Joona

ffuf 2.0 is out! There are couple of new major features introduced as well as updates to the project in general. I had way more to say that fits in the birdsite format, so here's a thread on more applicable platform on the topic: @joohoi/109806822104162973" target="_blank" rel="nofollow noopener">infosec.exchange/@joohoi/109806…

@ctbbpodcast Good stuff, and nice discussion around ffuf too. You did touch the need for a preprocessing functionality, and guess what - it has existed in ffuf for more than two years as well😅github.com/ffuf/ffuf/pull…

HackerNotes TLDR for episode 147! — blog.criticalthinkingpodcast.io/p/hackernotes-… ►⠀Auto-Decoding: Use built-in tools to avoid conversions outside of your HTTP proxy. ►⠀DevTools: Edit as HTML: Right-click DOM elements to edit HTML directly - perfect for feeding context to LLMs and checking if payloads are actually HTML encoded. ►⠀fuff: Interactive Mode: Press Enter during execution to pause, then use a whole new set of commands to dynamically adjust the scan. Also, use -c for color output so you don't strain your eyeballs. ►⠀Conditional Breakpoints: Run arbitrary JavaScript at specific execution points without match & replace rule headaches - perfect for testing feature flags.

@GGTioNogu @stokfredrik @WHY2025Camp Already happening in UK! Check out @emfcamp ! And definitely get involved, well worth it.

@stokfredrik @WHY2025Camp Yooooo this is sooooo cool, combining my 2 favorite things. I gotta get involved in this, and make it happen in the UK. Was it everything you hoped for?

Spent a week at the Dutch hacker camp @WHY2025Camp with the Cold North / Salmiakki crew. And I leave camp with a full heart, amazing memories, new relationships, deeper knowledge, renewed curiosity and a deeper understanding of the european hacker / hackerspace culture. Can’t wait for CCC / CCC camp and the next Dutch camp in 2029. What an amazing experience it’s been. Thanks to everyone that I met along the way.

Ylämuistialan kartanon turvakamerassa Tietoturvatyökaluvelho @joohoi. Jakso julkaistaan huomenna! #herrasmieshakkerit #äänijulkaisu #podcast

@fede_k @ekoparty @stokfredrik Ooh you made me look cool ❤️

Just developed a roll, in the few pics of @ekoparty I found this great snap of @joohoi and myself by @stokfredrik

At the airport with @TomNomNom

@mconsec_ @TomNomNom It’s tomnomhoi

@TomNomNom @joohoi At this point, I won’t know who’s who. 😂😂😂

This time I found the real one @TomNomNom 😂

@w1th4d @TomNomNom @stokfredrik Fuego extra

@TomNomNom @stokfredrik @joohoi It still blows my mind. 🤯

🔴 Ya están en el LADO B @stokfredrik y @joohoi 😎 Cerrarán hoy el maintrack con su charla: "Flipping Bits: Your Credentials Are Certainly Mine". Sumate al stream junto a @fede_k y @Gala_chip >> twitch.tv/ekoparty

Getting ready for the second day of @HIPConf by a nice 4k 🏃‍♂️‍➡️ along the Mississippi river. I'll be on stage at 10.40!

@kzwaaaa @stokfredrik Super glad you liked it ❤️. The idea was to provoke thought, as the tool itself doesn’t do the work for you, but enables you to do more. Just like we should do with the knowledge transfer and lifting up people.

@joohoi @stokfredrik Such a good talk! I learned a lot about ffuf!

I’ll be around Ekoparty for the next three days. Going to deliver a ffuf talk later today and a bitflip talk together with @stokfredrik on friday. I have a good bunch of ffuf stickers with me, so if you see me around, come and say hi and get yours! Pic: me today

@joohoi closing the #BugBountyVillage at @ekoparty

Boom! Super excited to announce that I’m joining the @joohoi and the badass @visma security team today! 🔥

Excited to announce @joohoi’s Turbo Talk, "ffuf - Fantastic Features Used by Few" at the #BugBountyVillage during @ekoparty! 🎉 Dive into underutilized features in the web fuzzing tool ffuf, with examples to boost your skills and efficiency in offensive security. 🔥 📅 2024-11-13 ⏰ 17:45 hrs Don’t miss it! 👾✨ #EKO2024 #BugBounty

@TomNomNom Look at the timeline and see for yourself. Many of your tools don’t just support it, but actively _enable_ it ❤️

@TomNomNom So my answer is; none of them individually, but the philosophy behind their ux!

@TomNomNom I’m not sure if you realize this, as one tends to become blind to things that are ”normal” on their radar but you are one of the folks who normalized posix-like pipable output in offensive security tooling, and look at the landscape today!

I love CRLF Injection 😜

@BugBountyArg @ekozonaredteam You should be able to now :)

@joohoi @ekozonaredteam Yep! Let’s talk! (We Can’t send you DM because we aren’t a verified account 🥺)

Hey @ekozonaredteam / @BugBountyArg , are you planning to have lightning talks in your Ekoparty village schedule? As I’ll be around the conference, I could do a lightning talk about newer / less known ffuf features (in case that sounds interesting to you).