In 2024, I interacted a lot with Extensions. I decided to create a resource that will help with a basic understanding of extensions and key attacks. P.S. I tried to make everything as clear as possible and hope it won’t feel too overwhelming anywhere. https://t.co/mnI255djn8

This matters because some characters have zero weight: they get ignored during search but remain after Unicode normalization. So if an app normalizes Unicode in its pipeline, a payload with an odd "a" won't pass - but a payload using zero-weight characters will.

Many of you have seen that article - the technique is awesome, but there's a small nuance. The idea that "MySQL casts the odd 'a' to normal 'a'" is a bit simplified: MySQL uses the Unicode Collation Algorithm and compares chars by weights.

An amazing job! A wonderful compilation of most of the well-known techniques into a one-hour YouTube talk

I don't usually write about SQLi or similar findings, but this case was funny enough to share This technique also may be useful for bypassing WAFs (Cloudflare tested)

PostgreSQL parses this as follows: 1. $$0$$ - dollar-quoted string, auto-cast to integer 2. OR - logical operator 3. -0-$$0$$ - arithmetic expression 4. NOTNULL - null check (returns true) The tokenizer handles this without requiring spaces or traditional delimiters (comments)

I developed a bypass using PostgreSQL's dollar-quoting syntax: $$0$$OR-0-$$0$$NOTNULL This payload requires only two non-alphanumeric characters ($ and -) and evaluates to a valid boolean expression that returns all rows

Today I discovered an SQLi vulnerability in a PostgreSQL application where the injection point was path-based with strict length restriction (32 chars). Spaces, slashes, quotes, and parentheses e.t.c. resulted in a 400 Bad Request error and the path wasn't URL-decoded

Havent tweeted in a while. While my latest collab research with @J0R1AN is in review by the Chrome and Apple teams, I want to recommend my friend great research on @ton_blockchain drainers. Text version: https://t.co/AHvqQNcbb9 Video: https://t.co/xuD2JX1oGg

GReAT conference and super funny AD CTF I hope we'll take the top 1 next year too #TheSAS2025

Neplox is coming to @BSidesNYC to talk about the #TON of #Crypto Drainers! 🎙️ ‟Down the Drain: Unpacking TON of Crypto Drainers” 🗓️ Oct 18, 10:00 EDT 📍 New York City, US Join us to learn about: • #Malware architecture • #DApp / #Wallet Impersonation • Exploited features

Made a writeup on a critical CVSS 10.0 vulnerability I've recently found. Check it out, maybe you'll manage to make into a full config independent RCE. https://t.co/jQoTvtZ5Oe

Once again, big thanks to @immunefi - and personally to @0xTimofey - for the awesome organization! 💙

It pushes you to analyze code more systematically, picking up on even the smallest hints of potential threats. (Obviously, that makes little sense in a bug bounty context - but in audits, it's super valuable.)

This was a really great experience - huge thanks to @immunefi for it! This audit reminded me why I love doing audits in the first place: you can report informational, deep architectural issues that may cause problems down the road.

The plugin is free, so give it a try! I'm open to feature requests. 💡Bonus: Since Cursor supports local models, you can use the plugin with them - no data ever leaves your machine.

Sometimes a single query is enough to completely solve your problem. Stupid example: I opened PortSwigger lab task - and Claude + Ebka AI solved it, automatically creating a Finding with a full description.

When writing complex exploits, Cursor can now pull the info it needs directly from your Caido proxy. It can also work with: ✅ Match/Replace rules ✅ Scope & Findings ✅ Filters, HTTPQL ✅ 38 MCP tools in total Effectively, this gives your AI full access to your Caido instance.

🚀 Ebka AI is now available in the @CaidoIO Plugins Store The MCP integration is tested with Claude and Cursor. For open-source projects, you can now just ask your IDE: "Create Replay collections for each module and populate them with requests" https://t.co/QeybyJVtGM

Plugin is not in @CaidoIO store yet and don't have all functionality that i would like to implement. But you can test current version on github!

It's also important that with this tool you can simultaneously use other MCP programs as well (a simple example would be internet search)