kingthorin
@kingthorin.bsky.social
IT Sec guy, zaproxy co-lead, WSTG co-lead, VWAD co-lead, OWASP Ottawa volunteer, Hac≺3r, supporter of oxford commas, #INTJ. (Opinions == mine) 🍁
Reposted by kingthorin
SANS Holiday Hack Challenge 2025 https://isc.sans.edu/diary/32488
November 16, 2025 at 7:21 AM
SANS Holiday Hack Challenge 2025 https://isc.sans.edu/diary/32488
Firefox 145.0, See All New Features, Updates and Fixes
www.firefox.com
November 13, 2025 at 12:33 PM
Reposted by kingthorin
Thank you whack-jobs, conspiracy theorists, convoyers, and other stupid people for this amazing day of ignorance for #Canada. Your unnecessary spreading of pain and suffering will be remembered for years to come.
#measles #vaccination #vaccine #Darwin
www.cbc.ca/news/health/...
#measles #vaccination #vaccine #Darwin
www.cbc.ca/news/health/...
Canada loses measles elimination status | CBC
www.cbc.ca
November 10, 2025 at 4:28 PM
Thank you whack-jobs, conspiracy theorists, convoyers, and other stupid people for this amazing day of ignorance for #Canada. Your unnecessary spreading of pain and suffering will be remembered for years to come.
#measles #vaccination #vaccine #Darwin
www.cbc.ca/news/health/...
#measles #vaccination #vaccine #Darwin
www.cbc.ca/news/health/...
I got the Hacktoberfest 2025: Supercontributor badge from Hacktoberfest @hacktoberfest @digitalocean! www.holopin.io/hacktoberfes...
I got the Hacktoberfest 2025: Supercontributor badge from Hacktoberfest @hacktoberfest @digitalocean!
@kingthorin has earned the Hacktoberfest 2025: Supercontributor badge from Hacktoberfest.
www.holopin.io
November 7, 2025 at 7:47 PM
I got the Hacktoberfest 2025: Supercontributor badge from Hacktoberfest @hacktoberfest @digitalocean! www.holopin.io/hacktoberfes...
Reposted by kingthorin
www.nytimes.com/shared/comme... “We have reached peak insanity: $100B in annual compensation is equivalent to approximately 3M full-time minimum-wage workers (at $16/hr) for one year.
No accomplishment by any individual justifies receiving the same compensation as 3M people working full-time.”
No accomplishment by any individual justifies receiving the same compensation as 3M people working full-time.”
Read a Times Reader's Comment on: Elon Musk Wins $1 Trillion Tesla Pay Package
Tesla shareholders approved a plan to grant Elon Musk shares worth nearly $1 trillion if he meets ambitious goals, including vastly expanding the company’s stock market valuation.
www.nytimes.com
November 7, 2025 at 3:02 AM
www.nytimes.com/shared/comme... “We have reached peak insanity: $100B in annual compensation is equivalent to approximately 3M full-time minimum-wage workers (at $16/hr) for one year.
No accomplishment by any individual justifies receiving the same compensation as 3M people working full-time.”
No accomplishment by any individual justifies receiving the same compensation as 3M people working full-time.”
Reposted by kingthorin
#Django: Critical SQL Injection Vulnerability in Django (CVE-2025-64459):
www.endorlabs.com/learn/critic...
www.endorlabs.com/learn/critic...
Critical SQL Injection Vulnerability in Django (CVE-2025-64459) | Blog | Endor Labs
Critical SQL Injection Vulnerability in Django (CVE-2025-64459). Learn what happened, root cause, impact, and how to mitigate.
www.endorlabs.com
November 6, 2025 at 5:10 PM
#Django: Critical SQL Injection Vulnerability in Django (CVE-2025-64459):
www.endorlabs.com/learn/critic...
www.endorlabs.com/learn/critic...
Reposted by kingthorin
Reposted by kingthorin
Firefox nightly introduces the setHTML() method. Which is like a native DOMPurify. You can easily test it here:
portswigger-labs.net/mxss/
Set HTMLSanitizer ✅
Auto update ✅
I'm trying to break it, I encourage you to break it too
portswigger-labs.net/mxss/
Set HTMLSanitizer ✅
Auto update ✅
I'm trying to break it, I encourage you to break it too
November 3, 2025 at 12:26 PM
Firefox nightly introduces the setHTML() method. Which is like a native DOMPurify. You can easily test it here:
portswigger-labs.net/mxss/
Set HTMLSanitizer ✅
Auto update ✅
I'm trying to break it, I encourage you to break it too
portswigger-labs.net/mxss/
Set HTMLSanitizer ✅
Auto update ✅
I'm trying to break it, I encourage you to break it too
this graphic is everything. this is why people overestimate the prevalence of violent crime and terrorism and support punitive police measures.
they are quite literally distorting reality in order to keep you scared of the wrong things.
they are quite literally distorting reality in order to keep you scared of the wrong things.
