concurrency and waiting for the peers.
antonz.org
July 1, 2025 at 4:16 PM
The new chapter in my interactive Go Concurrency book is about Semaphores.
You'll have a Rendezvous with some helpful synchronization tools and even overcome a few Barriers.
If you know what I mean 😉
antonz.org/go-concurren...
You'll have a Rendezvous with some helpful synchronization tools and even overcome a few Barriers.
If you know what I mean 😉
antonz.org/go-concurren...
Reposted
This month, @0x999.net made an awesome and difficult Intigriti XSS challenge. I really enjoyed the openness of this challenge resulting in an unintended solution and the first solve 🩸!
Check out how I got there in my writeup below:
jorianwoltjer.com/blog/p/hacki...
Check out how I got there in my writeup below:
jorianwoltjer.com/blog/p/hacki...
Intigriti March XSS Challenge (0325) | Jorian Woltjer
A hard Cross-Site Scripting challenge chaining small bugs with one very hard step to leak a fragment directive using Self XSS
jorianwoltjer.com
April 2, 2025 at 6:51 AM
This month, @0x999.net made an awesome and difficult Intigriti XSS challenge. I really enjoyed the openness of this challenge resulting in an unintended solution and the first solve 🩸!
Check out how I got there in my writeup below:
jorianwoltjer.com/blog/p/hacki...
Check out how I got there in my writeup below:
jorianwoltjer.com/blog/p/hacki...
Reposted
🎉 Go 1.24.2 and 1.23.8 are released!
🔒 Security: Includes a security fix for net/http (CVE-2025-22871).
🔈 Announcement: groups.google.com/g/golang-ann...
📦 Download: go.dev/dl/#go1.24.2
🔒 Security: Includes a security fix for net/http (CVE-2025-22871).
🔈 Announcement: groups.google.com/g/golang-ann...
📦 Download: go.dev/dl/#go1.24.2
April 1, 2025 at 4:54 PM
🎉 Go 1.24.2 and 1.23.8 are released!
🔒 Security: Includes a security fix for net/http (CVE-2025-22871).
🔈 Announcement: groups.google.com/g/golang-ann...
📦 Download: go.dev/dl/#go1.24.2
🔒 Security: Includes a security fix for net/http (CVE-2025-22871).
🔈 Announcement: groups.google.com/g/golang-ann...
📦 Download: go.dev/dl/#go1.24.2
Reposted
Today I'm proud to launch your new favourite Go book in early access!
This book will go to a depth not seen before in Go books, and the first three chapters are available right now:
www.bytesizego.com/books/anatom...
This book will go to a depth not seen before in Go books, and the first three chapters are available right now:
www.bytesizego.com/books/anatom...
March 25, 2025 at 6:28 AM
Today I'm proud to launch your new favourite Go book in early access!
This book will go to a depth not seen before in Go books, and the first three chapters are available right now:
www.bytesizego.com/books/anatom...
This book will go to a depth not seen before in Go books, and the first three chapters are available right now:
www.bytesizego.com/books/anatom...
Reposted
🚀 v0.47.0 is here!
✅ Redesigned Match & Replace + Workflow support
✅ Built-in logs for better debugging
✅ DNS entry overrides
✅ Invisible proxying
✅ Request / replay response in browser
✅ Default project selection
Here’s everything you need to know 🧵👇
✅ Redesigned Match & Replace + Workflow support
✅ Built-in logs for better debugging
✅ DNS entry overrides
✅ Invisible proxying
✅ Request / replay response in browser
✅ Default project selection
Here’s everything you need to know 🧵👇
March 20, 2025 at 2:30 PM
🚀 v0.47.0 is here!
✅ Redesigned Match & Replace + Workflow support
✅ Built-in logs for better debugging
✅ DNS entry overrides
✅ Invisible proxying
✅ Request / replay response in browser
✅ Default project selection
Here’s everything you need to know 🧵👇
✅ Redesigned Match & Replace + Workflow support
✅ Built-in logs for better debugging
✅ DNS entry overrides
✅ Invisible proxying
✅ Request / replay response in browser
✅ Default project selection
Here’s everything you need to know 🧵👇
Reposted
An interesting parser differential between gorilla/mux and #golang's net/url package (v1.17+): github.com/gorilla/mux/...
