Reposted by keefer
Finally I can hit management’s goal of zero CVEs!
April 15, 2025 at 5:57 PM
Finally I can hit management’s goal of zero CVEs!
Reposted by keefer
OMG I just found out you can do this:
export MANPAGER='vim +MANPAGER --not-a-term -'
to use vim as your man pager.
It has syntax highlighting. You can jump to other man pages by pressing 'K' <3
export MANPAGER='vim +MANPAGER --not-a-term -'
to use vim as your man pager.
It has syntax highlighting. You can jump to other man pages by pressing 'K' <3
April 10, 2025 at 10:17 AM
OMG I just found out you can do this:
export MANPAGER='vim +MANPAGER --not-a-term -'
to use vim as your man pager.
It has syntax highlighting. You can jump to other man pages by pressing 'K' <3
export MANPAGER='vim +MANPAGER --not-a-term -'
to use vim as your man pager.
It has syntax highlighting. You can jump to other man pages by pressing 'K' <3
Reposted by keefer
I'm here to once again remind you that if you require ideological purity of all your peers, colleagues, and even products/services you use, you will spend your time fighting everything and accomplishing nothing.
March 27, 2025 at 5:20 PM
I'm here to once again remind you that if you require ideological purity of all your peers, colleagues, and even products/services you use, you will spend your time fighting everything and accomplishing nothing.
Reposted by keefer
I've received 4 unique solutions to this challenge so far. Who knew securing against XSS could be so difficult??!? 😆
I'll publish all solutions next Monday, but will be keeping the challenge online indefinitely.
I'll publish all solutions next Monday, but will be keeping the challenge online indefinitely.
Following other's lead, I put together an XSS challenge to solve a somewhat tricky injection I'd come across. In producing the challenge I came up with my solution (so in that way I guess it served it's purpose) but interested in how other's would approach it 🤔
blog.ajxchapman.com/xss/challeng...
blog.ajxchapman.com/xss/challeng...
March 12, 2025 at 7:50 AM
I've received 4 unique solutions to this challenge so far. Who knew securing against XSS could be so difficult??!? 😆
I'll publish all solutions next Monday, but will be keeping the challenge online indefinitely.
I'll publish all solutions next Monday, but will be keeping the challenge online indefinitely.
Reposted by keefer
"I'm just saying, if you get excited by seeing eip=0x414141 then it's time to schedule your colonoscopy."- Andrew Ruef
keynoting @re-verse.io
keynoting @re-verse.io
Keynote Shoutout! One of our goals for the conference is to bring great talks and ideas from people you might not have heard from or about before.
March 1, 2025 at 2:08 PM
"I'm just saying, if you get excited by seeing eip=0x414141 then it's time to schedule your colonoscopy."- Andrew Ruef
keynoting @re-verse.io
keynoting @re-verse.io
Reposted by keefer
I recently tested Scalpel, a Burp extension that allows to easily create custom HTTP viewers (ro) and editors (rw) using a Python interpreter from your host machine (bye bye Jython!)
www.ambionics.io/blog/scalpel
Piper may be enough for message viewers, but if you need **editors**, give it a try!
www.ambionics.io/blog/scalpel
Piper may be enough for message viewers, but if you need **editors**, give it a try!
Introduction
ambionics.github.io
February 21, 2025 at 6:15 PM
I recently tested Scalpel, a Burp extension that allows to easily create custom HTTP viewers (ro) and editors (rw) using a Python interpreter from your host machine (bye bye Jython!)
www.ambionics.io/blog/scalpel
Piper may be enough for message viewers, but if you need **editors**, give it a try!
www.ambionics.io/blog/scalpel
Piper may be enough for message viewers, but if you need **editors**, give it a try!
Reposted by keefer
Honey, wake up - #clickjacking is back.
A decade ago, #clickjacking was the hot new #attack—tricking users into clicking invisible #frames layered over legit websites, unknowingly performing actions on their social media, corporate accounts, or even banks.
1/3
A decade ago, #clickjacking was the hot new #attack—tricking users into clicking invisible #frames layered over legit websites, unknowingly performing actions on their social media, corporate accounts, or even banks.
1/3
Blog: DoubleClickjacking: A New Era of UI Redressing
data:blog.metaDescription
www.paulosyibelo.com
February 4, 2025 at 10:13 PM
Honey, wake up - #clickjacking is back.
A decade ago, #clickjacking was the hot new #attack—tricking users into clicking invisible #frames layered over legit websites, unknowingly performing actions on their social media, corporate accounts, or even banks.
1/3
A decade ago, #clickjacking was the hot new #attack—tricking users into clicking invisible #frames layered over legit websites, unknowingly performing actions on their social media, corporate accounts, or even banks.
1/3
Reposted by keefer
Discover blocklist bypasses via unicode overflows using the latest updates to ActiveScan++, Hackvertor & Shazzer! Thanks to Ryan Barnett and Neh Patel for sharing this technique.
portswigger.net/research/byp...
portswigger.net/research/byp...
January 28, 2025 at 2:01 PM
Discover blocklist bypasses via unicode overflows using the latest updates to ActiveScan++, Hackvertor & Shazzer! Thanks to Ryan Barnett and Neh Patel for sharing this technique.
portswigger.net/research/byp...
portswigger.net/research/byp...
Reposted by keefer
Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal by @doyensec
https://blog.doyensec.com/2025/01/09/cspt-file-upload.html
#BBRENewsletter87
https://blog.doyensec.com/2025/01/09/cspt-file-upload.html
#BBRENewsletter87
January 24, 2025 at 3:05 PM
Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal by @doyensec
https://blog.doyensec.com/2025/01/09/cspt-file-upload.html
#BBRENewsletter87
https://blog.doyensec.com/2025/01/09/cspt-file-upload.html
#BBRENewsletter87
Reposted by keefer
Good morning.
Responding instead of reacting is powerful.
Responding instead of reacting is powerful.
January 23, 2025 at 8:37 AM
Good morning.
Responding instead of reacting is powerful.
Responding instead of reacting is powerful.
Reposted by keefer
while you were studying the blade, I studied the merkle search tree
June 9, 2023 at 2:30 PM
while you were studying the blade, I studied the merkle search tree
Reposted by keefer
wake up babe, insane new use for ai (generating absurd yet somehow usable qr codes) just dropped
probably one of the few ai-image generation tasks that human artists cannot really do right now
https://www.reddit.com/r/StableDiffusion/comments/141hg9x/controlnet_for_qr_code/
probably one of the few ai-image generation tasks that human artists cannot really do right now
https://www.reddit.com/r/StableDiffusion/comments/141hg9x/controlnet_for_qr_code/
June 6, 2023 at 7:23 AM
wake up babe, insane new use for ai (generating absurd yet somehow usable qr codes) just dropped
probably one of the few ai-image generation tasks that human artists cannot really do right now
https://www.reddit.com/r/StableDiffusion/comments/141hg9x/controlnet_for_qr_code/
probably one of the few ai-image generation tasks that human artists cannot really do right now
https://www.reddit.com/r/StableDiffusion/comments/141hg9x/controlnet_for_qr_code/