Abdel

1

97

62.2K

winhelpwin@winhelpwin·3d

@rockkdev Sorry if this is a dumb question but can you elaborate what (1) means? If my email is warriorsFan[at]gmail[dot]com what would the “Gmail dot trick…” be?

English

12

0

19

70.9K

Abdel@rockkdev·3d

New Robinhood phishing chain that's kinda beautiful: 1. Attacker creates an RH account using the Gmail dot trick of your email (same inbox, different address) 2. Sets device name to HTML 3. RH's "unrecognized activity" email renders the device name unsanitized (html injection) The result is a real email from noreply@robinhood.com, DKIM pass, SPF pass, DMARC pass, with a phishing CTA Just because it's real, doesn't mean it's safe... $HOOD

English

178

366

3.8K

2.9M

Abdel@rockkdev·3d

@davidgobaud @RobinhoodApp @twilio @vladtenev There would be no need for the dot trick, then. Everyone I’ve seen who’s gotten this has been to a dot trick address

English

4

2

122

34.3K

David Gobaud@davidgobaud·3d

@rockkdev Steps probably wrong. No need to make account. They hacked @RobinhoodApp SendGrid @twilio or somehow got a Robinhood domain confirmed @vladtenev

David Gobaud@davidgobaud

Robinhood's email service SendGrid (not on 𝕏 🤦‍♂️) @twilio is hacked or somehow verified a robinhood\.com domain sending out phishing emails @RobinhoodApp @AskRobinhood Received: from http://o2\.email.robinhood.com (http://o2\.email.robinhood.com. [50.31.40.73])

English

7

97

97.7K

Abdel@rockkdev·3d

@linguinelabs Yeah; this is one of those things that seems obvious in retrospect, but honestly really easy to miss as an engineer

English

182

36.8K

Kevin@linguinelabs·3d

@rockkdev So this would be fixed with proper sanitization right

English

2

0

123

40.8K

Abdel@rockkdev·3d

@bmgentile Yes, HTML injection via the device name. Basically XSS with no scripting, just HTML. I did check, the URL is a phishing URL, albeit I refrained from linking it.

English

Truman Sacks@trumansacks1

202

66K

brady 🌴@bmgentile·3d

@rockkdev hold on, but when you click the CTA link from the legitimate Robinhood email (which you received for their Gmail account that routes to you)… how can there be an outcome which results in your creds being compromised? Are they somehow injecting a URL into the email’s CTA..?

English

6

0

72

80.3K

Abdel retweeted

Truman Sacks@trumansacks1·26 Ağu

Day 1! Come say hi if you are in NYC this week! 🏇

Excited to share we’ve raised $2.75M for @CubbyLaw from @LudlowVentures, @SamHinkie, and @PSUMVC. We’re building the first AI teaching assistant for law students, powered by our own legal intelligence model trained on thousands of professors’ syllabi, past exams, outlines, and grading rubrics. Cubby started as a horizontal AI research tool, but when law students began adopting it fast, we went all in. Law school prep is broken: • Curve-based grading • 100+ hrs building outlines • Legacy tools students still pay thousands for Cubby brings it all into one connected workspace: case briefs, outlines, and practice exams, calibrated to how your professor teaches and tests. Law school is our first step toward a new era in legal tech.

English

5

1

87

17.4K

Abdel@rockkdev·26 Ağu

Excited to be apart of this 🏇

Truman Sacks@trumansacks1

Excited to share we’ve raised $2.75M for @CubbyLaw from @LudlowVentures, @SamHinkie, and @PSUMVC. We’re building the first AI teaching assistant for law students, powered by our own legal intelligence model trained on thousands of professors’ syllabi, past exams, outlines, and grading rubrics. Cubby started as a horizontal AI research tool, but when law students began adopting it fast, we went all in. Law school prep is broken: • Curve-based grading • 100+ hrs building outlines • Legacy tools students still pay thousands for Cubby brings it all into one connected workspace: case briefs, outlines, and practice exams, calibrated to how your professor teaches and tests. Law school is our first step toward a new era in legal tech.

