jackie
@jackiehavoltrey.bsky.social
Pinned
Can I make enough money to leave this godforsaken country and transition before dysphoria literally kills me? tune in to find out ◝(ᵔᗜᵔ)◜
Can I make enough money to leave this godforsaken country and transition before dysphoria literally kills me? tune in to find out ◝(ᵔᗜᵔ)◜
November 7, 2025 at 10:05 PM
Can I make enough money to leave this godforsaken country and transition before dysphoria literally kills me? tune in to find out ◝(ᵔᗜᵔ)◜
day 30
- nothing really, just the usual. think im gonna start only updating when theres some progress or milestone.
- nothing really, just the usual. think im gonna start only updating when theres some progress or milestone.
October 27, 2025 at 7:14 PM
day 30
- nothing really, just the usual. think im gonna start only updating when theres some progress or milestone.
- nothing really, just the usual. think im gonna start only updating when theres some progress or milestone.
day 29
- started reading blackhat graphql
- Thought I found a really cool bug where I could get rewards on a shop app without buying anything, but even though it says you get the rewards, it doesn't actually give them to you, so there's probably some backend stuff. TGIF (ᵕ—ᴗ—)
- started reading blackhat graphql
- Thought I found a really cool bug where I could get rewards on a shop app without buying anything, but even though it says you get the rewards, it doesn't actually give them to you, so there's probably some backend stuff. TGIF (ᵕ—ᴗ—)
October 24, 2025 at 9:02 PM
day 29
- started reading blackhat graphql
- Thought I found a really cool bug where I could get rewards on a shop app without buying anything, but even though it says you get the rewards, it doesn't actually give them to you, so there's probably some backend stuff. TGIF (ᵕ—ᴗ—)
- started reading blackhat graphql
- Thought I found a really cool bug where I could get rewards on a shop app without buying anything, but even though it says you get the rewards, it doesn't actually give them to you, so there's probably some backend stuff. TGIF (ᵕ—ᴗ—)
day 28
- done mapping payment flow
- started reading "web application hackers handbook"
prolly should've read this day one, silly me (˶˃⤙˂˶)
- done mapping payment flow
- started reading "web application hackers handbook"
prolly should've read this day one, silly me (˶˃⤙˂˶)
October 23, 2025 at 6:34 PM
day 28
- done mapping payment flow
- started reading "web application hackers handbook"
prolly should've read this day one, silly me (˶˃⤙˂˶)
- done mapping payment flow
- started reading "web application hackers handbook"
prolly should've read this day one, silly me (˶˃⤙˂˶)
day 27
- took a day off for MH
- did some more graphql practice
- almost done testing all my ideas and no leads yet, gonna try digging deeper and trying to understand how purchasing stuff works on the site.
(˶˃ ᵕ ˂˶)
- took a day off for MH
- did some more graphql practice
- almost done testing all my ideas and no leads yet, gonna try digging deeper and trying to understand how purchasing stuff works on the site.
(˶˃ ᵕ ˂˶)
October 22, 2025 at 6:22 PM
day 27
- took a day off for MH
- did some more graphql practice
- almost done testing all my ideas and no leads yet, gonna try digging deeper and trying to understand how purchasing stuff works on the site.
(˶˃ ᵕ ˂˶)
- took a day off for MH
- did some more graphql practice
- almost done testing all my ideas and no leads yet, gonna try digging deeper and trying to understand how purchasing stuff works on the site.
(˶˃ ᵕ ˂˶)
day 26
- done with graphql portswigger module
- did some more testing
gonna try to figure out how to use clairvoyance tmrw
- im really tired
- done with graphql portswigger module
- did some more testing
gonna try to figure out how to use clairvoyance tmrw
- im really tired
October 20, 2025 at 8:25 PM
day 26
- done with graphql portswigger module
- did some more testing
gonna try to figure out how to use clairvoyance tmrw
- im really tired
- done with graphql portswigger module
- did some more testing
gonna try to figure out how to use clairvoyance tmrw
- im really tired
day 25
- dud
- done learning request smuggling, think i have a decent grasp of it now so gonna try hunting for it
- started reading/revising on graphql
- modified plan to include more hacking than learning.
ciao ⸜(。˃ ᵕ ˂ )⸝♡
- dud
- done learning request smuggling, think i have a decent grasp of it now so gonna try hunting for it
- started reading/revising on graphql
- modified plan to include more hacking than learning.
ciao ⸜(。˃ ᵕ ˂ )⸝♡
October 17, 2025 at 9:58 PM
day 25
- dud
- done learning request smuggling, think i have a decent grasp of it now so gonna try hunting for it
- started reading/revising on graphql
- modified plan to include more hacking than learning.
ciao ⸜(。˃ ᵕ ˂ )⸝♡
- dud
- done learning request smuggling, think i have a decent grasp of it now so gonna try hunting for it
- started reading/revising on graphql
- modified plan to include more hacking than learning.
ciao ⸜(。˃ ᵕ ˂ )⸝♡
just figure out how it works then break it?