November 1, 2025 at 1:06 PM
Reposted by kingthorin
OLD TIMEY POISONS! ☠️🤢
Enjoy some Aqua Tofana, cyanide peach pits, sketchy groundwater, arsenic, old lace, movie myths, tragic mix-ups, and the birth of forensic toxicology with Pulitzer Prize winning Deborah Blum.
It’s been quite a Spooktober, y’all! ☠️
www.alieward.com/ologies/hist...
Enjoy some Aqua Tofana, cyanide peach pits, sketchy groundwater, arsenic, old lace, movie myths, tragic mix-ups, and the birth of forensic toxicology with Pulitzer Prize winning Deborah Blum.
It’s been quite a Spooktober, y’all! ☠️
www.alieward.com/ologies/hist...
Historical Toxicology (OLD TIMEY POISONS) with Deborah Blum — alie ward
Metal poisons. Odorless ones. Toxic plants. Iocane powder, arsenic, old lace, poisons as self-defense, black mirrors, Aqua Tofanas, movie myths, and the start of testing for that which ails or kills y...
www.alieward.com
October 29, 2025 at 9:30 PM
OLD TIMEY POISONS! ☠️🤢
Enjoy some Aqua Tofana, cyanide peach pits, sketchy groundwater, arsenic, old lace, movie myths, tragic mix-ups, and the birth of forensic toxicology with Pulitzer Prize winning Deborah Blum.
It’s been quite a Spooktober, y’all! ☠️
www.alieward.com/ologies/hist...
Enjoy some Aqua Tofana, cyanide peach pits, sketchy groundwater, arsenic, old lace, movie myths, tragic mix-ups, and the birth of forensic toxicology with Pulitzer Prize winning Deborah Blum.
It’s been quite a Spooktober, y’all! ☠️
www.alieward.com/ologies/hist...
Ok Cyberz community bring on your #WednesdayWin stories!
For me:
- I've recently past my 1yr mark at Checkmarx 🎉
- I've finished some #zaproxy rule and add-on work.
- I'm starting some #zaproxy core work 😁
For me:
- I've recently past my 1yr mark at Checkmarx 🎉
- I've finished some #zaproxy rule and add-on work.
- I'm starting some #zaproxy core work 😁
October 29, 2025 at 3:27 PM
Ok Cyberz community bring on your #WednesdayWin stories!
For me:
- I've recently past my 1yr mark at Checkmarx 🎉
- I've finished some #zaproxy rule and add-on work.
- I'm starting some #zaproxy core work 😁
For me:
- I've recently past my 1yr mark at Checkmarx 🎉
- I've finished some #zaproxy rule and add-on work.
- I'm starting some #zaproxy core work 😁
Reposted by kingthorin
Hi Folks! What would you like to see changed in #OWASP #WrongSecrets?
October 26, 2025 at 8:30 PM
Hi Folks! What would you like to see changed in #OWASP #WrongSecrets?
Reposted by kingthorin
We are starting our Kali/Hacker-themed #Pumpkin #Carving #Contest!
Share your masterpiece, tag us, and whoever on whichever social network has the most reactions will get $50 store credit (offsec.usa.dowlis.com/kali/view-al...).
Ends 1st Nov 2025 00:00 UTC
#JackOLantern
Share your masterpiece, tag us, and whoever on whichever social network has the most reactions will get $50 store credit (offsec.usa.dowlis.com/kali/view-al...).
Ends 1st Nov 2025 00:00 UTC
#JackOLantern
October 25, 2025 at 7:23 AM
We are starting our Kali/Hacker-themed #Pumpkin #Carving #Contest!
Share your masterpiece, tag us, and whoever on whichever social network has the most reactions will get $50 store credit (offsec.usa.dowlis.com/kali/view-al...).
Ends 1st Nov 2025 00:00 UTC
#JackOLantern
Share your masterpiece, tag us, and whoever on whichever social network has the most reactions will get $50 store credit (offsec.usa.dowlis.com/kali/view-al...).
Ends 1st Nov 2025 00:00 UTC
#JackOLantern
I got the Hacktoberfest 2025: Level 3 badge from Hacktoberfest @hacktoberfest @digitalocean! www.holopin.io/hacktoberfes...
I got the Hacktoberfest 2025: Level 3 badge from Hacktoberfest @hacktoberfest @digitalocean!
@kingthorin has earned the Hacktoberfest 2025: Level 3 badge from Hacktoberfest.
www.holopin.io
October 24, 2025 at 1:55 PM
I got the Hacktoberfest 2025: Level 3 badge from Hacktoberfest @hacktoberfest @digitalocean! www.holopin.io/hacktoberfes...
I got the Hacktoberfest 2025: Level 2 badge from Hacktoberfest @hacktoberfest @digitalocean! www.holopin.io/hacktoberfes...
I got the Hacktoberfest 2025: Level 2 badge from Hacktoberfest @hacktoberfest @digitalocean!