[BUG] Semicolon unduly acts as separator for query parameters (thereby creating a parser differential) · Issue #781 · gorilla/mux
Is there an existing issue for this? I have searched the existing issues Current Behavior The (*Router).Queries method splits query-parameter pairs on both ampersands and semicolons. Expected Behav...
github.com
March 18, 2025 at 1:24 PM
An interesting parser differential between gorilla/mux and #golang's net/url package (v1.17+): github.com/gorilla/mux/...
Reposted
Reposted
Creating a GUI interface using Visual Basic, see if I can track an IP address
March 10, 2025 at 7:28 PM
Creating a GUI interface using Visual Basic, see if I can track an IP address
Reposted
DOMLogger++ v1.0.8 is now out and available! 🎉
This update includes several UX improvements, such as syntax highlighting and new shortcuts. Major changes have been made to custom types and several annoying bugs have been fixed 🚀
👉 github.com/kevin-mizu/d...
This update includes several UX improvements, such as syntax highlighting and new shortcuts. Major changes have been made to custom types and several annoying bugs have been fixed 🚀
👉 github.com/kevin-mizu/d...
February 27, 2025 at 4:35 PM
DOMLogger++ v1.0.8 is now out and available! 🎉
This update includes several UX improvements, such as syntax highlighting and new shortcuts. Major changes have been made to custom types and several annoying bugs have been fixed 🚀
👉 github.com/kevin-mizu/d...
This update includes several UX improvements, such as syntax highlighting and new shortcuts. Major changes have been made to custom types and several annoying bugs have been fixed 🚀
👉 github.com/kevin-mizu/d...
Reposted
February 27, 2025 at 5:02 PM
Reposted
I posted a blog about how browser permissions work. albertofdr.github.io/web-security...
You Shall Not Get Access 🧙🏻♂️: Browser Permissions | WebSec!
Web Security Educational Blog
albertofdr.github.io
January 29, 2025 at 12:16 PM
I posted a blog about how browser permissions work. albertofdr.github.io/web-security...
Reposted
I decided to take a look at the 2024 and choose the best bug bounty writeups, blogposts and tools, as well as the most underrated reports of the year. Enjoy🔥
Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.
youtu.be
February 13, 2025 at 2:03 PM
I decided to take a look at the 2024 and choose the best bug bounty writeups, blogposts and tools, as well as the most underrated reports of the year. Enjoy🔥
Reposted
Reposted
I'm very happy to finally share the second part of my DOMPurify security research 🔥
This article mostly focuses on DOMPurify misconfigurations, especially hooks, that downgrade the sanitizer's protection (even in the latest version)!
Link 👇
mizu.re/post/explori...
1/2
This article mostly focuses on DOMPurify misconfigurations, especially hooks, that downgrade the sanitizer's protection (even in the latest version)!
Link 👇
mizu.re/post/explori...
1/2
February 10, 2025 at 5:57 PM
I'm very happy to finally share the second part of my DOMPurify security research 🔥
This article mostly focuses on DOMPurify misconfigurations, especially hooks, that downgrade the sanitizer's protection (even in the latest version)!
Link 👇
mizu.re/post/explori...
1/2
This article mostly focuses on DOMPurify misconfigurations, especially hooks, that downgrade the sanitizer's protection (even in the latest version)!
Link 👇
mizu.re/post/explori...
1/2
Reposted
OK. I significantly revamped my most basic, introductory text about core concepts in electronic circuits: lcamtuf.substack.com/p/primer-cor...
It now features a toy discrete-model model of a capacitor (no calculus involved). I think it's good.
It now features a toy discrete-model model of a capacitor (no calculus involved). I think it's good.
Primer: core concepts in electronic circuits
Back to the basics: defining key concepts in electronics without breaking out a plumbing wrench.
lcamtuf.substack.com
February 10, 2025 at 3:53 AM
OK. I significantly revamped my most basic, introductory text about core concepts in electronic circuits: lcamtuf.substack.com/p/primer-cor...
It now features a toy discrete-model model of a capacitor (no calculus involved). I think it's good.
It now features a toy discrete-model model of a capacitor (no calculus involved). I think it's good.
Reposted
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! portswigger.net/research/top...
Top 10 web hacking techniques of 2024
Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
portswigger.net
February 4, 2025 at 3:02 PM
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! portswigger.net/research/top...
Reposted
Here's how a vulnerable ORM pattern can lead to mass assignment:
Raw SQL Queries are Actually Better for Security Than ORMs?
