𝖊𝖛𝖆𝖉𝖊

Current status: Retardmaxxing.

@yvtweets i have trust issues and need to see the code changes in real time

@encrypted just move to tui like the rest of us

@tylermoz Yo can you check on order ec7cecd4-c20e-4bc5-972f-d13f0fe4233f for me 😅

I guess I'm a coin trader now?

interesting...

the dev for gold is god btw

How gold price got me feeling lately

@b_nnett I’ve used @tembo and @cursor_ai

how do I get an agent to automatically handle my Linear issues and create PR’s?

@infosec_au @SLCyberSec @hash_kitten @assetnote Back in may I emailed their responsible disclosure email with a firewall bypass I found and I got a response a day later asking me to onboard to HackerOne so I can submit it but the bypass had been patched 🤣

@SLCyberSec @hash_kitten @assetnote This has been silently patched now 🫠 There's probably more WAF bypasses out there.

Vercel is questioning whether or not a WAF bypass is possible... Pushed an update that uses a payload from @SLCyberSec research team (specifically @hash_kitten). Payload has been running for @assetnote customers for last 18h. github.com/assetnote/reac… use --vercel-waf-bypass flag

🥂

@tkexpress11 @LicketySpliket Elite ball knowledge

the other common entrepreneurial red pill is building sneaker bots

@pk_iv 🤔

Today we're announcing an unlikely partnership. We believe that agents need reliable, responsible web access. That's why we're partnering with Cloudflare in support of Web Bot Auth and Signed Agents, a new standard to allow good bots to authenticate themselves. Details 👇

I think remote browsers still doesn't solve this problem. A layer needs to be built to prevent the agents from doing unprompted tasks local or remote, a stolen session is still a stolen session even if its not all of them. Aside from that companies like Cloudflare are trying to build prompt injections / a labyrinth to mess with agents which will waste compute and time. If something isn't built many people will bankrupt themselves getting reversed ddosed by cloudflare

@guohao_li @browserbase the difference with local vs remote browsers is that with remote browsers you have to explicitly give it those cookies or access

tl;dr: letting a model control your local browser is dangerous. anyone can prompt injection and steal your cookies. you need a remote browser that’s isolated and intentionally given access. that’s why we’re building @browserbase

@cryptokidf ima steal this tweet

Maybe this why they're transitioning to CLI

@ravibakhai 🐐

9:30pm grinding at the office on his 21st bday 🐐

Looking forward to going nonverbal at the function with my fellow sneaker twitter autists today

Didn’t supreme do this? I remember seeing someone do a waterfall for the assets on the html page as part of the flow. Ever since I seen that I always added a handler for it and have ran into a few non sneaker sites that would set cookies on the first favicon request which was too obvious 😂

@sleepy__dev any sneaker site could have done this and it'd be so hard to tell 😭

I was managing the queue for a big sneaker store in EU. Wanted to share how I managed to block Cybersole from getting valid sessions. I would simply check if the client ever requested the website favicon.ico file, no full request bot ever requests the favicon, also the session validity was never returned in any API endpoint, meaning they could never guessed if the session was valid. Yes, this simple method worked, felt like sharing after a couple years because I still think to this day it is very funny.

They got us 😭

Which one of y'all did he cook 😭

Movie Item 📽️