This has got to be the most insane ASCII art I've ever seen.. at first I assumed it ANSI art due to the level of detail but nope it's coloured regular ASCII art

I've started to slowly publish my old 0day exploits found either by myself or members of Project Insecurity LTD (my old cybersecurity firm). They can be found here: github.com/MLT-0x539/Expl… I've got hundreds more to post still, so this list will constantly be getting updated.

BBP Writeup: Turning a "useless" HTMLi into a P1 (definitely one of the more fun and unique methods I've ever used to escalate a HTMLi): 0x80dotblog.wordpress.com/2023/08/07/bbp…

Note: My PoC had intentionally been tweaked a little to prevent it from working -- the reasoning for that is because their "patch" was easily bypassed when I first published this, by simply using a <portal> tag instead of iframe. I'll publish the full PoC later since its fixed

Blog post: The "Triangle Paradox", when security risk outweighs benefits of functionality (with real-world example with HTMLi/XSS in Facebook): 0x80dotblog.wordpress.com/2025/05/23/blu…

Lol, oops. I just inadvertently found a WordPress zeroday that allows me to compromise the blog of anyone who has the same letters in the first part of their email as mine (for example if my email is [email protected] and theirs is [email protected]).

I just accidentally took over the blog of someone called Tiffany since their email address contained "MLT" in the first part. Unsure how to contact her so I left a message there: mlt15.wordpress.com/2025/05/23/hi-… I guess I can at least score a bounty for this accidental finding, lol.

Does anyone know how long transactions in kraken tend to be stuck as "pending" for? I deposited some money around 18 hours ago using "easy bank transfer" via an account I've used for deposits hundreds of times. Every other time it's been deposited instantly but this one is stuck.

Lol, to you and the other 5 accounts that sent me the exact same message.. if you're going to attempt to scam someone who works in cybersecurity via a fake kraken support email I think you're going to have to try a LOT harder than that 🙃

pot, kettle, black.

Hmm, weird. Can anyone see the 2 new blog posts that I tweeted out and/or the tweet I made linking to my "exploits" repo on my GitHub? They were visible for me yesterday but for some reason I can no longer see the tweets.. it's like they've disappeared from my timeline.

For some reason my tweets with my most recent blog posts have disappeared so I'll repost them I guess

[BLOG POST] - BBP writeup, escalating a "useless" HTMLi to PI via a chain involving charset spoofing, CSS Injection, and dangling markup injection to leak PII: 0x80dotblog.wordpress.com/2023/08/07/bbp…

[Zerodays] -- a list of 0days found by myself and/or members of Project Insecurity LTD (my old cybersecurity firm) over the years: github.com/MLT-0x539/Expl… This list will be constantly getting updated as there are hundreds more PoC's that I still need to add to the list.

I swear Elon Musk has singled me out for the sole purpose of trolling me.. my tweets for my blog posts disappear then as soon as I repost them, the original tweets suddenly reappear 🙃

I asked this like a year ago but didn't get a response.. everything else for my chain is still working so I'll ask again.. Does anyone currently have JSNOP callback or open redirection in *.paypalobjects.net? I'll split the bounty with you if you've got one.

Does anyone know how I contact Chain Lands ? The Project Insecurity LTD member who was from NL? Need to contact him ASAP.

Been writing a script to make post-exploitation on *nix easier for beginners, here's what I've added so far. If anyone can think of more functionality to add then please let me know. I've made a primitive UI to make it easier for beginners to use (rather than cmdline args)