ᴌ̩̩̩̩̩Δ̩̩̩̩̩ϻ͢͢₱̻̻

Just got a job offer doing red team work. It'll be nice to step outside of my usual comfort zone of web app pentesting. I'm excited!

28.05.2025 04:43 — 👍 1    🔁 0    💬 0    📌 0

For instance, here's a generated payload to exploit *.google whitelisting where most src directives are locked down, but remote font imports are still possible, to exfiltrate JavaScript localStorage to a tester-supplied endpoint.

12.05.2025 16:52 — 👍 1    🔁 0    💬 0    📌 0

CSPwn

I believe we may have spoken before on twitter, but have you seen my tool, CSPwn? I also have some detections for domains with exploitable JSONP endpoints, though probably less than you, but focus more on custom payload generation and exfiltration. May be worth collaborating. cspwn.gg

12.05.2025 16:48 — 👍 1    🔁 0    💬 1    📌 0

Figured I'd finally start using Bluesky and Mastodon. Elon has turned Twitter into a racist cesspool. Expect to see more posts from me here.

10.05.2025 15:56 — 👍 2    🔁 0    💬 0    📌 0