18, Security Consultant, Contracted OffSec Web App Trainer @hackthebox_eu & BSIDES 2023 Speaker @BSidesCymru
Joined September 2020
- Tweets 1,011
- Following 176
- Followers 1,405
- Likes 1,392
90 Photos and videos
While listening to the @ctbbpodcast, I discovered that my own blog was vulnerable to Cache Deception! It would have allowed anyone to send me a link and then retrieve all hidden posts.
This sent me down a caching deep dive, check out the details here:
jorianwoltjer.com/blog/p/cod…
3
56
278
12,122
0xJay retweeted
25 Mar 2025
Arkana ransomware group claims to have compromised an Internet Service Provider in California.
They were even nice enough to put together a music video montage illustrating the level of access they possess.
37
100
832
61,948
Does anyone know any possible ways to exfiltrate or make general client-side calls (XHR();) etc within a Chrome PDF renderer? The sanbox runs in a blob:// or chrome://pdf-viewer context, and is isolated from the parent pages DOM. - I only know of app.alert(), app.beep() etc 1/2
1
334
I'm positive that PDFium blocks dom manipulations outside the pdf such as this.addHTM or parent.document, does anyone know of any useful functions? or a browser version with a CVE relating to being able to execute some form of `network` requests, external navigation or dom manip?
1
198
It's most likely a dead end, but thought I'd ask. @BRuteLogic @dreyand_
2
242
Critical vulnerabilities doesn't have to be complex or have a CVE - @deepseek_ai publicly exposed their internal ClickHouse database to the world, without any authentication at all, and leaked sensitive data.
No one is safe from security mistakes, follow along to learn more 🧵
47
375
2,227
317,976
0xJay retweeted
28 Jan 2025
Discover blocklist bypasses via unicode overflows using the latest updates to ActiveScan , Hackvertor & Shazzer! Thanks to @ryancbarnett and @thecyberneh for sharing this technique. Writeup 👇
ALT GET / Set-Cookie: foo=bar 403 Forbidden GET /伍伊Set-Cookie: foo=bar 200 OK Set-Cookie: foo=bar
3
37
200
15,399
Taking another break from X to sort all of my personal issues, I still intend on January 2025 and onwards being one of my most accomplished years. Goodbye for now! :)❤️
I know I've been inactive, but, I have so so much going on in my personal life. I promise 2025 will be a grind, let me just get stuff back in order personally first. I won't disclose much more, so please don't ask. I appreciate it! ♥️
1
1
375
New writeup from @_specters_ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate.
Full disclosure:
samcurry.net/hacking-kia
86
972
3,542
344,310
#Malware
https://blackhatrussia[.]com/
This site hosts a load of fake hacking tools / or cracked tools which contains malware. Looking through the files, it's a variety of things.
Info stealer, str replacing crypto addresses (BTC, ETH etc), and general enum. 1/however many
3
6
497
lol - his (potential) username is also in a load of breaches from other forums like demonforums - bilalkhanicom (his username) - check leakpeek.com and other alternatives for the relevant leaked data (including a very weak plain-text password re-used in dif formats)
296