I’m running a business/technology club at Rutgers University this year If you’re in the area and want to talk to students about entrepreneurship or something cool from sneaker botting, send me a DM and we can set something up (might be able to make virtual work too) Thank you

Spikepong is coming to Kickstarter Oct 7th! It would mean the world to me if you would click this link to be notified when it's live. Get notified: https://t.co/qG3TYlPjn4 (while I'm down here on my knees begging, would you RT this as well?

Recently posted my first CTF writeup for @badboys_inc, check it out here:

Recently, I have seen multiple Twitter threads referencing GOAT’s shady business practices during their Black Friday event. In light of this, I would like to share my story. Winning the Air Mags, only to have them canceled weeks later: my experience with @goatapp A thread 🧵

Thanks for reading! Although this isn't really a bypass, it's still a pretty cool and unconventional method that we employed to get around the captcha. Be sure to follow for more cool Epacity shenanigans! 🫡

By downloading each file and selecting the one with the largest file size, Dark and I could solve the GOAT captcha and place our orders before anyone manually solving the captcha. As you can see from Dark's tweet, we had some pretty nice success! 😄

GOAT used a slightly higher resolution picture for the correct image but not for the incorrect ones. This meant that the file size of the correct image would ALWAYS be the largest when compared to the incorrect images.

In 2021, @washeddark and I teamed up to create the greatest GOAT bot known to mankind. We found something interesting with the captcha images: a way to detect the correct captcha image with no human interaction, giving us the ultimate advantage over both humans and other bots.

In 2020, GOAT made some changes. The correct image was now randomly placed in the array. To account for this, I made my bot prompt for the correct image after opening each of the image URLs. This was slower and my information was still banned, but it allowed some friends to cop.

In 2019, the correct image was always the last (or first, I forget) in the array. I had a lot of fun with this until I got my information banned by doing something stupid 🙄

But how could a bot identify the correct image without human interaction? The GOAT API provided an array of captcha image URLs and their corresponding IDs. There was no clear way to know the correct image ID from solely this data.

On the GOAT app, these images float slowly around the screen so a user can easily tap on the correct image. Sometimes, the correct image would take a while to appear on the screen—giving bots that could identify the correct image a large advantage over humans.

GOAT Black Friday FCFS releases use a custom captcha system in which a user must click on the correct image of the shoe they are trying to buy before being allowed to submit their order. Here's an example of an incorrect image vs. a correct image:

How @washeddark and I automated the solving of GOAT Black Friday captchas and demolished the FCFS releases (I still have the Diamond Supply Co. dunks that I hit for $75) A thread 🧵 https://t.co/F37V55Duu1

I think I might be addicted to creating Twitter threads 😭

Thanks for reading! I enjoyed making a thread for the LV precart bypass so I thought I'd make another thread showcasing something else lol Be sure to follow for more cool Epacity shenanigans! 🫡

This was a pretty big deal, considering most PX blocks occurred on the PlaceOrder endpoint. This bypass worked for several drops until they patched it by automatically returning a 403 whenever the string "CheckoutServices-PlaceOrder" was present in a Yottaa URL.