alp1n3 🌲
@alp1n3.dev
🔮 AppSec & Go | Ex: ARCYBER
Previously: Malware, Helpdesk, and More 🎉
Previously: Malware, Helpdesk, and More 🎉
Pinned
alp1n3 🌲
@alp1n3.dev
· Nov 13
📍Feel free to give me a follow if you’re into:
- Application Security
- Web App Pentesting
- Bug Bounty Hunting
- Malware Analysis
- Shitposting about F1 🏎️
- Web3 / Crypto & Cybersecurity
I’m always trying to share what I learn along my journey! 📰
- Application Security
- Web App Pentesting
- Bug Bounty Hunting
- Malware Analysis
- Shitposting about F1 🏎️
- Web3 / Crypto & Cybersecurity
I’m always trying to share what I learn along my journey! 📰
Reposted by alp1n3 🌲
This is a great new feature from Kagi! Users can flag sites as "slop," providing a human reputational signal to penalize generative content.
Introducing SlopStop: Community-driven AI slop detection in Kagi Search | Kagi Blog
-------------------------------------------------------------------
Your collective defense against AI-generated spam and content farms
-------------------------------------------------------------------
We made it our mission to prevent the web from becoming useless and a harmful space.
blog.kagi.com
November 14, 2025 at 4:34 PM
This is a great new feature from Kagi! Users can flag sites as "slop," providing a human reputational signal to penalize generative content.
Reposted by alp1n3 🌲
this is a really well written article on why Cross-site Scripting (XSS) vulnerabilities still exist today flatt.tech/research/pos...
November 14, 2025 at 4:01 PM
this is a really well written article on why Cross-site Scripting (XSS) vulnerabilities still exist today flatt.tech/research/pos...
Reposted by alp1n3 🌲
🚨 Denmark is attempting to force #ChatControl 2.0 through the back door TODAY!
Take action now!
fightchatcontrol.eu
Take action now!
fightchatcontrol.eu
November 12, 2025 at 9:55 AM
🚨 Denmark is attempting to force #ChatControl 2.0 through the back door TODAY!
Take action now!
fightchatcontrol.eu
Take action now!
fightchatcontrol.eu
> nb4 I get the estimate for labor & parts
Fingers crossed it's not too expensive to have some prototypes printed @ the local makerspace. 🤞
Fingers crossed it's not too expensive to have some prototypes printed @ the local makerspace. 🤞
November 13, 2025 at 1:55 AM
> nb4 I get the estimate for labor & parts
Fingers crossed it's not too expensive to have some prototypes printed @ the local makerspace. 🤞
Fingers crossed it's not too expensive to have some prototypes printed @ the local makerspace. 🤞
Reposted by alp1n3 🌲
New video! Proud to announce Collector, a powerful new extension for @burpsuite that provides solutions for the collection, tracking, and handling of any kind of "token".
Watch here: youtu.be/SsjlL1N1qgM
Try out Collector: github.com/Tib3rius/...
Watch here: youtu.be/SsjlL1N1qgM
Try out Collector: github.com/Tib3rius/...
November 12, 2025 at 3:00 PM
New video! Proud to announce Collector, a powerful new extension for @burpsuite that provides solutions for the collection, tracking, and handling of any kind of "token".
Watch here: youtu.be/SsjlL1N1qgM
Try out Collector: github.com/Tib3rius/...
Watch here: youtu.be/SsjlL1N1qgM
Try out Collector: github.com/Tib3rius/...
Reposted by alp1n3 🌲
When your dad breaks Minecraft.
And the internet.
Watch the full interview about the biggest security vulnerability of all time 👉 https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/?utm_source=social&utm_medium=social&utm_campaign=minecraft
And the internet.
Watch the full interview about the biggest security vulnerability of all time 👉 https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/?utm_source=social&utm_medium=social&utm_campaign=minecraft
November 12, 2025 at 11:21 AM
When your dad breaks Minecraft.
And the internet.
Watch the full interview about the biggest security vulnerability of all time 👉 https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/?utm_source=social&utm_medium=social&utm_campaign=minecraft
And the internet.