Have I gone mad? Do I actually recommend not using an ORM and actually gaining a security advantage? Sort of. It's more nuanced but if we're trying to fix SQL injection and related vulnerabilities then I invite you to take a read.
www.nodejs-security.com
February 4, 2025 at 10:01 AM
Here's how a vulnerable ORM pattern can lead to mass assignment:
Reposted
Discover blocklist bypasses via unicode overflows using the latest updates to ActiveScan++, Hackvertor & Shazzer! Thanks to Ryan Barnett and Neh Patel for sharing this technique.
portswigger.net/research/byp...
portswigger.net/research/byp...
January 28, 2025 at 2:01 PM
Discover blocklist bypasses via unicode overflows using the latest updates to ActiveScan++, Hackvertor & Shazzer! Thanks to Ryan Barnett and Neh Patel for sharing this technique.
portswigger.net/research/byp...
portswigger.net/research/byp...
Reposted
Hot out of the oven! The Cookie Sandwich – a technique that lets you bypass the HttpOnly protection! This isn't your average dessert; it’s a recipe for disaster if your app isn’t prepared: portswigger.net/research/ste...
Stealing HttpOnly cookies with the cookie sandwich technique
In this post, I will introduce the "cookie sandwich" technique which lets you bypass the HttpOnly flag on certain servers. This research follows on from Bypassing WAFs with the phantom $Version cookie
portswigger.net
January 22, 2025 at 3:06 PM
Hot out of the oven! The Cookie Sandwich – a technique that lets you bypass the HttpOnly protection! This isn't your average dessert; it’s a recipe for disaster if your app isn’t prepared: portswigger.net/research/ste...
Reposted
Wow, some of the articles on my ACE3 research are so bad...
No, you are not facing any "new security risks" because of the "critical USB component"
No, you are not facing any "new security risks" because of the "critical USB component"
January 14, 2025 at 10:04 PM
Wow, some of the articles on my ACE3 research are so bad...
No, you are not facing any "new security risks" because of the "critical USB component"
No, you are not facing any "new security risks" because of the "critical USB component"
Reposted
SSRFs can be tough to make critical without cloud metadata, especially against a target like GitLab that strengthens its infra with every SSRF. Yet @joaxcar.bsky.social broke through with the first critical SSRF on GitLab since 2020. Enjoy our explanation from Sweden! 🇸🇪
Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.
youtu.be
January 8, 2025 at 2:28 PM
SSRFs can be tough to make critical without cloud metadata, especially against a target like GitLab that strengthens its infra with every SSRF. Yet @joaxcar.bsky.social broke through with the first critical SSRF on GitLab since 2020. Enjoy our explanation from Sweden! 🇸🇪
Reposted
Nominations are now open for the Top 10 Web Hacking Techniques of 2024! Browse the contestants and submit your own here:
portswigger.net/research/top...
portswigger.net/research/top...
Top ten web hacking techniques of 2024: nominations open
Nominations are now open for the top 10 new web hacking techniques of 2024! Every year, security researchers from all over the world share their latest findings via blog posts, presentations, PoCs, an
portswigger.net
January 8, 2025 at 2:09 PM
Nominations are now open for the Top 10 Web Hacking Techniques of 2024! Browse the contestants and submit your own here:
portswigger.net/research/top...
portswigger.net/research/top...
Reposted
Imagine opening a Discord message and suddenly your computer is hacked.
We discovered a bug that made this possible and earned a $5,000 bounty for it.
Here's the story and a beginner-friendly deep dive into V8 exploit development.
watch: youtu.be/R3SE4VKj678?...
We discovered a bug that made this possible and earned a $5,000 bounty for it.
Here's the story and a beginner-friendly deep dive into V8 exploit development.
watch: youtu.be/R3SE4VKj678?...
Hacking Discord for $5000 Bounty
YouTube video by Mrgavyadha
youtu.be
December 14, 2024 at 3:11 PM
Imagine opening a Discord message and suddenly your computer is hacked.
We discovered a bug that made this possible and earned a $5,000 bounty for it.
Here's the story and a beginner-friendly deep dive into V8 exploit development.
watch: youtu.be/R3SE4VKj678?...
We discovered a bug that made this possible and earned a $5,000 bounty for it.
Here's the story and a beginner-friendly deep dive into V8 exploit development.
watch: youtu.be/R3SE4VKj678?...