@iamdothash Have you seen radio browser? It's an open API/DB for radio stations: radio-browser.info
English
bemodtwz
398 posts
bemodtwz
@bemodtwz
Here for netsec stuff. Author of Evall Villain. Contributor to Radare2. https://t.co/HKiHvtcYy5
Katılım Ocak 2020
157 Takip Edilen410 Takipçiler
Cliamp whips your tty ass.
I had to create a jingle.
The latest launch will run my own Lofi radio channel by default if no arguments are provided to cliamp.
English
bemodtwz retweetledi
Set your #xss hunting 🎯 on easy mode! In the latest edition of our Eval Villain video series, @bemodtwz demonstrates the time-saving power of the "needles" feature.
youtu.be/LI9QOuQDduE
#appsec #doyensec #bugbountytips #security
YouTube
Doyensec@Doyensec
📢Just published - the third video in our series on Eval Villain. Our @bemodtwz walks through using it to find 🔎 a DOM XSS to demonstrate its functionality. Check it out today! youtu.be/Hp7TexA6vFg #appsec #doyensec #security #evalvillain #xss
English
bemodtwz retweetledi
📢Just published - the third video in our series on Eval Villain. Our @bemodtwz walks through using it to find 🔎 a DOM XSS to demonstrate its functionality. Check it out today!
youtu.be/Hp7TexA6vFg
#appsec #doyensec #security #evalvillain #xss
YouTube
Doyensec@Doyensec
In the second post on Eval Villain, @bemodtwz walks through the quick & easy setup and its configuration. Check it out & start finding those client-side vulnerabilities today! Download it today: github.com/swoops/eval_vi… #appsec #doyensec #security
English
bemodtwz retweetledi
In the second post on Eval Villain, @bemodtwz walks through the quick & easy setup and its configuration. Check it out & start finding those client-side vulnerabilities today!
Download it today: github.com/swoops/eval_vi…
#appsec #doyensec #security
Doyensec@Doyensec
We’re excited to share the first video in our Eval Villain series from @bemodtwz! This powerful security tool is designed to uncover client-side vulnerabilities and help defenders spot risky patterns. youtu.be/2dUoOyYKkzU #doyensec #appsec #security #evalvillain #xss
English
@xAmygdxla The evSinker will act like a sink, still search all input like a real sink.
It will also return false, so the conditional breakpoint will never break.
Play with it in the console a bit to test it out.
English
@xAmygdxla 1. Enable "sinker" in "globals" of EV config
2. Find chosen JQuery Sink in debugger
3. Right click a line number in the sink and "add condition" to set a conditional breakpoint.
4. Use "evSinker("jquery sink", ...arguments)" as the condition.
This turns that code into a sink
English
I am making short (<3 min) videos to teach Eval Villain. Keep an eye on Doyensec, more are to follow.
Doyensec@Doyensec
We’re excited to share the first video in our Eval Villain series from @bemodtwz! This powerful security tool is designed to uncover client-side vulnerabilities and help defenders spot risky patterns. youtu.be/2dUoOyYKkzU #doyensec #appsec #security #evalvillain #xss
English
@xAmygdxla I am right there with you!
Sadly I don't have that working. I don't think document.location has a setter? If you can show me JS that grabs it I will add it to eval Villain.
English
bemodtwz retweetledi
🚨 Details on a serious #vulnerability from our @MaitaiThe's research. An information disclosure in error messages allows a remote attacker to identify security tokens/credentials when #squid is used. Perfect for SSRF!🚨
#doyensec #appsec #security
github.com/squid-cache/sq…
English
@arshiyaiha Docs have not kept up well... sorry.
I should be posting more videos soon.
These two blogs are most up to date info atm
* blog.doyensec.com/2024/12/03/csp…
* blog.doyensec.com/2023/09/25/cli…
Also feel free to ask me questions if you get stuck or confused.
English
@bemodtwz Super excited for the update!
Still wrapping my head around this version، diving into your docs to master all the features. Can't wait for the new stuff.
English
bemodtwz retweetledi
Wow, this Firefox add-on is a beast for page analysis, especially SPA programs. Feels like a pro assistant in your browser! 🦊
Can’t get enough.
Big thanks, @bemodtwz
Last Update: 2024/11
blog.doyensec.com/2023/09/25/cli…
#BugBounty #bugbountytip
bemodtwz@bemodtwz
Auditing Google's home page as an intro to Eval Villain, a web extension for @firefox that helps in finding DOM #XSS.
English
bemodtwz retweetledi
📖Read about a real-world C# #cryptography vulnerability we've discovered in the wild in our latest blog post! No math required (unless you're into that sort of thing)!
blog.doyensec.com/2025/08/19/tri…
#doyensec #appsec #security #csharp
English
bemodtwz retweetledi
Our latest 🚨Security Advisory🚨 includes multiple vulnerabilities affecting the immersed platform (@immersedXR). The findings include an RCE via Session Overwriting, an RCE via CSRF and a Privilege Escalation flaw.
doyensec.com/resources/Doye…
#doyensec #appsec #security
English
bemodtwz retweetledi
🚀We have just released a new Security Advisory for @NASA's CFITSIO library 🛰️. Click the link for details on the Heap Overflow, Type Confusion, Out-of-Bound Writes and other vulnerabilities discovered by our @a_denkiewicz !
doyensec.com/resources/Doye…
#doyensec #appsec #security
English
@DarknetDiaries Don't know if it still works but responder use to let you broadcast console video to all your friends of like mind on the same network.
x.com/bemodtwz/statu…
bemodtwz@bemodtwz
Fun with responder script kiddies. My YUV to RGB conversion is off a couple places so there are artifacts. If you want to try it: github.com/swoops/mdns_st…
English
This Hacking Tool Tricks Windows Into Sharing Passwords
English
bemodtwz retweetledi
Our @73696e65's latest research has resulted in at least 1⃣5⃣ CVEs in ksmbd🤯, including multiple use-after-frees, bounds checks, type confusion and overflows‼️ Check it out today!
#ksmbd_linux_security_research_2" target="_blank" rel="nofollow noopener">doyensec.com/research.html#…
#doyensec #appsec #security #linux
English
bemodtwz retweetledi