Watch the full interview about the biggest security vulnerability of all time 👉 https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/?utm_source=social&utm_medium=social&utm_campaign=minecraft
Can't forget to mention that toasts are annoying and get in the way 99% of the time as well.
(I've got a long running bone to pick with them)
(I've got a long running bone to pick with them)
“GitHub no longer uses toasts because of their accessibility and usability issues.”
Music to my ears!
primer.style/accessibilit...
Music to my ears!
primer.style/accessibilit...
Toasts
GitHub no longer uses toasts because of their accessibility and usability issues.
primer.style
November 12, 2025 at 11:28 AM
Can't forget to mention that toasts are annoying and get in the way 99% of the time as well.
(I've got a long running bone to pick with them)
(I've got a long running bone to pick with them)
Reposted by alp1n3 🌲
Conventional wisdom is that tech books barely ever make back the actual time spent writing, in royalties. And any good book needs serious time investment!
I do believe we need *more* good tech books - which is why I wanted to share how much The Software Engineer’s Guidebook made.
(cont’d)
I do believe we need *more* good tech books - which is why I wanted to share how much The Software Engineer’s Guidebook made.
(cont’d)
November 12, 2025 at 9:42 AM
Conventional wisdom is that tech books barely ever make back the actual time spent writing, in royalties. And any good book needs serious time investment!
I do believe we need *more* good tech books - which is why I wanted to share how much The Software Engineer’s Guidebook made.
(cont’d)
I do believe we need *more* good tech books - which is why I wanted to share how much The Software Engineer’s Guidebook made.
(cont’d)
This will save me sooooo much time and scrolling 🙌
I've just upgraded Turbo Intruder with a shiny new algorithm called HTTP Anomaly Rank, which automatically finds the most unusual responses in your attack! Here's a quick demo, full details in the writeup below: youtu.be/z92GobdN40Y
HTTP Anomaly Rank - a new Turbo Intruder feature
YouTube video by PortSwigger
youtu.be
November 11, 2025 at 6:48 PM
This will save me sooooo much time and scrolling 🙌
Reposted by alp1n3 🌲
Something I observed while manually reviewing every single site on personalsit.es:
Websites built with Next.js very rarely have RSS feeds.
Websites built with React sometimes have RSS feeds.
Completely static sites almost always have RSS feeds.
#RSS
Websites built with Next.js very rarely have RSS feeds.
Websites built with React sometimes have RSS feeds.
Completely static sites almost always have RSS feeds.
#RSS
November 9, 2025 at 4:51 AM
Something I observed while manually reviewing every single site on personalsit.es:
Websites built with Next.js very rarely have RSS feeds.
Websites built with React sometimes have RSS feeds.
Completely static sites almost always have RSS feeds.
#RSS
Websites built with Next.js very rarely have RSS feeds.
Websites built with React sometimes have RSS feeds.
Completely static sites almost always have RSS feeds.
#RSS
Reposted by alp1n3 🌲
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
Overview - OWASP Developer Guide
OWASP Foundation Developer Guide project
devguide.owasp.org
November 9, 2025 at 1:08 PM
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
Reposted by alp1n3 🌲
I wrote a thing, about a project you should knock out when you get 45 minutes free. fly.io/blog/everyon...
You Should Write An Agent
They're like riding a bike: easy, and you don't get it until you try.
fly.io
November 6, 2025 at 8:55 PM
I wrote a thing, about a project you should knock out when you get 45 minutes free. fly.io/blog/everyon...
Reposted by alp1n3 🌲
This is wild. 99% of the code is legit, with just 20 malicious lines buried in thousands of lines of working code.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
🚨 New from Socket Threat Research: 9 malicious #NuGet packages deliver time-delayed destructive payloads, designed to crash apps and sabotage industrial control systems.
Read the full analysis → socket.dev/blog/9-malic... #dotnet
Read the full analysis → socket.dev/blog/9-malic... #dotnet
9 Malicious NuGet Packages Deliver Time-Delayed Destructive ...
Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control system...
socket.dev
November 6, 2025 at 9:41 PM
This is wild. 99% of the code is legit, with just 20 malicious lines buried in thousands of lines of working code.
cc: @campuscodi.risky.biz
cc: @campuscodi.risky.biz
🥲 Still can’t currently recommend getting a Suunto smart watch.
