Dominic White 👾

31.2K posts

Dominic White 👾

@singe

Hacker @sensepost - minimally active here. Find me at https://t.co/j4QzFmubF1 || @singe.bsky.social

Katılım Ağustos 2007

585 Takip Edilen11.7K Takipçiler

Sabitlenmiş Tweet

Dominic White 👾@singe·25 May

Earlier this week I gave a talk to our internal hacking teams about the difference between good hackers and great ones that have been able to impact our field. I included three extended quotes - two from writers and one from Hamming that influenced my approach early on. Maybe some of it is useful for you.

English

103

19.3K

Dominic White 👾@singe·4 Mar

@AbouSax @robertmida_k oui?

Mouzenger🇹🇬@AbouSax·4 Mar

@robertmida_k @singe fc

🥷🙇🏽 🇧🇷🇹🇬@robertmida_k·4 Mar

Mentionnes l’@ ou la première lettre du blaze de ta/ton crush sur Twitter, il/elle va venir te rep . Allez go !

Français

175

Dominic White 👾@singe·19 Şub

@Crimeonadime Yeah developer.apple.com/documentation/…

English

Paws on a Dime@Crimeonadime·19 Şub

@singe Will it only be accessible if you write an app?

English

Dominic White 👾 retweetledi

Dominic White 👾@singe·18 Şub

I'm impressed by how light weight the Apple on-device Foundation LLM is for Apple Intelligence, so I vibe'd a small macOS tool (26.0+) to interact with them. It supports GUI and CLI and tool calling. Even big responses fail to move the CPU/GPU by a single percentage. Link below.

English

501

Dominic White 👾@singe·19 Şub

@Crimeonadime The same. That’s what I’ll try next. Should be the same Swift calls just the UI that changes.

English

Paws on a Dime@Crimeonadime·19 Şub

@singe what can be accessed on iOS?

English

Dominic White 👾@singe·18 Şub

github.com/singe/seldon

ZXX

222

Dominic White 👾@singe·12 Şub

I don't know why this interview is in Moxie's boat sauna, but it's a fun way to remind non-security people not to use Telegram.

Sabrina Halper@SabrinaHalper

Founder of @signalapp, @moxie Marlinspike on Telegram: "Telegrams not a private messenger. There's nothing private about it. It's the opposite. It's a cloud messenger where every message you've ever sent or received is in plain text in a database that telegram the organization controls and has access to it" "It's like 'Russian oligarch starts unencrypted version of WhatsApp', a pixel for pixel clone of WhatsApp. That should be kind of a difficult brand to operate. And somehow, they've done a really amazing job of convincing the whole world that this is an encrypted messaging app and that the founder is some kind of Russian dissident, even though he goes there once a month, the whole team lives there, and their families are there." " What happened in France is they just chose not to respond to the subpoena. And so that's in violation of the law. And, he gets arrested in France, right? And everyone's like, oh, France, but I think the key point is they have the data, like they can respond to the subpoenas where as Signal, for instance, doesn't have access to the data and couldn't respond to that same request. To me it's very obvious that Russia would've had a much less polite version of that conversation with Pavel Durov and the telegram team before this moment. "

English

497

Dominic White 👾 retweetledi

Insomni'hack@1ns0mn1h4ck·29 Oca

The #Insomnihack 2026 talks lineup are LIVE! Top-tier speakers. Real-world security research. Check out the full programme and register now 👇 ow.ly/KFuO50Y5ncy Seats are limited so don’t miss it! #Cybersecurity #Infosec #INSO2026 #CyberConferences

English

7.6K

Dominic White 👾@singe·30 Oca

@infinitelogins Thanks for the shout out! The other unexpected use if for removing unnecessary cruft from responses for Burp AI to not truncate useful content later on. I mentioned this on LinkedIn too, but figure it's worth repeating here :)

English

143

Dominic White 👾 retweetledi

Harley Kimball@infinitelogins·29 Oca

Dominic White's (@singe) Burp Global Match & Replace extension allows system-wide application of match & replace rules across all Burp Suite tools, not just the Proxy. This means your transformations work in Repeater, Intruder, Scanner, and other extensions, not just proxied requests. Practical Examples: IDOR Testing: Swap user IDs or session tokens globally to test authorization across all endpoints SSRF Hunting: Auto-inject your Burp Collaborator URL wherever internal URLs appear API Version Testing: Replace /api/v2/ with /api/v1/ system-wide to discover vulnerabilities in legacy endpoints WAF Bypassing: Automatically modify headers or content-types across all requests Check it out here 👇 github.com/singe/burp_glo… #BugBounty

English

3.6K

Dominic White 👾@singe·26 Oca

You can grab it from github.com/singe/burp_glo…

English

257

Dominic White 👾@singe·26 Oca

I updated that Burp Global Match & Replace plugin to use the Montoya API, be able to target specific Burp tools (or apply globally), extend the rule matching syntax, and give you a view per request and response of the changes.

English

338

Dominic White 👾 retweetledi

Aurélien Chalot@Defte_·23 Eyl

Dumping LSASS is old school. If an admin is connected on a server you are local admin on, just create a scheduled task asking for a certificate on his behalf, get the cert, get its privs. All automatized in the schtask_as module for NetExec 🥳🥳🥳

English

299

1.4K

70.3K

Dominic White 👾@singe·22 Oca

@tvmpt Can you explain the use case a bit more, why would you want to send two requests?

English

TvM@tvmpt·20 Oca

@singe That sounds really useful. Would it be possible to add a feature where, instead of only modifying the request, Burp send the original request and then resend an additional modified request for each Match & Replace rule?

English

Dominic White 👾@singe·19 Oca

In Portswigger's Burp I needed a way to do Match & Replace globally across all utilities, not just the proxy so I wrote an extension github.com/singe/burp_glo…

English

122

6.9K

Dominic White 👾@singe·22 Oca

@_CryptoCat You can do it for a request, but not a response (one of my use cases was removing an overly long CSP so Burp AI wouldn't truncate the actual response data.

English

CryptoCat@_CryptoCat·20 Oca

@singe Can't you achieve the same with session handling rules? It let's you tick repeater, intruder, extensions etc

English

286

Dominic White 👾 retweetledi

_leon_jacobs(💥)@leonjza·19 Oca

Really excited to present this Frida training @1ns0mn1h4ck with @IPmegladon and myself! If you've dabbled with @fridadotre before, but want a practical learning opportunity to improve your usage and understanding, this one is for you!

Insomni'hack@1ns0mn1h4ck

Learn how to bypass security controls using Frida at #InsomniHack workshop. "Binary Instrumentation with Frida" is led by SensePost and it is made for reverse engineers & pentesters. Get your ticket: ow.ly/bPNA50XVBIx #Cybersecurity #INSO2026 #Cyberworkshops

English

1.8K

Dominic White 👾@singe·20 Oca

@ayadim_ @skocherhan It’s global so it would also apply to intruder.

English

239

Ayadim@ayadim_·20 Oca

@singe @skocherhan It could be interesting in intruder

English

331

Dominic White 👾@singe·8 Oca

I know there’s a convenient & addictive algorithm here’s & I know you can still get relevant security news here. Maybe in the past you didn’t care about politics & Elon’s noise, but now X is generating nonconsensual sexual images of children. Take a fucking stand. Log off.

English

267

Dominic White 👾@singe·7 Oca

English

469

Keşfet

@AbouSax @robertmida_k @Crimeonadime @infinitelogins @tvmpt @_CryptoCat @elonmusk @BarackObama