@kingthorin has earned the Hacktoberfest 2025: Level 2 badge from Hacktoberfest.
www.holopin.io
October 23, 2025 at 8:44 PM
I got the Hacktoberfest 2025: Level 2 badge from Hacktoberfest @hacktoberfest @digitalocean! www.holopin.io/hacktoberfes...
#WednesdayWins let’s hear your cyber, life, whatever wins for the week. Big or small your community needs to hear anything you’ve knocked off or accomplished.
For me I’ve got the following:
- Contributions to OWASP Nest Schema
- ZAP rules and docs work
#OpenSource
For me I’ve got the following:
- Contributions to OWASP Nest Schema
- ZAP rules and docs work
#OpenSource
October 22, 2025 at 9:32 PM
#WednesdayWins let’s hear your cyber, life, whatever wins for the week. Big or small your community needs to hear anything you’ve knocked off or accomplished.
For me I’ve got the following:
- Contributions to OWASP Nest Schema
- ZAP rules and docs work
#OpenSource
For me I’ve got the following:
- Contributions to OWASP Nest Schema
- ZAP rules and docs work
#OpenSource
Reposted by kingthorin
Found an XSS but got blocked by the CSP?
https://cspbypass.com has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇
https://cspbypass.com has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇
October 21, 2025 at 9:16 AM
Found an XSS but got blocked by the CSP?
https://cspbypass.com has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇
https://cspbypass.com has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇
Reposted by kingthorin
With the May release of @OWASP ASVS 5.0.0, we now have 3 finished translations: Turkish, Russian and French!
Thanks to everyone who prepared these and in particular thanks to Ata Seren who built a nice new translation validation script for us!
Look out others on the way!
Thanks to everyone who prepared these and in particular thanks to Ata Seren who built a nice new translation validation script for us!
Look out others on the way!
October 20, 2025 at 4:08 PM
With the May release of @OWASP ASVS 5.0.0, we now have 3 finished translations: Turkish, Russian and French!
Thanks to everyone who prepared these and in particular thanks to Ata Seren who built a nice new translation validation script for us!
Look out others on the way!
Thanks to everyone who prepared these and in particular thanks to Ata Seren who built a nice new translation validation script for us!
Look out others on the way!
Reposted by kingthorin
Many Online Services and Websites Affected by an AWS Outage https://isc.sans.edu/diary/32386
October 20, 2025 at 9:40 AM
Many Online Services and Websites Affected by an AWS Outage https://isc.sans.edu/diary/32386
#owasp members please get out and vote 🗳️
board.owasp.org/elections/20...
Check your membership related email account (check spam/junk) for "2025 OWASP Global Board of Directors Election" from simplyvoting.
#GetOutAndVote
board.owasp.org/elections/20...
Check your membership related email account (check spam/junk) for "2025 OWASP Global Board of Directors Election" from simplyvoting.
#GetOutAndVote
OWASP 2025 Global Board Elections | OWASP Foundation
OWASP 2025 Global Board Elections on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
board.owasp.org
October 17, 2025 at 3:10 PM
#owasp members please get out and vote 🗳️
board.owasp.org/elections/20...
Check your membership related email account (check spam/junk) for "2025 OWASP Global Board of Directors Election" from simplyvoting.
#GetOutAndVote
board.owasp.org/elections/20...
Check your membership related email account (check spam/junk) for "2025 OWASP Global Board of Directors Election" from simplyvoting.
#GetOutAndVote
Great intro to various ZAP features!!
October 15, 2025 at 3:25 PM
Great intro to various ZAP features!!
Reposted by kingthorin
🚨 Our room block was extended by 1 day! BOOK YOUR GLOBAL #APPSEC ROOM TODAY.
It is your final chance to grab discounted guest room rates at our hotel. Secure your spot NOW and pocket some extra cash 💸
book.passkey.com/gt/...
#devsecops #OWASP #threatmodeling #SDLC
It is your final chance to grab discounted guest room rates at our hotel. Secure your spot NOW and pocket some extra cash 💸
book.passkey.com/gt/...
#devsecops #OWASP #threatmodeling #SDLC
October 14, 2025 at 8:27 PM
🚨 Our room block was extended by 1 day! BOOK YOUR GLOBAL #APPSEC ROOM TODAY.
It is your final chance to grab discounted guest room rates at our hotel. Secure your spot NOW and pocket some extra cash 💸
book.passkey.com/gt/...
#devsecops #OWASP #threatmodeling #SDLC
It is your final chance to grab discounted guest room rates at our hotel. Secure your spot NOW and pocket some extra cash 💸
book.passkey.com/gt/...
#devsecops #OWASP #threatmodeling #SDLC
Reposted by kingthorin
Last chance to catch "Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls" at the NDC Conference, Manchester. Join me and see just how wild the email RFCs really are.
portswigger.net/research/tal...
portswigger.net/research/tal...
October 13, 2025 at 9:00 AM
Last chance to catch "Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls" at the NDC Conference, Manchester. Join me and see just how wild the email RFCs really are.
portswigger.net/research/tal...
portswigger.net/research/tal...