@unreleased profile picture
C @unreleased

Solutions to complex digital problems.

Joined April 2014
  • Tweets 5,808
  • Following 1,430
  • Followers 9,593
903 Photos and videos
Pinned Tweet
C
@unreleased
16 Oct 2022
A thread of some of my favourite bypasses that I've shared over the years
10
7
153
C retweeted
IRIS C2
@C2IRIS
May 29
“Mom, how did we got so rich?” “You father stopped d*cking around with bug bounty programs and sold his exploits to Western governments”
15
55
451
55,166
C
@unreleased
May 16
Can somebody give a run-down of why I don't see online blackjack bots? Even with poor deck penetration and 8 decks, you will still surely see lots of EV > 0 games across hundreds of live tables.
2
7
3,436
C
@unreleased
May 14
I'm sure there will be too many bugs to count, but: A completely unnecessary, over-the-top, pure JavaScript TLS state machine for TLS mimicry (fuck a 403) github.com/unreleased/helloj… This would have never been released if it weren't for Claude

GitHub - unreleased/hellojs: Node.js HTTP client whose TLS/H2/H3 handshake produces the same...

Node.js HTTP client whose TLS/H2/H3 handshake produces the same JA4/Akamai/peetprint fingerprint as a real Chrome browser. Drop-in request-shape API. - unreleased/hellojs

github.com
1
34
2,346
C retweeted
Bennett
@b_nnett
May 12
Replying to @crtyx_ @MarkNFT @peachypings @unreleased
they actually checked in with him to see if it was okay to risk de-valuing the brand like that. he gave the all clear and signed off on the collab
1
7
868
C
@unreleased
Apr 14
C
@unreleased
Apr 7
Finally.
4
114
36,348
C
@unreleased
Apr 7
Finally.
7
86
62,763
C
@unreleased
Apr 2
slash is down im screaming
1
11
5,540
C
@unreleased
Mar 14
met the pope
14
2,527
C
@unreleased
Feb 26
In honour of PayPal being acquired. A reminder of when PayPal stole $20k from me and the 3-years it took FOS to get me it back
C
@unreleased
8 Sep 2023
I won.
3
34
7,166
C
@unreleased
Feb 24
Close every door The destined will still walk through
second1@s_econd11
Feb 24
Replying to @paoloanzn
burnt the loop for an ego post topping at 200 likes... how not to RE.
1
1
11
4,113
C
@unreleased
Feb 18
Change your phone's autocorrect so `@@` turns into your email and `##` turns into your phone number. Has saved so much time
1
34
3,092
C
@unreleased
Jan 21
this the year I’m switching up on my day 1s
C
@unreleased
Jan 21
28 🎉🥳
2
15
4,785
C
@unreleased
Jan 21
28 🎉🥳
3
24
6,519
C
@unreleased
Jan 13
Thank god that's over
2
1
15
4,465
C
@unreleased
25 Nov 2025
Staying in LA until February 🫡
1
6
3,503
C
@unreleased
31 Oct 2025
trimming rune 5000gp
1
10
3,619
C retweeted
Blake@BlakeCops
30 Oct 2025
After seeing all the hype around @whop Whop Apps, I decided to jump in and create something of value. Introducing PayWall — a simple way for creators to sell any unlockable content instantly. Works for FBA leads, sports betting picks, trading setups, copywriting frameworks — anything. Instant payments. No subscriptions. No manual DMs. Give it a try here: whop.com/apps/app_p3o1C6XIjf…
2:03
2
2
10
3,466
C
@unreleased
20 Oct 2025
Guess it really is possible, Matching JA4 using only net.Socket. It would be really cool if this was built on further. I handle all tls1.3 ciphers but fake support for X25519MLKEM768, no tls1.2 fallback, no session resumption, no certificate validation, no http/1.1 support, and just a very basic h2 request to get the response, it's also very slow
C
@unreleased
18 Oct 2025
Turns out you can mimic the chrome tls fingerprint in Node if you write your own TLS client over net.Socket rather than using their internal openssl bindings
6
60
17,878
C
@unreleased
23 Oct 2025
TIL: Pretty much every http library gives you agent options, turns out I could hook my TLS class into these to use it with popular libraries (got, request etc), but then I had to also handle http proxies via the agent as specifying an options proxies for these libraries overrides the agent and uses the internal tls
2
1,799
C retweeted
Nagli
@galnagli
22 Oct 2025
We found a way to access Max Verstappen's passport, driver's license, and personal information. Along with every other @Formula1 driver's sensitive data. It took us 10 minutes using one simple security flaw 🧵
126
597
5,875
2,894,178
C
@unreleased
22 Oct 2025
Tested & it actually worked on an Akamai site with http/1.1
C
@unreleased
20 Oct 2025
Guess it really is possible, Matching JA4 using only net.Socket. It would be really cool if this was built on further. I handle all tls1.3 ciphers but fake support for X25519MLKEM768, no tls1.2 fallback, no session resumption, no certificate validation, no http/1.1 support, and just a very basic h2 request to get the response, it's also very slow
1
32
6,729
Load more