Despite knowing about bugs for 3+ months that wipe watches with each update…
And turning off automatic updates doesn’t work…
I’ve had my watch wiped twice at this point. Just go Garmin / Coros.
Despite knowing about bugs for 3+ months that wipe watches with each update…
And turning off automatic updates doesn’t work…
I’ve had my watch wiped twice at this point. Just go Garmin / Coros.
November 7, 2025 at 9:14 AM
🥲 Still can’t currently recommend getting a Suunto smart watch.
Despite knowing about bugs for 3+ months that wipe watches with each update…
And turning off automatic updates doesn’t work…
I’ve had my watch wiped twice at this point. Just go Garmin / Coros.
Despite knowing about bugs for 3+ months that wipe watches with each update…
And turning off automatic updates doesn’t work…
I’ve had my watch wiped twice at this point. Just go Garmin / Coros.
Sometimes a project at home just needs its config thrown in a text file. Totally support this!
November 3, 2025 at 7:49 PM
Sometimes a project at home just needs its config thrown in a text file. Totally support this!
Reposted by alp1n3 🌲
Why does this “something must be done” attitude never apply to corporate crimes?
Every day I’m shocked that nobody from Fujitsu or Post Office management have gone to prison for accusing post masters of crimes while stealing money from them, actions that led to suicide and wrongful imprisonment?
Every day I’m shocked that nobody from Fujitsu or Post Office management have gone to prison for accusing post masters of crimes while stealing money from them, actions that led to suicide and wrongful imprisonment?
Its the classic 'something must be done'
November 3, 2025 at 8:28 AM
Why does this “something must be done” attitude never apply to corporate crimes?
Every day I’m shocked that nobody from Fujitsu or Post Office management have gone to prison for accusing post masters of crimes while stealing money from them, actions that led to suicide and wrongful imprisonment?
Every day I’m shocked that nobody from Fujitsu or Post Office management have gone to prison for accusing post masters of crimes while stealing money from them, actions that led to suicide and wrongful imprisonment?
The ideal site for daily use:
- Plain, easy to read.
- Logical, following popular *positive* patterns users are used to
- Dark/Light support (ofc)
People hate on UIKits that standardize design, but tbh Etsy or Wayfair would be x100 better if they were pure Shadcn components 😂
- Plain, easy to read.
- Logical, following popular *positive* patterns users are used to
- Dark/Light support (ofc)
People hate on UIKits that standardize design, but tbh Etsy or Wayfair would be x100 better if they were pure Shadcn components 😂
Shame on these well-known companies for using these deceptive user interface patterns. https://hallofshame.design/collection/
Collection of Dark Patterns and Unethical Design
Discover a variety of dark pattern examples, sorted by category, to better understand deceptive design practices.
hallofshame.design
November 3, 2025 at 10:55 AM
The ideal site for daily use:
- Plain, easy to read.
- Logical, following popular *positive* patterns users are used to
- Dark/Light support (ofc)
People hate on UIKits that standardize design, but tbh Etsy or Wayfair would be x100 better if they were pure Shadcn components 😂
- Plain, easy to read.
- Logical, following popular *positive* patterns users are used to
- Dark/Light support (ofc)
People hate on UIKits that standardize design, but tbh Etsy or Wayfair would be x100 better if they were pure Shadcn components 😂
Reposted by alp1n3 🌲
watching someone experienced work is a very underrated way to level up. "tacit knowledge transfer" is how we learn all the little tips and techniques and shortcuts that make experts so dang fast and effective, and it's really, really hard to learn that stuff in other ways
One of the first things I do with new junior engineers is pair with them to show them how I would track down a bug they're working on.
Learning how to problem solve in the codebase is more important than being able to churn out LoC.
Learning how to problem solve in the codebase is more important than being able to churn out LoC.
