@v6edo8.bsky.social
Reposted
You've identified a possible SQLi 🤑
But WAF is in the way... 😓
What if you could just bypass this WAF and get your payload through? 🤠
In our latest article, we documented several ways to identify the origin IP of your target behind popular CDNs and firewalls!
🔗 www.intigriti.com/researchers/...
But WAF is in the way... 😓
What if you could just bypass this WAF and get your payload through? 🤠
In our latest article, we documented several ways to identify the origin IP of your target behind popular CDNs and firewalls!
🔗 www.intigriti.com/researchers/...
July 29, 2025 at 6:08 PM
You've identified a possible SQLi 🤑
But WAF is in the way... 😓
What if you could just bypass this WAF and get your payload through? 🤠
In our latest article, we documented several ways to identify the origin IP of your target behind popular CDNs and firewalls!
🔗 www.intigriti.com/researchers/...
But WAF is in the way... 😓
What if you could just bypass this WAF and get your payload through? 🤠
In our latest article, we documented several ways to identify the origin IP of your target behind popular CDNs and firewalls!
🔗 www.intigriti.com/researchers/...
Reposted
Need some extra help? Check out our in-depth server-side request forgery exploitation article for some clues! 👇
www.intigriti.com/researchers/...
www.intigriti.com/researchers/...
SSRF: Advanced Exploitation Guide
Learn how to identify and hunt for advanced Server-Side Request Forgery (SSRF) vulnerabilities using several different testing methods. Read the article now!
www.intigriti.com
July 30, 2025 at 9:07 PM
Need some extra help? Check out our in-depth server-side request forgery exploitation article for some clues! 👇
www.intigriti.com/researchers/...
www.intigriti.com/researchers/...
Reposted
Coworker: ...and the IP address are compared with a string match.
Me: *grinning manically*
Coworker: Why are you looking at me like that?
Me: Open up a terminal and type `ping 4.2.514` and hit enter.
Coworker: ...what's the fourth number?
Me: *grin widens* Just hit enter.
Coworker: WTF!?
Me: *grinning manically*
Coworker: Why are you looking at me like that?
Me: Open up a terminal and type `ping 4.2.514` and hit enter.
Coworker: ...what's the fourth number?
Me: *grin widens* Just hit enter.
Coworker: WTF!?
April 23, 2025 at 10:58 AM
Coworker: ...and the IP address are compared with a string match.
Me: *grinning manically*
Coworker: Why are you looking at me like that?
Me: Open up a terminal and type `ping 4.2.514` and hit enter.
Coworker: ...what's the fourth number?
Me: *grin widens* Just hit enter.
Coworker: WTF!?
Me: *grinning manically*
Coworker: Why are you looking at me like that?
Me: Open up a terminal and type `ping 4.2.514` and hit enter.
Coworker: ...what's the fourth number?
Me: *grin widens* Just hit enter.
Coworker: WTF!?
Reposted
IP addresses are just numbers, and there are many ways to write them :)
April 23, 2025 at 4:34 PM
IP addresses are just numbers, and there are many ways to write them :)
Reposted
OMG I just found out you can do this:
export MANPAGER='vim +MANPAGER --not-a-term -'
to use vim as your man pager.
It has syntax highlighting. You can jump to other man pages by pressing 'K' <3
export MANPAGER='vim +MANPAGER --not-a-term -'
to use vim as your man pager.
It has syntax highlighting. You can jump to other man pages by pressing 'K' <3
April 10, 2025 at 10:17 AM
OMG I just found out you can do this:
export MANPAGER='vim +MANPAGER --not-a-term -'
to use vim as your man pager.
It has syntax highlighting. You can jump to other man pages by pressing 'K' <3
export MANPAGER='vim +MANPAGER --not-a-term -'
to use vim as your man pager.
It has syntax highlighting. You can jump to other man pages by pressing 'K' <3
Reposted
Another fun vim thing: if you omit the 'search' part of a search and replace (e.g :%s/search/replace/), it uses the last thing you searched for. Coupled with being able to use * to search for the thing under your cursor can make for quicker replacements :)
November 26, 2024 at 7:16 PM
Another fun vim thing: if you omit the 'search' part of a search and replace (e.g :%s/search/replace/), it uses the last thing you searched for. Coupled with being able to use * to search for the thing under your cursor can make for quicker replacements :)
Reposted
November 29, 2024 at 11:29 PM
Reposted
Bash tip: hit ctrl+x then ctrl+e to edit your current command in $EDITOR, write and quit to run it
December 3, 2024 at 6:15 PM
Bash tip: hit ctrl+x then ctrl+e to edit your current command in $EDITOR, write and quit to run it
Reposted
Sneaky vim tip contained within: ctrl+a increments the number under the cursor, jumping forward to the next number if you're not on one currently. Ctrl+x decrements instead
December 3, 2024 at 7:56 PM
Sneaky vim tip contained within: ctrl+a increments the number under the cursor, jumping forward to the next number if you're not on one currently. Ctrl+x decrements instead
Reposted
Reposted
Just dropped another completely free API security lesson on JustHacking, this time we’re looking at WebSocket APIs. In this 30min lesson you’ll learn what a WebSocket is and the types of apps that use them, how to communicate to WebSockets and some of the security issues in them!
March 20, 2025 at 9:18 PM
Just dropped another completely free API security lesson on JustHacking, this time we’re looking at WebSocket APIs. In this 30min lesson you’ll learn what a WebSocket is and the types of apps that use them, how to communicate to WebSockets and some of the security issues in them!
Reposted
I've done a whole bunch of talks, interviews and stuff on other people's YouTube channels over the years so I'm going to try and catalog them here.
First up is a video with my good friend STÖK in which I demo some big bounty workflow stuff.
This one is special.
youtu.be/l8iXMgk2nnY
First up is a video with my good friend STÖK in which I demo some big bounty workflow stuff.
This one is special.
youtu.be/l8iXMgk2nnY
VIM tutorial: linux terminal tools for bug bounty pentest and redteams with @tomnomnom
YouTube video by STÖK
youtu.be
November 4, 2024 at 1:24 AM
I've done a whole bunch of talks, interviews and stuff on other people's YouTube channels over the years so I'm going to try and catalog them here.
First up is a video with my good friend STÖK in which I demo some big bounty workflow stuff.
This one is special.
youtu.be/l8iXMgk2nnY
First up is a video with my good friend STÖK in which I demo some big bounty workflow stuff.
This one is special.
youtu.be/l8iXMgk2nnY