October 16, 2025 at 7:59 PM
just figure out how it works then break it?
day 24
- might've found some interesting ₍^. .^₎⟆
- Read a few request smuggling reports
- might've found some interesting ₍^. .^₎⟆
- Read a few request smuggling reports
October 16, 2025 at 4:05 PM
day 24
- might've found some interesting ₍^. .^₎⟆
- Read a few request smuggling reports
- might've found some interesting ₍^. .^₎⟆
- Read a few request smuggling reports
day 23
- started re-learning web dev
Currently learning Bootstrap
- still testing, nothing...interesting yet
- started re-learning web dev
Currently learning Bootstrap
- still testing, nothing...interesting yet
October 15, 2025 at 6:55 PM
day 23
- started re-learning web dev
Currently learning Bootstrap
- still testing, nothing...interesting yet
- started re-learning web dev
Currently learning Bootstrap
- still testing, nothing...interesting yet
i've heard "read JS" but like do you just go through the code? read line by line? idk i tried just skimmming through the js of this one app trying to get the main gist of it, found some unique graphql queries.
October 14, 2025 at 5:00 PM
i've heard "read JS" but like do you just go through the code? read line by line? idk i tried just skimmming through the js of this one app trying to get the main gist of it, found some unique graphql queries.
day 21
- spent 4 hours solving one lab smh
- sick
- started testing target
- spent 4 hours solving one lab smh
- sick
- started testing target
October 8, 2025 at 5:19 PM
day 21
- spent 4 hours solving one lab smh
- sick
- started testing target
- spent 4 hours solving one lab smh
- sick
- started testing target
day 20
- done mapping
- still solving labs bla bla bla
- done mapping
- still solving labs bla bla bla
October 7, 2025 at 4:02 PM
day 20
- done mapping
- still solving labs bla bla bla
- done mapping
- still solving labs bla bla bla
day 19
- report seems to have gotten triaged
- solved some more portswigger labs
- started mapping new target
- report seems to have gotten triaged
- solved some more portswigger labs
- started mapping new target
October 6, 2025 at 3:23 PM
day 19
- report seems to have gotten triaged
- solved some more portswigger labs
- started mapping new target
- report seems to have gotten triaged
- solved some more portswigger labs
- started mapping new target
day 18
- practised some request smuggling labs
- moved on to a bbp
- practised some request smuggling labs
- moved on to a bbp
October 3, 2025 at 5:08 PM
day 18
- practised some request smuggling labs
- moved on to a bbp
- practised some request smuggling labs
- moved on to a bbp
The @yeswehack pwnfox burp extension automatically updates the content length of requests sent through repeater, even while "update Content-Length" is disabled; this interferes with request smuggling attacks, specifically TE.CL.
github.com/yeswehack/Pw...
github.com/yeswehack/Pw...
yeswehack/PwnFox
PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit. - yeswehack/PwnFox
github.com
October 3, 2025 at 1:34 PM
The @yeswehack pwnfox burp extension automatically updates the content length of requests sent through repeater, even while "update Content-Length" is disabled; this interferes with request smuggling attacks, specifically TE.CL.
github.com/yeswehack/Pw...
github.com/yeswehack/Pw...
day 17
- read about desync attacks
- thinking of switching to a bbp because im not really motivated by rep
- read about desync attacks
- thinking of switching to a bbp because im not really motivated by rep
October 2, 2025 at 4:14 PM
day 17
- read about desync attacks
- thinking of switching to a bbp because im not really motivated by rep
- read about desync attacks
- thinking of switching to a bbp because im not really motivated by rep
peak on disclosed
They found a path traversal chain that, with a DLL injection, and poof, just wow
infosecwriteups.com/chaining-pat...
They found a path traversal chain that, with a DLL injection, and poof, just wow
infosecwriteups.com/chaining-pat...
Chaining Path Traversal Vulnerability to RCE — Meta’s 111,750$ Bug
In the high-stakes world of bug bounty hunting, a single vulnerability can be the key to unlocking a significant reward. But what happens…
infosecwriteups.com
September 30, 2025 at 3:18 PM
peak on disclosed
They found a path traversal chain that, with a DLL injection, and poof, just wow
infosecwriteups.com/chaining-pat...
They found a path traversal chain that, with a DLL injection, and poof, just wow
infosecwriteups.com/chaining-pat...
day 15
- almost done learning the basics of req smuggling
- done refreshing on wordpress hacking
- found a wordpress login page on the target, but it's been blocked
gonna try some 403 bypasses
- almost done learning the basics of req smuggling
- done refreshing on wordpress hacking
- found a wordpress login page on the target, but it's been blocked
gonna try some 403 bypasses
September 30, 2025 at 3:11 PM
day 15
- almost done learning the basics of req smuggling
- done refreshing on wordpress hacking
- found a wordpress login page on the target, but it's been blocked
gonna try some 403 bypasses
- almost done learning the basics of req smuggling
- done refreshing on wordpress hacking
- found a wordpress login page on the target, but it's been blocked
gonna try some 403 bypasses