Like the difference between an entry-level engineer and a senior one might be language fluency, but the difference between a senior one and a distinguished one is the distinguished one knows how to turn 100x 100 hour debugging problems into 4x 30 minute ones
November 3, 2025 at 1:10 AM
watching someone experienced work is a very underrated way to level up. "tacit knowledge transfer" is how we learn all the little tips and techniques and shortcuts that make experts so dang fast and effective, and it's really, really hard to learn that stuff in other ways
Reposted by alp1n3 🌲
I wrote a bit about my sidequest at Earendil: Building Absurd which implements durable execution (𝚞𝚜𝚎 𝚠𝚘𝚛𝚔𝚏𝚕𝚘𝚠, Temporal, Inngest, etc.) on just Postgres. How it works and why I like it. lucumr.pocoo.org/2025/11/3/ab...
Absurd Workflows: Durable Execution With Just Postgres
Durable execution with just postgres.
lucumr.pocoo.org
November 3, 2025 at 8:53 AM
I wrote a bit about my sidequest at Earendil: Building Absurd which implements durable execution (𝚞𝚜𝚎 𝚠𝚘𝚛𝚔𝚏𝚕𝚘𝚠, Temporal, Inngest, etc.) on just Postgres. How it works and why I like it. lucumr.pocoo.org/2025/11/3/ab...
Reposted by alp1n3 🌲
Articles worth reading discovered last week: Passports, WIFI and AI-SAST!
🛂 blog.trailofbits.com/2025/10/31/t...
🛜 pulsesecurity.co.nz/articles/byp...
🧠 parsiya.net/blog/wtf-is-...
🛂 blog.trailofbits.com/2025/10/31/t...
🛜 pulsesecurity.co.nz/articles/byp...
🧠 parsiya.net/blog/wtf-is-...
The cryptography behind electronic passports
This blog post describes how electronic passports work, the threats within their threat model, and how they protect against those threats using cryptography. It also discusses the implications of usin...
blog.trailofbits.com
November 2, 2025 at 10:51 PM
Articles worth reading discovered last week: Passports, WIFI and AI-SAST!
🛂 blog.trailofbits.com/2025/10/31/t...
🛜 pulsesecurity.co.nz/articles/byp...
🧠 parsiya.net/blog/wtf-is-...
🛂 blog.trailofbits.com/2025/10/31/t...
🛜 pulsesecurity.co.nz/articles/byp...
🧠 parsiya.net/blog/wtf-is-...
Reposted by alp1n3 🌲
Did not see this coming: #Canva made #Affinity free and is investing to revamp it.
Smart growth move and a win for creators... pro-grade tools for free.
First look: www.youtube.com/watch?v=CzPz...
#Design #AffinitySuite
Smart growth move and a win for creators... pro-grade tools for free.
First look: www.youtube.com/watch?v=CzPz...
#Design #AffinitySuite
Meet the new Affinity
YouTube video by Canva
www.youtube.com
November 1, 2025 at 11:20 AM
Did not see this coming: #Canva made #Affinity free and is investing to revamp it.
Smart growth move and a win for creators... pro-grade tools for free.
First look: www.youtube.com/watch?v=CzPz...
#Design #AffinitySuite
Smart growth move and a win for creators... pro-grade tools for free.
First look: www.youtube.com/watch?v=CzPz...
#Design #AffinitySuite
Reposted by alp1n3 🌲
I don't agree with all the points being made here, but this opening sentence really hits home. 👇
blog.pabloecortez.com/its-insultin...
blog.pabloecortez.com/its-insultin...
October 31, 2025 at 1:03 PM
I don't agree with all the points being made here, but this opening sentence really hits home. 👇
blog.pabloecortez.com/its-insultin...
blog.pabloecortez.com/its-insultin...
Reposted by alp1n3 🌲
Some guy got in an argument with me about the impact of AI malware. He cited a MIT paper claiming "80% of ransomware attacks are AI powered". I glanced over it and burst out laughing, but couldn't be bothered to debunk it. My friend on the other hand, could. He roasted it so hard that MIT deleted it
Security Community Slams MIT-linked Report Claiming AI Power...
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
socket.dev
October 31, 2025 at 10:10 PM
Some guy got in an argument with me about the impact of AI malware. He cited a MIT paper claiming "80% of ransomware attacks are AI powered". I glanced over it and burst out laughing, but couldn't be bothered to debunk it. My friend on the other hand, could. He roasted it so hard that MIT deleted it
Reposted by alp1n3 🌲
