C

A thread of some of my favourite bypasses that I've shared over the years

I'm sure there will be too many bugs to count, but: A completely unnecessary, over-the-top, pure JavaScript TLS state machine for TLS mimicry (fuck a 403) github.com/unreleased/hel… This would have never been released if it weren't for Claude

@crtyx_ @MarkNFT @peachypings @unreleased they actually checked in with him to see if it was okay to risk de-valuing the brand like that. he gave the all clear and signed off on the collab

@MarkNFT @crtyx_ @peachypings they're all fake

@crtyx_ @peachypings @unreleased Amen

Credit: @peachypings #swatch #apswatch #audemarspiguet #audemarspiguetswatch #royalpop

@DandiG_ Ah, Maybe I forget to mention it was the first issued centurion in the UK this year

@unreleased Congrats man but this is a worse flex than a 2013 white datejust

@m_chael @18pairsonkith Thanks for exposing me once again

@18pairsonkith @unreleased

@solvingfrank frankie four fingers

@solvingfrank four finger frank

@draxnnn it's a lot

@unreleased How much you need to spend to be invited

Finally.

@stockxsucks I think US is $5k initiation + $5k not 100% though

@unreleased is it much cheaper in the UK? I thought US was 10k initiation

@terabyte im screaming

@unreleased vercel* 😅

slash is down im screaming

@MeekMill All the best party invites come through github

I need a GitHub too! Is it like that or nah?

I think he means if you were using any VOIP when registering the account, you will have to perform a liveness check at that point. Not that Instagram is using your camera in the background without your knowledge as some sort of anti-bot I may be wrong, but I thought the LED on most phone/laptop cameras is engineered so it cannot activate without the green indicator light turning on; you would know.

So they are actually accessing live video data from the phone’s camera? Without alerting the user? I did not think that was even technically possible on Apple, and certainly seems like it would be against TOS… I had thought before that granting camera access to apps like that was not a concern outside of when you actually deliberately use the camera feature in the app but I guess not

@markvalorian @justalexoki If you trip any high risk flags (e.g., using a VOIP phone number or disposable email to register)

met the pope

@levelsio @Hetzner_Online Swapped to AWS a few days ago because of this exact issue, been using hetzner for years, it’s gotten worse

What's scary is how easy it is to take down anyone's site if they're hosted on @Hetzner_Online I'm the biggest Hetzner fan btw so that's why I say it But you can just send an abuse report to any site on Hetzner and if the site owner doesn't reply within 24 hours they generally block the server IP taking down the site It happened to me this week for the nth time! The question is if you're a solo biz like me, if you get to that email on time Essentially you have to be on standby every day of the week forever just to keep your sites up @Cloudflare is much more reasonable with abuse reports, taking the side of their paying customers first, and only taking down if forced by a court (as it should be!)

@b_nnett one of us one of us one of us

Opus just went through the most human experience of getting too excited about finding a bypass before finishing testing it

@Crypto_Briefing Good I'd rather watch it burn

@unreleased x.com/Crypto_Briefin…

In honour of PayPal being acquired. A reminder of when PayPal stole $20k from me and the 3-years it took FOS to get me it back

@and_rew Good ol' Revolut and Paypal bans

@unreleased Good times counting down the days of the 6 month bans