Tomer Zait

@megabeets_ You’re the best ❤️

Completed all 9 challenges of #flareon12 🥳Kudos to all challenge authors - you did a great job! No doubt, Reverse Engineering is pure joy and misery. See you all next year

VRPlayground, Next-gen, Swagger-driven, polyglot labs for modern AppSec training & research. Is a new open source project by @F5 Security Research Team. github.com/f5devcentral/V…

Maybe it’s just me, but after a 12-day war with Iran, all I want is an @AdamSandler and @SachaBaronCohen movie. Watched “Don’t Mess with the Zohan” & “The Dictator” for the 99th time, now the world needs “Don’t Mess with the Zohan 2,” starring both.

פיד ישראל: מקומות שניתן לתרום להם בדולרים ויש להם חשבון ב benevity? 🇮🇱 אשמח אם תעזרו לי להפיץ את ההודעה

@OWASP_IL @realgam3 Updated Big-In-Japan Writeup jctf.team/AppSec-IL-2025… to add what should be the intended solution (since it seems we solved it using an unintended way).

Get ready, hackers! OWASP Israel I’m excited to invite you to register for the AppSec-IL CTF competition🤩✨ CTF challenges built by our team at F5, just for you! 🔐💻 (F5 is also proud to support this event as a sponsor!)

@wa1tf0r_me @0x_shaq ES6+ is pretty decent 😅 You still have JavaScript voodoo magic but with async await syntax they removed the promise hell that removed the callback hell 😂 And they have classes now…

@0x_shaq Still better than JavaScript

i said what i said

In the last INTENT CTF, we had to rate limit but faced a challenge: all participants shared the same IP address. To solve this, CTFd-JWT-Auth was born. Players visit the web URL, auto-login, and their team/user IDs are signed. Then we can decide to rate limit per team or user.

Squirrel Sandbox Escape: I'm publishing my VR journal for a 1day I was curious about for years now. I have around six days of raw footage: from initial analysis all the way to PC takeover, so there should be more episodes coming soon :^) Link: youtube.com/watch?v=h__rwI…

@7etsuo 🕯️❤️‍🩹

@0x_shaq Don’t forget it’s a windows git installer 😂 The Linux one configure vim automatically and kick you

lol git installer is so salty

@malwrhunterteam Still better than floppy disks 😂

😂

My colleague @hash_kitten and I discovered a full-read SSRF vulnerability in Next.js (CVE-2024-34351). We published our research today on @assetnote's blog: assetnote.io/resources/rese…. Thank you to the Vercel team for a smooth disclosure process.

@0x_shaq That’s why I do it myself 😂

DevOps are the biggest hackers fr

@0x_shaq 😂😂😂 so true

I mean, what could go wrong

@binitamshah In 2019 I presented on BSidesLV together with @El3ct71k about ReDTunnel ( a tool that automates DNS rebinding and the journey of the development) youtu.be/P16IHMJqJKI?si…

DNS rebinding in web browsers : Part 1 : We Hacked Ourselves With DNS Rebinding : intruder.io/research/we-ha… Part 2 : intruder.io/research/split…

Open Source January 🤣

My friend @m417z developed an incredible tool called #Windhawk. It's similar to Grease Monkey, but for the operating system. Now, you can create custom hooks for any process you desire. What did I do? I brought Linux to Windows! 😂 windhawk.net/mods/dot-hide