I put together a quick post on what I do to quickly acquire important, time sensitive information in the post-Twitter internet. lanmaster53.com/2024/07/15/ema…

Heads up! I just added two #PractiSec training opportunities to the events page and a discounted bundle package for both! #PWAPT #PBAT practisec.com/events/

Interested in Burp Suite Pro or Web Application Penetration Testing? I am currently offering training opportunities to level up your knowledge and skills. - PWAPT beginning Sep 9th - PBAT beginning Oct 21st - Both classes at a $500 discount practisec.com/events/

This is the last week to get registered for Practical Web Application Penetration Testing (PWAPT) and the PractiSec Training Bundle (PWAPT+PBAT)! Tickets are available on the events page at practisec.com/events/. #WebAppSec #AppSec #Security #BurpSuitePro #PWAPT #PBAT

Tim Tomes dropping knowledge in his talk {JWT}.{Misuse}.&Abuse at the 2024 Carolina Code Conference youtube.com/watch?v=yLfhoQ…

Wow PortSwigger. That must have been a nightmare to debug.

I'm going to try and be more active on this platform again. Any tips for finding favor with the algorithm? My engagement is next to zero, and it doesn't seem to matter how many followers I have. Thanks!

I actually use the FoxyProxy browser extension to accomplish this. It's another tool you have to install (downside), but it persists across projects (upside). Thanks for the tip!

I was literally saying this to a friend the other day and wondered if I was the only one that noticed. I'm glad I'm not. tidbits.com/2024/11/11/mis…

Anyone on my feed have a connection with the Carolina Hurricanes?

Check out Tim Tomes 's talk, "{JWT}.{ Misuse}. & Abuse," from Wild West Hackin' Fest - Deadwood 2024! youtube.com/watch?v=L4W7Cm…

As always, I thoroughly enjoyed presenting at WWHF and appreciate the opportunity. If you enjoyed the content of my presentation, then keep an eye on my socials, as I will be announcing my first training opportunities for 2025 in the next week. Happy New Year everyone!

I'll be on Wednesday Offensive with Red Siege Information Security today talking about testing for authorization issues in web applications. Would love you have you along. Join us! redsiege.com/wednesday-offe…

Join us on the Red Siege Information Security Wednesday Offensive with Tim Tomes discussing testing web apps for authorization issues. Join us for just 30 minutes (and no slides!) at redsiege.com/wedoff. Awkward fam photo time!

This is real code I am working with today. This is an authorization check protecting admin-only resources. There are multiple ways to bypass this. What are they? For additional context, this is middleware for an Express.js back end.

Just pulled this gem out of a client code base: "AESKey": "dsfsfdfgsdfsgfdg", I guess their version of a cryptographically secure RNG is to smash the 4 main fingers of their left hand on the keyboard 4 times.

Greetings! There are 2 training opportunities currently available on my events page at practisec.com/events/: * PWAPT beginning April 7th * PBAT beginning June 9th Bundle them and save $500!

Just submitted a talk titled "Web Application Authorization: Taming the Perfect Storm" to the Wild West Hackin' Fest CFP. I am particularly excited about this one. It's the first time I'll be sharing how I tackle authorization outside the classroom, plus a few extra goodies.

It's the last week to sign up for Practical Web Application Penetration Testing (#PWAPT) and the Practical Training Bundle. Class starts next Monday! practisec.com/events/

Don't ya go missin' Tim Tomes's talk "Web Application Authorization: Taming the Perfect Storm" at Wild West Hackin' Fest - Deadwood 2025! Grab yer tickets before time runs out! -> lnkd.in/gCEQqCYxv #WWHF #Deadwood2025 #TheFutureIs