Soroush Dalili ๐Ÿ๐Ÿ's Avatar

Soroush Dalili ๐Ÿ๐Ÿ

@irsdl.bsky.social

Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker, X: @irsdl https://secproject.com/ https://soroush.me/ https://burpsuite.ninja/

1,722 Followers  |  245 Following  |  27 Posts  |  Joined: 04.09.2023  |  2.0607

Latest posts by irsdl.bsky.social on Bluesky

Some sites may use direct IP address today if their domain name servers were not with Cloudflare too! There is this opportunity for WAF bypass... please share it , sharing is caring... ๐Ÿค—

18.11.2025 14:06 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

happy cloudflare outage day to all who celebrate

18.11.2025 11:57 โ€” ๐Ÿ‘ 1547    ๐Ÿ” 399    ๐Ÿ’ฌ 25    ๐Ÿ“Œ 22

With cloudflare being down, and as a result, most things I use being down, I came here to say hi ๐Ÿคญ I guess I will use other AIs than chatgpt today!

18.11.2025 13:23 โ€” ๐Ÿ‘ 4    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Wouldn't this also be vulnerable to dns rebinding attacks?

02.07.2025 10:16 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

I only have one ticket! I am not the worst ๐Ÿคฃ

02.06.2025 17:37 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

You would have kept it if it was called activity logs ๐Ÿฅน Probably an ego boost would be a better name for these activities though ๐Ÿฅฒ

18.04.2025 22:55 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

These days, Iโ€™m off work, busy taking care of a family member, so this really brightened my day and brought a big smile to my face. ๐Ÿ˜Œ thanks @portswigger.net

08.04.2025 13:06 โ€” ๐Ÿ‘ 11    ๐Ÿ” 0    ๐Ÿ’ฌ 2    ๐Ÿ“Œ 0

I wonder if burp itself can do something for jython extensions since it has access to the location of a jython jar file to share it with extensions. But even with that I need to see how jython can use montoya ๐Ÿฅฒ

08.04.2025 13:04 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Are Jython extensions deprecated? - Burp Suite User Forum Hello, I was looking into writing an extension, and all of the current documentation seems to indicate it should be done in Java via the new...

Do we need to include the jython jar file in it? forum.portswigger.net/thread/are-j...

08.04.2025 07:23 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

I always thought jython cannot use montoya. Is this a hackvertor hack or it's been always possible?

07.04.2025 22:58 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
DC4420 - April 2025 A beta relaunch of the calendar classic DC4420.

Did you know? DC4420, the London monthly that graced central London for all of the 10s and before, has a new home and a new date!

Greene Man, 383 Euston Road, London, NW1 3AU
April 29

Be there.

www.eventbrite.co.uk/e/dc4420-apr... has details. you don't have to register.

#infosec #security

07.04.2025 19:16 โ€” ๐Ÿ‘ 3    ๐Ÿ” 4    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

If you like hacking XML, this article is a gold mine! ๐Ÿ˜ฑ

It includes parser discrepancies, round-trip attacks and my favorite, namespace confusion ๐Ÿคฉ

28.03.2025 18:33 โ€” ๐Ÿ‘ 26    ๐Ÿ” 7    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

As always, also thanks to @albinowax and @PortSwigger for keeping the top 10 flame alive for another year!

04.02.2025 16:49 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Congrats to all the winners (especially @orange.tw) and all researchers who made the 2024 long list! ๐Ÿฅ‚ Thanks for sharing your work with us! ๐Ÿซก

To readers: Donโ€™t just read the top 10โ€”start there and then explore the rest. There are many great works beyond the top 10, so donโ€™t limit yourself! ๐Ÿฆพ

04.02.2025 16:49 โ€” ๐Ÿ‘ 7    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

This year two new security legends have joined the top-ten expert panel - @liveoverflow.bsky.social and @stokfredrik.bsky.social! Excited to see what analysis & insights they bring to the top ten alongside long-time contributors @agarri.fr and @irsdl.bsky.social

23.01.2025 12:37 โ€” ๐Ÿ‘ 40    ๐Ÿ” 5    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 1
Preview
Top 10 web hacking techniques of 2024 Welcome to the community vote for the Top 10 Web Hacking Techniques of 2024.

Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here: portswigger.net/polls/top-10...

15.01.2025 15:24 โ€” ๐Ÿ‘ 24    ๐Ÿ” 8    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 7

Please submit any interesting and especially new web/http related topic published in 2024

09.01.2025 08:13 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

You are right. Unfortunately it's a cruel one especially when there is no sponsor. Most researchers also just use it with not much contribution which is ok but sad.

24.12.2024 17:45 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

If you are using YSoSerial .Net, we have accepted a few PRs and patched several bugs & improved the ViewState plugin!

Merry Christmas ๐ŸŽ…

github.com/pwntester/ys...

24.12.2024 11:54 โ€” ๐Ÿ‘ 16    ๐Ÿ” 5    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

We are extending our call for papers to January 1, 2025!

We are now targeting an end of January release.

If you have any Linux/ELF related research, projects, or papers, we would love to publish them!

Huge thank you to everyone who has already submitted!

tmpout.sh/blog/vol4-cf...

16.12.2024 21:36 โ€” ๐Ÿ‘ 34    ๐Ÿ” 19    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Bsides Birmingham

It seems Bsides Birmingham is now happening:
www.bsidesbrum.com

CFP is also open! ๐Ÿ˜Ž

14.12.2024 19:46 โ€” ๐Ÿ‘ 4    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

Currently at #BSidesLDN2024

@n1ckdunn.bsky.social

14.12.2024 10:52 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Securi-Tay 2024 The thirteenth annual occurrence of the Securi-Tay conference! Brought to you by @AbertayHackers.

๐Ÿ”ฅ Get ready for the biggest #SecuriTay yet! ๐Ÿ”ฅ

๐Ÿฆ„ 500 attendees
๐ŸŽฎ 2-day CTF
๐Ÿค Multiple sponsors

๐Ÿ“… Happening 28 | 02 | 2025 - First ticket drop coming soon! ๐Ÿ‘€

More details at securi-tay.co.uk

12.12.2024 10:22 โ€” ๐Ÿ‘ 7    ๐Ÿ” 4    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

Extended the starter with shy writers! ๐Ÿ˜€ If you're not on the list but write about web security, then feel free to reply with the article you're most proud of, and I will add you to the pack!

Make sure to resubscribe to not not miss on the amazing ๐ŸŒresearch!

go.bsky.app/9JXnB17

10.12.2024 22:29 โ€” ๐Ÿ‘ 29    ๐Ÿ” 10    ๐Ÿ’ฌ 9    ๐Ÿ“Œ 0

๐Ÿ“Œ

27.11.2024 09:49 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

I've released 'brainstorm': an alternative way to do web fuzzing combining my fav fuzzing tool 'ffuf' (from @joohoi.bsky.social )with local LLMs (via Ollama API) to generate smarter filename tests. It usually finds more endpoints with fewer requests. Added a IIS shortname support @irsdl.bsky.social

26.11.2024 08:57 โ€” ๐Ÿ‘ 39    ๐Ÿ” 9    ๐Ÿ’ฌ 5    ๐Ÿ“Œ 0
Preview
Bug bounty hunters & content creators Join the conversation

The "bug bounty hunters and content creators" starter pack is now up to 60 users! Follow this to get instantly connected to the bug bounty community & let me know if I've missed you off!

go.bsky.app/GD7hKPX

23.11.2024 16:21 โ€” ๐Ÿ‘ 87    ๐Ÿ” 22    ๐Ÿ’ฌ 19    ๐Ÿ“Œ 4

bsky.app/profile/dino... he does bb too :)

26.11.2024 07:20 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

๐Ÿ“Œ

22.11.2024 21:54 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Any bug bounty people around? I'm creating a starter pack of people to follow but it's pretty brief currently! Let me know if you'd like to be added: go.bsky.app/GD7hKPX

21.11.2024 15:23 โ€” ๐Ÿ‘ 95    ๐Ÿ” 30    ๐Ÿ’ฌ 45    ๐Ÿ“Œ 2

@irsdl is following 20 prominent accounts