TvM

@thedawgyg This looks cool! I’m curious about your workflow—what type of AI are you using and how are you handling the orchestration? Good luck with that RCE! 🤞

I should have done this a long time ago lol. But now i must go to sleep. and let my little mini me hackers work while i sleep. Who knows, maybe Ill wake up to a chrome RCE to verify and report 🤞🤞😂😂

@singe This would work if rules could be triggered based on a regex match: you’d send one request to Repeater with a dummy value, and it would know to run all rules and resend every matching request with the value substituted.

@singe It helps identify auth issues like BAC by comparing responses between requests. It also enables fuzzing by sending multiple requests with random characters (' " ? % & > [ $) in URL/JSON params or headers to check whether any context breaks when those values are used as input.

In Portswigger's Burp I needed a way to do Match & Replace globally across all utilities, not just the proxy so I wrote an extension github.com/singe/burp_glo…

Happy Arcanum-versary! @arcanuminfosec 's 1st giveaway for the week is FOUR seats to our EPIC Advanced Client-Side Hacking course by myself and @xssdoctor ! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! Syllabus for the course below 👇

No matter how much you think you know about Recon, a @Jhaddix talk will always prove there’s more to learn. Constant value every single time. 🕵️ ​#CyberSecurity #Pentesting #BugBountytips #BugBounty youtu.be/B1YcflQRvOI

@thedawgyg @busf4ctor @RodoAssis ☝️

@busf4ctor Also just noticed your in Brazil. If you happen to be looking for work, Braze is hiring a Sr AppSec person to work directly with me. So throw a resume in if interested

This is a great one. I call it making assumptions. You are assuming it's been tested or hardened. I do it all the time, and I have to actively fight against it.

🤯 Jumping into Bug Bounty? Stop manually sifting through minified JS! ​It's a known fact: Javascript files are a GOLD MINE for security bugs. This extension turns minified chaos into readable code instantly. 🚀 ​ chromewebstore.google.com/detail/code-fo… ​#BugBounty #WebSecurity #infosec

My Twitter algorithm is convinced I need more low-quality content and questionable influencers. 🤦 I'm fighting back! Send me your best recommendations for top-tier #Cybersecurity and #BugBounty accounts to follow. Help me fix my feed before it's too late! 😟

Great writeup — concise + well-explained. A fantastic primer for new bug bounty hunters just getting started, perfect for learning how small issues chain into account takeover👉 zere.es/posts/cache-de… by @j_zere #bugbounty #appsec #infosec

@zseano Wishing you comfort and peace in this time of sorrow.

Unexpectedly lost my dad early hours this morning… completely out of the blue. He was fit & healthy and now he’s gone 😭 lost for words on how I feel. RIP Dad ❤️❤️ love & miss you forever

@_jensec For something more advanced that might involve reverse engineering, you have this channel. It's helped me a lot in the past... @fatalsec" target="_blank" rel="nofollow noopener">m.youtube.com/@fatalsec By @SecFatal

@_jensec Sometimes ssl unpining is not trivial and a quick and easy solution for analyzing requests is to use Frida scripts directly and log everything that is http...

anyone has good advise on how to intercept flutter based mobile apps with burpsuite?

15 damn years! 😬#MyXAnniversary

@HusseiN98D @Bugcrowd Well done. Without going into the details of the methodology, using a purely manual approach what categories have you found to be the most prevalent?

Starting off 2025 with some cool vulns. Gg everyone 🌙 Zero automation for me. Cc @Bugcrowd

@irsdl @PortSwigger I thought I was the only one making these simple mistakes... 😅

A #BurpSuite pro version tip: Always use project files - do not think that you can always convert a temporary project to a permanent project! Sometimes it doesn't work and there is no error message to report his to @PortSwigger - happened "again" to me yesterday! painful 😅

Resolutions for 2025: ❌ read the books I bought ❌ finish the udemy courses ❌ finish all the @PortSwigger labs ❌ read bookmarked articles ❌ view all YouTube "watch later" videos ✅

Step by step guide to becoming a Cyber Security Expert in 2025 roadmap.sh/cyber-security

Here's a nice way to spend the evening...🍿 It took a while, but it's here. Thank you @defcon @Rhynorater youtu.be/TqKb7h8VFcA

@tvmpt Yes! Eventually haha

I've just seen the latest episode, and once again... 🤯 Thank you @fransrosen & @ctbbpodcast for sharing 👏 The X-Correlation between Frans & RCE - Research Drop (Ep. 86) youtube.com/watch?v=YLdqWZ…