I don't think that watching/reading #hacking tutorials and collecting BB tips in Twitter or any other social media will make you UNDERSTAND what you are doing and why that happens. Build a solid foundation with PROGRAMMING, NETWORKING, PROTOCOLS and OPERATING SYSTEMS first.

RT @RodoAssis: Hey bug hunter! . Do you have a WAF or any other filter in your way?. Let's COLLABORATE! 🤩. Any bug, 50/50 just DM me with d….

Hey bug hunter! . Do you have a WAF or any other filter in your way?. Let's COLLABORATE! 🤩. Any bug, 50/50 just DM me with details. #hack2learn

Another day, another way to bypass a WAF. Stay tuned, I'm documenting them all!.

RT @KN0X55: We just published our 1st blog post! . We hope to be just the beginning of everything #XSS related we know. Check it out! 😉….

Change the world (for the better) or die trying?.

If you blindly trust LLMs like chatGPT, Claude or Gemini you are smart as they are. Check my chat with Claude starting with "XSS Filter Bypass" but ending up on how absolutely useless it is for anything serious. Claude is considered to be "very smart".

It's super hard to take care of 50+ cats and dogs every single day, you have no idea.

RT @KN0X55: Top 10 #XSS Payloads.By @RodoAssis . #BugBounty #PenTesting.

What's wrong here? . Try to PoC a XSS using ALert(1) instead of alert(1)!. Bypassing a filter with incorrect syntax is not a bypass.

Just found that in a serious, academic whitepaper. 🤦

Imperva guys fix their WAF so badly that you just need to change the order of the attributes in the previous bypass and it works. 🤪

Why this is important?. Unless you test every entry point w/ something like alert(1) exactly that way, no quotes, nothing, you won't be able to spot eval() like scenarios w/ a regular #XSS vector like <Img/Src/OnError=alert(1)>. Unless you read all the JS source code, of course.

RT @RodoAssis: Between white and black, there's a lot of grey. #Hacking . That's something you learn in LIFE itself. #hack2learn https://t.….

Between white and black, there's a lot of grey. #Hacking . That's something you learn in LIFE itself. #hack2learn

It's an old and very bad guide. Except for the last section which was copied from my free Cheat Sheet years ago. But they don't mention me, ofc. Go with OWASP, industry. And get hacked over and over again by those who really know what they are doing.

That's how #ChatGPT sees me based on our conversations.

I have always believed that the machine could be better than us humans. That it could learn from our mistakes and fill the void of our failures. But what if it's worse, what if it's just a better killer? So before the creature despises its creator we should despise the machine.

Not only progress, regression. @sucurisecurity @sucurilabs REPLACED my blog post where I define #XSS w/ 2 main types (server/client side) and their 2 subtypes (reflected/stored) for one with the (wrong) classic reflected/stored/dom style. Here: Come on.