English

2

0

3

760

Abdel@rockkdev·2 Tem

@stockxsucks you're just hanging around the wrong areas 💯

English

0

1

140

aaron@stockxsucks·1 Tem

the complete opposite actually

Abdel@rockkdev

LA is under appreciated

English

0

6

1.4K

Abdel@rockkdev·1 Tem

@pookybypass 👀 their cold pressed juices and protein smoothies are actually pretty good

English

1

148

Owen Stelmarski@pookybypass·1 Tem

@rockkdev Erewhon bottle 🧐

English

0

1

217

Abdel@rockkdev·1 Tem

LA is under appreciated

English

0

5

2.9K

Abdel@rockkdev·9 May

@cultured Built a Minecraft server

English

6

216

Steven Schwartz 🦅@cultured·9 May

If you were a kid that: 1/ Jailbroke your phone 2/ Resold sneakers 3/ Dropshipped 4/ Played crypto dice 5/ Sent your iOS UDID to someone 6/ Made a big commerce store 7/ Used Limewire Like this tweet What am I missing?

English

39

3

630

33.7K

Abdel@rockkdev·1 May

@CubbyApp 🐎⚔️

QME

224

Abdel@rockkdev·7 Şub

@B_nnett @AppStore A few apps I have just make this a secret. The main app is free and has limited demo/free functionality. You then go to settings, press and hold an unrelated icon or piece of text, and then the license box pops up.

English

284

Bennett@b_nnett·7 Şub

how do i get around this on @AppStore review? building a companion app, and they've rejected it due to having license key sign-in?

English

7

0

1

2.1K

Abdel@rockkdev·1 Kas

@aycdjake Some drop shipping stores probably do more revenue 😭

English

1

132

aycdjake@aycdjake·1 Kas

Can yall be done with the Hellstar meat riding already 🤣 They think they are 2019 Supreme 😭

English

26

5

141

47.4K

Abdel@rockkdev·8 Eki

I have so many things I want to create that I end up getting put in a mental gridlock where I don’t create anything.

English

11

1.6K

Abdel@rockkdev·18 Ağu

@umasiii Childhood dream from 2015 secured

English

200

Abdel@rockkdev·4 Tem

Throwback to when I found a bypass to Adidas splash. It worked because Adidas development team still returned developer cookies on a GET to the staging splash page, even with invalid auth. I'd GET staging, take the hmac, transfer to the live domain, and bypass splash.

English

8

1

119

28.9K

Abdel@rockkdev·4 Tem

@B_nnett Yeezy Mafia, Sole Slayer, AIOBot, OG YZYlab, Heatedsneaks refresh bypass, Wrath Adidas (Wrath logo is Adidas upside down), and way, way, way more. Been in the botting game since 16' and sneakers since 15', and I have seen a lot in that time. Way too much to list.

English

5

500

Bennett@b_nnett·3 Tem

before i start researching am i missing any key era's

English

34

1

193

36.8K

Abdel@rockkdev·3 Tem

@stockxsniper The fact this isn’t even a meme 😭

English

9

2.8K

nik@stockxsniper·3 Tem

i once asked Adam 22 to take a picture of me thinking he was just a random dude, instead he took a video of me roasting me on his story

English

10

1

161

39.2K

Abdel@rockkdev·2 Tem

@3liet I think that this is the problem. The Ivy League and similar have a leg up mentally. You're not even given a shot with interviews otherwise. The people I know who DID find a way to get an interview had amazing results. It's that first leg that's the hardest.

English

3

1.6K

Eliot@3liet·2 Tem

@rockkdev Have to sell yourself well and have a college education tbh. You can compete with Ivy League kids with sneakers on your resume, just have to have all the other boxes checked off as well.

English