@digitalwarhead.bsky.social
Success is not final; failure is not fatal: it is the courage to continue that counts.
https://darknetdiaries.com/
https://darknetdiaries.com/
Why do you think they all wear masks?
June 27, 2025 at 1:20 PM
Why do you think they all wear masks?
Full guide covers OpSec, burner phones, data protection, secure communications, and handling law enforcement interactions.
Read: www.privacyguides.org/articles/202...
Read: www.privacyguides.org/articles/202...
The Protesters' Guide to Smartphone Security
Your phone is an essential tool, but it also represents a huge risk to your privacy and security. Understanding these best practices when it comes to securing your smartphone will help keep you and yo...
www.privacyguides.org
June 9, 2025 at 8:50 PM
Full guide covers OpSec, burner phones, data protection, secure communications, and handling law enforcement interactions.
Read: www.privacyguides.org/articles/202...
Read: www.privacyguides.org/articles/202...
Key takeaways: Use strong passphrases to unlock phone, minimize stored data, prefer Signal for messaging, know your legal rights, and consider leaving your main phone at home entirely. #LA #Protests #ICE #DigitalRights #ProtestSafety #OpSec #PrivacyMatters
June 9, 2025 at 8:50 PM
Key takeaways: Use strong passphrases to unlock phone, minimize stored data, prefer Signal for messaging, know your legal rights, and consider leaving your main phone at home entirely. #LA #Protests #ICE #DigitalRights #ProtestSafety #OpSec #PrivacyMatters
Here's part one of his 3-part series. The series is great, but overall PrestonGoes is one of the best YouTube channels I've found. He's an incredibly genuine and positive guy and his videos are fun to watch.
youtu.be/FgOJwFLF26k?...
youtu.be/FgOJwFLF26k?...
I Built a Mini Truck for Abandoned Railroads
YouTube video by prestongoes
youtu.be
March 15, 2025 at 2:57 AM
Here's part one of his 3-part series. The series is great, but overall PrestonGoes is one of the best YouTube channels I've found. He's an incredibly genuine and positive guy and his videos are fun to watch.
youtu.be/FgOJwFLF26k?...
youtu.be/FgOJwFLF26k?...
@abyssdomainexpert.bsky.social Absolutely loved your talk at HC Seattle last year. When I heard the @jackrhysider.bsky.social episode, I had to do some digging to see if it was the same person or someone else with an identical story lol. Glad to find you on here.
January 8, 2025 at 8:27 PM
@abyssdomainexpert.bsky.social Absolutely loved your talk at HC Seattle last year. When I heard the @jackrhysider.bsky.social episode, I had to do some digging to see if it was the same person or someone else with an identical story lol. Glad to find you on here.
Well that was incredibly creepy lol. Nice work!
December 21, 2024 at 7:19 AM
Well that was incredibly creepy lol. Nice work!
No I haven't had to log in since creating my account 🤷♂️
November 27, 2024 at 3:09 AM
No I haven't had to log in since creating my account 🤷♂️
No, not personally. This was one of the challenges on OWASP's WebGoat, and I figured I'd make a post about it.
November 25, 2024 at 10:11 PM
No, not personally. This was one of the challenges on OWASP's WebGoat, and I figured I'd make a post about it.
@johnhammond.bsky.social should definitely be on this list. He puts out great content.
November 25, 2024 at 3:12 PM
@johnhammond.bsky.social should definitely be on this list. He puts out great content.
Shout out to @owasp.org and github.com/WebGoat/WebG... for putting together this great example!
GitHub - WebGoat/WebGoat: WebGoat is a deliberately insecure application
WebGoat is a deliberately insecure application. Contribute to WebGoat/WebGoat development by creating an account on GitHub.
github.com
November 24, 2024 at 9:59 PM
Shout out to @owasp.org and github.com/WebGoat/WebG... for putting together this great example!
Tips to stay safe from cookie hijacking:
✅ Websites: Use random, encrypted session cookies over HTTPS.
✅ Users: Log out after use, enable MFA, and avoid untrusted networks. Protect your cookies and keep hackers out! 🔐
✅ Websites: Use random, encrypted session cookies over HTTPS.
✅ Users: Log out after use, enable MFA, and avoid untrusted networks. Protect your cookies and keep hackers out! 🔐
November 24, 2024 at 9:59 PM
Tips to stay safe from cookie hijacking:
✅ Websites: Use random, encrypted session cookies over HTTPS.
✅ Users: Log out after use, enable MFA, and avoid untrusted networks. Protect your cookies and keep hackers out! 🔐
✅ Websites: Use random, encrypted session cookies over HTTPS.
✅ Users: Log out after use, enable MFA, and avoid untrusted networks. Protect your cookies and keep hackers out! 🔐
We intercept the login request as Admin, swap in the cookie we created for Tom, and boom — we're logged in as him! 🕵️ This is cookie hijacking in action. Weak session cookies can expose accounts. Secure cookies save lives! 🛡️
November 24, 2024 at 9:59 PM
We intercept the login request as Admin, swap in the cookie we created for Tom, and boom — we're logged in as him! 🕵️ This is cookie hijacking in action. Weak session cookies can expose accounts. Secure cookies save lives! 🛡️
The decoded cookies reveal plain text:
Webgoat: nzozZtxkdKtaogbew
Admin: nzozZtxkdKnimda
Reversing these strings, we see the username is reversed at the end.
To impersonate Tom, we reverse “Tom,” encode it in hex, then Base64. Crafting Tom’s session cookie lets us hijack his account! 😱
Webgoat: nzozZtxkdKtaogbew
Admin: nzozZtxkdKnimda
Reversing these strings, we see the username is reversed at the end.
To impersonate Tom, we reverse “Tom,” encode it in hex, then Base64. Crafting Tom’s session cookie lets us hijack his account! 😱
November 24, 2024 at 9:59 PM
The decoded cookies reveal plain text:
Webgoat: nzozZtxkdKtaogbew
Admin: nzozZtxkdKnimda
Reversing these strings, we see the username is reversed at the end.
To impersonate Tom, we reverse “Tom,” encode it in hex, then Base64. Crafting Tom’s session cookie lets us hijack his account! 😱
Webgoat: nzozZtxkdKtaogbew
Admin: nzozZtxkdKnimda
Reversing these strings, we see the username is reversed at the end.
To impersonate Tom, we reverse “Tom,” encode it in hex, then Base64. Crafting Tom’s session cookie lets us hijack his account! 😱
Authentication cookies like spoof_auth are often Base64 encoded. If predictable, they can be exploited! Logging in with credentials we know of such as Webgoat and Admin, we find:
Webgoat: NmU3YTZm...
Admin: NmU3YTZm...
Decoded, these cookies reveal hex patterns. Time to exploit them! 🔓
Webgoat: NmU3YTZm...
Admin: NmU3YTZm...
Decoded, these cookies reveal hex patterns. Time to exploit them! 🔓
November 24, 2024 at 9:59 PM
Authentication cookies like spoof_auth are often Base64 encoded. If predictable, they can be exploited! Logging in with credentials we know of such as Webgoat and Admin, we find:
Webgoat: NmU3YTZm...
Admin: NmU3YTZm...
Decoded, these cookies reveal hex patterns. Time to exploit them! 🔓
Webgoat: NmU3YTZm...
Admin: NmU3YTZm...
Decoded, these cookies reveal hex patterns. Time to exploit them! 🔓