Does anyone else see LLM applications like just an almighty sophisticated COMPUTER INTERFACE like I do? It's all there already, a huge DB, both for data and for instructions.

Do you know why #BugBounty succeeds? It's not just because 100s of hackers test your application. It's because the ones responsible to inform you about vulnerabilities didn't follow a decent testing methodology. They also don't innovate/contribute to public knowledge about it.

Sad to see those who (using / XNL -н4cĸ3r (and @xnl-h4ck3r in the new Sky) words) get an "immediate mental reward from coding" struggle to make a living while some who simply make use of those tools for free, travel the world making a lot of money. The truth is this community sabotages itself for fun and profit.

Is anyone aware of any changes for the DMs here on X? I'm not able to see DMs anymore (mobile app).

Not only progress, regression. Sucuri Security Sucuri Labs REPLACED my blog post where I define #XSS w/ 2 main types (server/client side) and their 2 subtypes (reflected/stored) for one with the (wrong) classic reflected/stored/dom style. Here: blog.sucuri.net/author/rodolfo Come on.

I have always believed that the machine could be better than us humans. That it could learn from our mistakes and fill the void of our failures. But what if it's worse, what if it's just a better killer? So before the creature despises its creator we should despise the machine.

That's how #ChatGPT sees me based on our conversations.

It's an old and very bad guide. Except for the last section which was copied from my free Cheat Sheet years ago. But they don't mention me, ofc. Go with OWASP, industry. And get hacked over and over again by those who really know what they are doing. cheatsheetseries.owasp.org/cheatsheets/XS…

Between white and black, there's a lot of grey. #Hacking That's something you learn in LIFE itself. #hack2learn

Why this is important? Unless you test every entry point w/ something like alert(1) exactly that way, no quotes, nothing, you won't be able to spot eval() like scenarios w/ a regular #XSS vector like <Img/Src/OnError=alert(1)>. Unless you read all the JS source code, of course.

Imperva guys fix their WAF so badly that you just need to change the order of the attributes in the previous bypass and it works. 🤪

Just found that in a serious, academic whitepaper. 🤦

What's wrong here? Try to PoC a XSS using ALert(1) instead of alert(1)! Bypassing a filter with incorrect syntax is not a bypass.

Top 10 #XSS Payloads By Rodolfo Assis #BugBounty #PenTesting rodoassis.medium.com/top-10-xss-pay…

It's super hard to take care of 50+ cats and dogs every single day, you have no idea.