Silent
@ykx999.bsky.social
Frontend dev interested in browser and client-side stuff
Reposted by Silent
A cool recon trick to find more targets is to check out CSP policies for juicy assets.
csprecon can do this for you 👉 https://github.com/edoardottt/csprecon
csprecon can do this for you 👉 https://github.com/edoardottt/csprecon
July 11, 2025 at 8:16 AM
A cool recon trick to find more targets is to check out CSP policies for juicy assets.
csprecon can do this for you 👉 https://github.com/edoardottt/csprecon
csprecon can do this for you 👉 https://github.com/edoardottt/csprecon
Reposted by Silent
I made a tool to help test archive (zip/tar) extraction bugs (sync working directory into archive, add path traversals, links, permissions, etc): github.com/avlidienbrun...
GitHub - avlidienbrunn/archivealchemist: Archive Alchemist is a tool for creating specially crafted archives to test extraction vulnerabilities.
Archive Alchemist is a tool for creating specially crafted archives to test extraction vulnerabilities. - avlidienbrunn/archivealchemist
github.com
May 9, 2025 at 8:47 AM
I made a tool to help test archive (zip/tar) extraction bugs (sync working directory into archive, add path traversals, links, permissions, etc): github.com/avlidienbrun...
Reposted by Silent
Added a keyboard shortcut on the MXSS. I still find this tool useful when messing around with HTML.
portswigger-labs.net/mxss/
portswigger-labs.net/mxss/
Mutation XSS
portswigger-labs.net
February 28, 2025 at 12:51 PM
Added a keyboard shortcut on the MXSS. I still find this tool useful when messing around with HTML.
portswigger-labs.net/mxss/
portswigger-labs.net/mxss/
Reposted by Silent
A younger me, as a pentester and bug hunter, had exactly the bias described in this article 🤫
Luckily, I later worked with and for "the other side" and it changed my mind 🤯
I hope young people reading it will avoid taking years to understand the complexities of fixing bugs in a timely manner 🤞
Luckily, I later worked with and for "the other side" and it changed my mind 🤯
I hope young people reading it will avoid taking years to understand the complexities of fixing bugs in a timely manner 🤞
Why Can't You Fix This Bug Faster?
Fixing security vulnerabilities in a timely manner is more complicated than you realize.
maxwelldulin.com
December 14, 2024 at 11:02 PM
A younger me, as a pentester and bug hunter, had exactly the bias described in this article 🤫
Luckily, I later worked with and for "the other side" and it changed my mind 🤯
I hope young people reading it will avoid taking years to understand the complexities of fixing bugs in a timely manner 🤞
Luckily, I later worked with and for "the other side" and it changed my mind 🤯
I hope young people reading it will avoid taking years to understand the complexities of fixing bugs in a timely manner 🤞
Reposted by Silent
Finally taking the last steps to "remove" my Twitter account. As I don't want to get impersonated, I will just empty it out and leave it to die slowly. Is there any other way?
Must admit my timeline here is not as interesting, but I guess that's up to me to fix.
Must admit my timeline here is not as interesting, but I guess that's up to me to fix.
February 3, 2025 at 9:27 AM
Finally taking the last steps to "remove" my Twitter account. As I don't want to get impersonated, I will just empty it out and leave it to die slowly. Is there any other way?
Must admit my timeline here is not as interesting, but I guess that's up to me to fix.
Must admit my timeline here is not as interesting, but I guess that's up to me to fix.
Reposted by Silent
Want to know what the 'Top 5 security mistakes software developers make' are? Read this article by David Strom, that quotes me several times, to learn more!
www.csoonline.com/ar...
www.csoonline.com/ar...
Top 5 security mistakes software developers make
As attacks continue to plague cybersecurity leaders, CSO has compiled a list of common mistakes by software developers that can be prevented.
www.csoonline.com
February 12, 2025 at 6:36 PM
Want to know what the 'Top 5 security mistakes software developers make' are? Read this article by David Strom, that quotes me several times, to learn more!
www.csoonline.com/ar...
www.csoonline.com/ar...
Reposted by Silent
Yesterday I discovered a tweet of mine was referenced in the book "Attacking and Exploiting Modern Web Applications: Discover the mindset, techniques, and tools to perform modern web attacks and exploitation"
www.amazon.nl/-/en/Simone-...
Since I deleted my account, this is the tweet:
www.amazon.nl/-/en/Simone-...
Since I deleted my account, this is the tweet:
February 12, 2025 at 8:19 AM
Yesterday I discovered a tweet of mine was referenced in the book "Attacking and Exploiting Modern Web Applications: Discover the mindset, techniques, and tools to perform modern web attacks and exploitation"
www.amazon.nl/-/en/Simone-...
Since I deleted my account, this is the tweet:
www.amazon.nl/-/en/Simone-...
Since I deleted my account, this is the tweet:
I'm fall in love with Js it's like I can't even passed a day without it
February 12, 2025 at 6:12 PM
I'm fall in love with Js it's like I can't even passed a day without it
Reposted by Silent
When coaching junior programmers I would often suggest this:
Got a problem? Not sure the right direction? Try anything at all! Worst case is you'll learn something, best case is you make something good.
