Kamil Vavra

I was always frustrated that the local post office never sends me notifications about the package deliveries. It turns out Google was marking all the SMS as spam. If you are on Android, check your "Spam & blocked" in the Messages! TIL that I have some essential messages there ...

I just successfully bricked my Kindle 7th after attempting a WinterBreak Jailbreak. RIP

Our Czech chapter meeting just concluded. We would love to thank our attendees, speakers and sponsors. Looking forward to see you in 2026 😎

Dear OWASPers, you can register for our upcoming event here eventbrite.com/e/owasp-czech-…. The CZ chapter meeting takes place on 4th of December. See you there 😎

Next Czech OWASP chapter meeting will be held in Brno, on 30th September in evening hours, details comming soon. We are looking for speakers!

Hey all 👋 it is a pleasure to announce, that registration for upcoming OWASP chapter meeting is open, grab your ticket here: eventbrite.com/e/1339881524709

I had an idea for a tool and asked ChatGPT to generate it. JS Snitch is a command-line tool that scans remote JavaScript files for leaked secrets or potential credentials with Trufflehog + Semgrep github.com/vavkamil/js-sn… I already found some great secrets in the wild :)

Dear followers, we would love to let you know that there is going to be #owasp #chapter #meeting in Prague next week. Feel free to register here eventbrite.com/e/owasp-czech-…. Capacity is limited, so don't wait with the registration.

.@Volexity’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target, while the attacker was halfway around the world. volexity.com/blog/2024/11/2… #dfir

I'm thrilled to finally share my research on HTML parsing and DOMPurify at @GreHack 2024 📜 The research article is available here: mizu.re/post/exploring… The slides are available here: slides.com/kevin-mizu/gre… 1/3

Hey! The next OWASP event in Brno will happen in a week:) Grab your tickets on the following link 🤓 eventbrite.com/e/owasp-czech-…

Learn how to conceal payloads in URL credentials and abuse them for DOM XSS and DOM Clobbering. portswigger.net/research/conce…

@d4d89704243 @PortSwiggerRes @garethheyes @albinowax It works and looks awesome, thank you 👍

@vavkamil @PortSwiggerRes @garethheyes @albinowax @vavkamil Everything should work now. Launching a new service is not an easy task 🚀

Upgrade your SSRF, CORS & Open Redirect testing with our new URL Validation Bypass cheat sheet, containing all known techniques! portswigger.net/web-security/s…

@d4d89704243 @PortSwiggerRes @garethheyes @albinowax Does it work? I'm not getting any DNS answer on the subdomain

@PortSwiggerRes This is the result of the hard team work. Many thanks to the @garethheyes and @albinowax for helping me with. We really hope that you’ll like it.

See you in 2 days in a new venue! x.com/OWASP_Czech/st…

Hello all, the last event of this year is comming! See you on December 13th🥳 eventbrite.com/e/770129807987/

Bookmarklet hijacking vavkamil.cz/2023/10/26/boo…

Hi folks, event in Brno in early November and in Prague in early December 🥳 Speakers wanted! Ping us if you would like to give a talk 🤓 Details 🗓️ will be released soon!

@garethheyes @albinowax @WebSecAcademy No way, I tried random email and solved the lab :D Thank you!

@vavkamil @albinowax @WebSecAcademy Probably duplicate emails :D

We've just published a new @WebSecAcademy topic on GraphQL! Learn how to abuse introspection, discover hidden data, bypass rate-limits, and trigger CSRF with this popular API technology. portswigger.net/web-security/g…

@albinowax @WebSecAcademy Yep, sorry, I sent the payload to support email, but then noticed it was eventually solved. Still not a clue what I did wrong :)

@vavkamil @WebSecAcademy We have automated tests that verify all labs are solveable - and someone's already solved all five labs - so it's likely you're doing something wrong. Not sure what though!