d4d
LightNews LightNews
banner
zakfedotkin.bsky.social
d4d
@zakfedotkin.bsky.social
660 followers 100 following 24 posts
Zak Fedotkin
All thought are mine and mine alone
Posts Replies Media Videos
zakfedotkin.bsky.social
For a visual walk‑through, see the @steelcon.info livestream recording: youtu.be/wxu1axAdPhw?...
Cookie Chaos: Exploiting Parser Discrepancies - Zack
YouTube video by SteelCon
youtu.be
September 3, 2025 at 2:56 PM
zakfedotkin.bsky.social
June 26, 2025 at 2:00 PM
zakfedotkin.bsky.social
If you missed the original research, you can find it at portswigger.net/research/dra...
Drag and Pwnd: Leverage ASCII characters to exploit VS Code
Control characters like SOH, STX, EOT and ETX were never meant to run your code - but in the world of modern terminal emulators, they sometimes do. In this post, I'll dive into the forgotten mechanics
portswigger.net
May 28, 2025 at 3:00 PM
zakfedotkin.bsky.social
Thank you @agarri.fr fixed
May 1, 2025 at 12:28 PM
zakfedotkin.bsky.social
portswigger.net/research/dra...
Drag and Pwnd: Leverage ASCII characters to exploit VS Code
Control characters like SOH, STX, EOT and EOT were never meant to run your code - but in the world of modern terminal emulators, they sometimes do. In this post, I'll dive into the forgotten mechanics
portswigger.net
April 30, 2025 at 12:44 PM
zakfedotkin.bsky.social
Check out the newest version here:
portswigger.net/web-security...

Null byte tricks:
portswigger.net/web-security...
URL validation bypass cheat sheet for SSRF/CORS/Redirect - 2024 Edition | Web Security Academy
This cheat sheet contains payloads for bypassing URL validation. These wordlists are useful for attacks such as server-side request forgery, CORS ...
portswigger.net
March 5, 2025 at 1:35 PM
zakfedotkin.bsky.social
Check it out here👇
portswigger.net/web-security...
URL validation bypass cheat sheet for SSRF/CORS/Redirect - 2024 Edition | Web Security Academy
This cheat sheet contains payloads for bypassing URL validation. These wordlists are useful for attacks such as server-side request forgery, CORS ...
portswigger.net
February 6, 2025 at 9:18 AM
zakfedotkin.bsky.social
Ruby secret_key_base can be decrypted from credentials.yml.enc file using following java code:
December 20, 2024 at 2:01 PM