Gareth Heyes \u2028 Wow, happy to see this experience in one book!

These vendors are making our job harder and harder

Gareth Heyes \u2028 My next go-to book even if i am not perfect with client-side bugs

Talk 1 – Gareth Heyes \u2028 “Amplify the Hacker” explores AI-powered Burp extensions, empowering you to: 🔁 Automate the repetitive bits of testing. 👨‍💻 See live demos of Gareth’s AI-Hackvertor, Shadow Repeater, and Document My Pentest. ⚙️Build and ship your own Burp AI extensions in

Talk 2 – d4d “Cookie Chaos” shows how small parser gaps in RFCs lead to big security problems. You’ll leave with: 🛫A fun and unique case study of how Zack found this exploit. 🍪Proven methods to test for cookie parsing exploits. 🧰 A toolkit with ready-made BApps and

Gareth Heyes \u2028 Got this book from a colleague Still reading and learning from it everyday, I feel you can't get enough from this book tbh!

Presenting "Amplify the hacker: offensive AI plugin development" at SteelCon track 1 at 15:00 GMT please join me if you're here

Chrome lies. Safari lies. No single RFC covers all the flaws in cookies parsing. Don’t miss my talk “Cookie Chaos: Exploiting Parser Discrepancies” at SteelCon track 2 at 16:30-17:30

Smashing it 🔥d4d presenting Cookie Chaos

🔥Blog post is up! How extensions could exploit JS bindings to use webRequestBlocking prior to Chrome 118: 0x44.xyz/blog/web-reque…

This weekend I attended SteelCon for the first time — and all I can say is, what a great conference! Here are some of the talks I attended and really enjoyed: IsThatFinux? – "Slide or Get Slid On: Surviving Cyber Threats Drill Style (Even Woody would be shocked)" I was

New blog post is up: How I leaked the IP addresses of Brave's Tor window and Chrome VPN extension users--plus, a new Popunder technique and connect-src CSP directive bypass. Read more @ 0x999.net/blog/leaking-i…

<meta http-equiv="refresh" content="0;url='//example.com'@x.com/'"> Chrome redirects to x.com, Safari and Firefox redirect to example.com.

Wtf

You can use big int after any number including octals, hex and binary. Oh JS I love your quirky nature ❤️. Might help bypass a flawed WAF regex.

It's easy to bash vulnerabilities with logos but... I couldn't resist, say hello to http1mustdie.com :)