Once is luck, twice is

RT @ArciumHQ: It’s only after we’ve encrypted everything that we’re free to do anything. <e/acc>.

RT @camolNFT: BREAKING NEWS: PumpFun $PUMP presale contract has no withdrawal function. This effectively means the $500M raised is locked….

I have some crazy sneakers cook outs stories but I just can't tweet it or we getting in court 🤣.

RT @sleepy__dev: So, how did Shinobi clean full stock on LVR across multiple releases? 👀.Let me break it down — this one's wild. 🧵.Most dev….

Here’s a real code snippet straight from Shinobi 🥷. You can see how the token gets used and how we could accept the gift without ever logging into the actual email or extracting any link manually. The result?. Seamless, fast checkouts — no friction, no delays. 🚀. Sometimes all

However… the bypass wasn’t that simple. 😅.Using the "Send a Gift" button would actually trigger an email to the recipient with a claim link. Not exactly what you want when you're trying to speedrun a checkout. 🏃‍♂️💨. But then —. BINGO, again. 😁. I noticed the first request to

The first request didn’t hit /myarea/bag/add like a normal ATC. Instead, it went to a completely different endpoint.🔀.Different route. Different request body. Same result. 🧠 BINGO. The logic behind this is simple — but let me break it down so anyone can follow. 👇.In most

So, how did Shinobi clean full stock on LVR across multiple releases? 👀.Let me break it down — this one's wild. 🧵.Most devs working LVR drops knew this:. Global rate limits were set per PID (product ID). Once a product got ~20 "Add to Cart" requests, boom 💥 — LVR rate-limited

damn I got this badge.

RT @MrMassi24: Back at it with another CDN bypass 🔓.Akamai was blocking desktop traffic on all Eventim group sites:.Eventim DE, NL, UK, Tic….

RT @MrMassi24: Bypass is patched now so here it is:🔓.on event pages, Incapsula blocked GET without a valid reese84….

Sneaker dev open sourcing continues!.Small thread 🧵. So during 2022, Footlocker globally started the Call & Collect release method 👀. You basically had to call at your local store and make them reserve a limited pair of sneakers for you to later pick up instore. The release

Good read 👀.

I also managed to keep millions of requests on 2 100$ servers (EU, US) and a simple load balancer with simple express js infra, cachegoose . once my NDA is over I could OS everything, if you guys are interested I’m open to share some old bypasses and methods from time to time.

Also if you're curious, what about selenium bots?. You can add a simple verification layer with a PoW challenge, so running many tasks on a machine will consume all the RAM and CPU,. Of course the selenium sessions will still be valid, but very limited.

I was managing the queue for a big sneaker store in EU. Wanted to share how I managed to block Cybersole from getting valid sessions. I would simply check if the client ever requested the website favicon.ico file, no full request bot ever requests the favicon, also the session

Simple method to find rats, open sourcing this simple project to our fellow creators on discord 🔜.

Discord server mirrors:.dualles (764505186407678002) .rase (1051806893921808434).Ronie (733814042258309200) .IOWEJ (446676538918699008). If you own a private group on discord, consider banning these guys.

bro lost 100M $ and started shilling his ref link to make few bucks 😭😭.CT is insane.

RT @authcookie: Hiring Engineers at Blackboard Studio! [Europe only 🇪🇺]. We're a software holding company (B2B & B2C) building the next gen….