Stop 👏 assuming 👏 every 👏 vulnerability 👏 write-up 👏 or 👏 talk 👏 at 👏 conferences 👏 shows 👏 the 👏 actual 👏 discovery 👏 path. What you see is the polished version—the real work is messy, full of dead ends, and intuition-driven. Embrace exploration! 🔍✨

3,205

code w/Guillaume 💻

Dominique Righetto retweeted

code w/Guillaume 💻

@guillaume_rygn

12 Nov 2024

Je te refais découvrir ce site incroyable qui regroupe pleins de layout en CSS👀 Ça s'appelle phuoc.ng/collection/css-layo… ! Certains sont un peu gadget mais d autres sont extrêmement utile !

160

13,180

Burp Suite

Dominique Righetto retweeted

Burp Suite @Burp_Suite

12 Nov 2024

Did you know you can now upload SOAP API definition files directly to Burp Suite Professional? 🧼 #SOAP #BurpSuiteTopTip

0:36

4,112

PentesterLab

Dominique Righetto retweeted

PentesterLab

@PentesterLab

10 Nov 2024

This week has been crazy with a lot of excellent content that should keep you busy for a while! Crypto, Sandboxes, WAF Bypasses… You can find more details in our blog: pentesterlab.com/blog/resear… 🗞 dustri.org/b/upcoming-harden… 🗞 github.com/elikaski/ECC_Atta… 🗞 mdsec.co.uk/2024/10/when-waf… 🗞 jhftss.github.io/A-New-Era-o… 🗞 github.com/martinvonz/jj/sec… 🗞 github.com/ssl/shortboost 🗞 googleprojectzero.blogspot.c… #PentesterLabWeekly

Research Worth Reading Week 45/2024 - PentesterLab's Blog

This week has been crazy with a lot of excellent content that should keep you busy for a while! Crypto, Sandboxes, WAF Bypasses...

pentesterlab.com

4,995

Dominique Righetto

Dominique Righetto @righettod

10 Nov 2024

📡 OWASP Secure Headers Project: For information, we generate statistics on the use of security headers in HTTP responses for the most popular websites. These statistics are updated monthly. #appsec #appsecurity #http 📊 github.com/oshp/oshp-stats/b…

290

Dominique Righetto

Dominique Righetto @righettod

10 Nov 2024

💡 Source used: blog.majestic.com/developmen…

Majestic Million CSV now free for all, daily.

The Majestic Million is a list, updated daily, of the 1 million strongest web domains based on their backlink data. It is available to download from her for free under a Creative Commons license.

blog.majestic.com

Louis Nyffenegger

Dominique Righetto retweeted

Louis Nyffenegger @snyff

5 Nov 2024

I'm doing a talk at the @OWASPBrisbane meetup on the 18th of November on Code Review, JWT, Golang... It's going to be a lot of fun and I will bring swag and stickers! meetup.com/brisbane-owasp-me…

Recent Discoveries in My Source Code Review Journey: Navidrome Vulnerabilities, Mon, Nov 18, 2024,...

Join me on a journey through my recent source code reviews, where I uncovered vulnerabilities in Navidrome, an open-source music server written in Go, and explored how JWT

meetup.com

2,818

Thomas Roccia 🤘

Dominique Righetto retweeted

Thomas Roccia 🤘

@fr0gger_

4 Nov 2024

New LOL project, LOLAD a collection of Active Directory techniques! 👇 lolad-project.github.io/

272

885

126,979

James Kettle

Dominique Righetto retweeted

James Kettle

@albinowax

5 Nov 2024

Ever wanted to fuzz a WebSocket? We've just updated WebSocket Turbo Intruder with some new features. If you've used Turbo Intruder already, it should feel familiar :)

544

30,934

Bojan Zdrnja

Dominique Righetto retweeted

Bojan Zdrnja @bojanz

4 Nov 2024

Interesting how signature matching in Microsoft Defender is so sensitive regarding anything related to keyword "defender". So while bypassing such detection is tedious and annoying, it can still be done quite easily, as shown below.

3,332

Dominique Righetto

Dominique Righetto @righettod

27 Oct 2024

Following an issue, discovered during my recent analysis of a web application, I have added new methods to my defensive code snippets project for checking for path traversal payloads. #appsec #web github.com/righettod/code-sn…

153

Dominique Righetto

Dominique Righetto @righettod

19 Oct 2024

📡 OWASP Secure Headers Project: Add a header indicating the presence of the product IBM WebSphere DataPower in the call flow. #appsec #appsecurity #http 📖 owasp.org/www-project-secure…

189

bearstech

Dominique Righetto retweeted

bearstech

@bearstech

8 Oct 2024

Manim : une bibliothèque Python Open Source pour créer des animations mathématiques. Parfait pour les vidéos éducatives et les visualisations interactives. Il y a des profs de math dans notre audience ? 👉 Le projet : github.com/ManimCommunity/ma…

0:15

107

7,001

Burp Suite

Dominique Righetto retweeted

Burp Suite @Burp_Suite

8 Oct 2024

Have you tried the new and improved Intruder? 😎 #BurpSuite #TopTipTuesday

0:53

5,349

bugcrowd

Dominique Righetto retweeted

bugcrowd

@Bugcrowd

5 Oct 2024

Make JSON greppable with @tomnomnom's gron! gron converts JSON into grep-friendly assignments, making it easy to find and trace values to their exact paths. Install now: github.com/tomnomnom/gron

0:15

205

25,723

Julien Ehrhart

Dominique Righetto retweeted

Julien Ehrhart @JulienEhrhart

6 Oct 2024

New release of my Firefox add-ons for Home Assistant (1.3.2). 🚀 More than 25k downloads already. 😁 - Enable audio support through web browser - Passthrough audio through the host - Web authentication - Remote Debugging Port - Set custom arguments github.com/Mincka/ha-addons

GitHub - Mincka/ha-addons: My Home Assistant Add-ons

My Home Assistant Add-ons. Contribute to Mincka/ha-addons development by creating an account on GitHub.

github.com

110

PentesterLab

Dominique Righetto retweeted

PentesterLab

@PentesterLab

1 Oct 2024

🚨 New Lab Alert! 🚨 We’ve just launched another ORM Leak Lab—this time focusing on SQLite, building on our latest blog post! 🔍 🧪 Explore the lab: pentesterlab.com/exercises/o… 📖 Read the blog post for insights: pentesterlab.com/blog/orm-le… Dive into it and sharpen your skills! 💻 #AppSec #Pentesting #SQLite #WebHacking

PentesterLab: ORM LEAK: SQLite

In this challenge, you will learn to exploit an ORM leak in a Django application to retrieve the hashed password of the admin user. The goal is to demonstrate how to use specific query functions to...

pentesterlab.com

2,819