Also: it's practice, so you get faster at trying new things, so you get faster at everything.
Got a problem? Not sure the right direction? Try anything at all! Worst case is you'll learn something, best case is you make something good.
Also: it's practice, so you get faster at trying new things, so you get faster at everything.
I'm glad someone is talking about this: jimmyhmiller.github.io/discovery-co...
I'm absolutely a discovery everything.
I'm absolutely a discovery everything.
Discovery Coding
Discovery coding is a practice of understanding a problem by writing code first, rather than attempting to do some design process or thinking beforehand.
jimmyhmiller.github.io
February 1, 2025 at 8:27 PM
When coaching junior programmers I would often suggest this:
Got a problem? Not sure the right direction? Try anything at all! Worst case is you'll learn something, best case is you make something good.
Also: it's practice, so you get faster at trying new things, so you get faster at everything.
Got a problem? Not sure the right direction? Try anything at all! Worst case is you'll learn something, best case is you make something good.
Also: it's practice, so you get faster at trying new things, so you get faster at everything.
Reposted by Silent
Watch my video to learn about chapter 2 of Alice and Bob Learn Secure Coding: youtu.be/7A09EEpngxI...
Get the book here:
shehackspurple.ca/bo...
Contents of Chapter 2: Beginning
· Follow a Secure System Development Life Cycle (Part 3)
Get the book here:
shehackspurple.ca/bo...
Contents of Chapter 2: Beginning
· Follow a Secure System Development Life Cycle (Part 3)
SheHacksPurple: Learn about Chapter 2 of Alice and Bob Learn Secure Coding 'Beginning'
Chapter 2: Beginning
· Follow a Secure System Development Life Cycle (Part 3)
· Use a Modern Framework, and All Available Security Features Within
· Input Validation
· Output Encoding
· Parameterized Queries and ORMs
· Authentication and Identity
· Authorization and Access Control
· Session
youtu.be
January 26, 2025 at 12:59 AM
Watch my video to learn about chapter 2 of Alice and Bob Learn Secure Coding: youtu.be/7A09EEpngxI...
Get the book here:
shehackspurple.ca/bo...
Contents of Chapter 2: Beginning
· Follow a Secure System Development Life Cycle (Part 3)
Get the book here:
shehackspurple.ca/bo...
Contents of Chapter 2: Beginning
· Follow a Secure System Development Life Cycle (Part 3)
Reposted by Silent
Handling Cookies is a Minefield:
Inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.
grayduck.mn/2024/11/21/h...
Inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.
grayduck.mn/2024/11/21/h...
November 21, 2024 at 5:11 PM
Handling Cookies is a Minefield:
Inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.
grayduck.mn/2024/11/21/h...
Inconsistencies in the HTTP cookie specification and its implementations have caused a situation where countless websites (including Facebook, Netflix, Okta, WhatsApp, Apple, etc.) are one small mistake away from locking their users out.
grayduck.mn/2024/11/21/h...
Reposted by Silent
Got sniped into the challenge and ended up doing some cool XSS research :D
11 char XSS with mind-boggling race-conditions.
TL;DR the final payload is location=x (10 chars) and the longest is top.Z.x=x.d (11 char)
It's shorter than location=name !!
terjanq.me/solutions/jo...
11 char XSS with mind-boggling race-conditions.
TL;DR the final payload is location=x (10 chars) and the longest is top.Z.x=x.d (11 char)
It's shorter than location=name !!
terjanq.me/solutions/jo...
December 14, 2024 at 1:17 PM
Got sniped into the challenge and ended up doing some cool XSS research :D
11 char XSS with mind-boggling race-conditions.
TL;DR the final payload is location=x (10 chars) and the longest is top.Z.x=x.d (11 char)
It's shorter than location=name !!
terjanq.me/solutions/jo...
11 char XSS with mind-boggling race-conditions.
TL;DR the final payload is location=x (10 chars) and the longest is top.Z.x=x.d (11 char)
It's shorter than location=name !!
terjanq.me/solutions/jo...
Reposted by Silent
A small code-golf web challenge (free research from you, for me), how short can you make a "fetch content and execute it inline".
There is a CSP in a meta tag.
Goal: get the content from the file hack.js and have it inserted in the page. like in the image
joaxcar.com/xss/self.html
There is a CSP in a meta tag.
Goal: get the content from the file hack.js and have it inserted in the page. like in the image
joaxcar.com/xss/self.html
December 12, 2024 at 1:00 PM
A small code-golf web challenge (free research from you, for me), how short can you make a "fetch content and execute it inline".
There is a CSP in a meta tag.
Goal: get the content from the file hack.js and have it inserted in the page. like in the image
joaxcar.com/xss/self.html
There is a CSP in a meta tag.
Goal: get the content from the file hack.js and have it inserted in the page. like in the image
joaxcar.com/xss/self.html