HTTP Request Smuggling in one Screenshot. 🙂

If you’re around for Black Hat Asia Singapore ( April 1-4 ), let’s catch up!.

RT @payloadartist: ⚙️ A lesser known tool, Osmedeus is the closest to Nuclei, that comes with an amazing web UI. You can use custom YAML wo….

Nice one!.

RT @nnwakelam: This is fucking bananas and I can't believe I missed it.

RT @J0hnnyXm4s: hashcat -w 4

RT @Dinosn: Exploiting Redis Through SSRF Attack

RT @0x4148: Just created a working POC for CVE-2021-40444 with folks @EG_CERT

RT @redragonvn: Our Pre-Auth RCE exploit for Atlassian Confluence (CVE-2021–26084) was leaked after reporting it to @VMware. They have refu….

Hard work, new car 🙂🧘

RT @CySuite_: Yet another Account Takeover technique. Seperator:.email=victim@mail.com,hacker@mail.com.email=victim@mail.com%20hacker@mail….

If ip based rate Limiting is implemented, you can block a legitimate user from accessing the website. Client-Ip: Victim-Ip-Address -> 500 request -> Blocked.

This is mostly effective on : "Ip Based Rate Limiting".

Rate Limiting Bypass : (429 Too many Requests). Append the headers to a request where the server is responding with 429. Client-Ip: IP -> 200.X-Client-Ip: IP -> 200.X-Forwarded-For: IP -> 200.X-Forwarded-For: 127.0.0.1, IP -> 200. IP = Random IP Address that you want to spoof. 🙂.

Rick and morty 1000 years.

My grandfather, The late Dhananjay kar spent 14 years of his life in cellular Jail, infamously known as kalapani. The freedom of india didn't came so easily, we "the new generation" will never understand the struggle behind it. #IndependenceDay #IndiaAt75 #स्वतंत्रतादिवस

Happy independence day 🙌🏼

RT @h1pmnh: If you can get SpEL injection but can't get RCE, try exfiltrating a file with B64 encoding: T(java.util.Base64).getEncoder().en….

RT @brutelogic: JS Payload w/o Parentheses #XSS. [].pop.constructor`alert\x281\x29```.

RT @0xsapra: This is how I found sql-Injection 100% of the time.For /?q=1./?q=1'./?q=1"./?q=[1]./?q[]=1./?q=1`./?q….