. xandsz I'm glad to hear it was helpful. It would be even more interesting if you search for the hashtag #XSS and look at old tweets.

見てる。セミコロン区切りで Content-Type: image/png;text/html のように複数のC-T指定をしたときの解釈の混乱を利用したXSSの手法。おもしろい。by Azara / Norihide Saito / XSS using dirty Content Type in cloud era - Speaker Deck speakerdeck.com/flatt_security…

Game Over within next few minutes ... #Bitcoin

#Bitcoin : You think that you're the only one losing money. This is the chart of the number one ByBit trader based on PnL. The market is cruel, and you are playing the most ruthless game.

. Jason Haddix Hi Jason. Which wordlists are you following these days? I am looking for technology-specific comprehensive wordlists, such as those for Weblogic, Apache, and NGINX.

The only advantage of Facebook, apparently, is "Your Memories on #Facebook." Six years ago today, I was ranked No. 1 on Microsoft's Top 100 Security Researchers list. 🙂 #MSRC #microsoft #bugbounty

#Bitcoin #BTC: For the record, set your buy orders between 44,275 and 45,350. We will likely hit that range. I know it’s not a popular opinion, but setting a limit order doesn’t hurt.

Come and join my team! We are hiring three #security engineers. We are looking for passionate individuals who have a security mindset and attitude. You will be working with state-of-the-art security solutions, dealing with two dozen different systems. linkedin.com/jobs/view/4022…

Why limit reasoning? + OpenAI

If I were Michael Saylor , out of the 279,420 BTC, I would sell half of the BTC now, within the range of $90K to $97K. I would hold the proceeds in USD/USDT and then buy almost double the amount of BTC when the price drops to around $45K to $50K. The time for this drop is not far away.

Everyone is praising DeepSeek (DeepSeek ), but it's still in its early stages. It can easily fall into an endless loop, generating junk data. In the past three days, I’ve experienced this at least twice.

These days, I’m chatting more with DeepSeek, Grok, and ChatGPT than with my wife. Something is seriously wrong! 😅

ProjectDiscovery's Nuclei (Nuclei by ProjectDiscovery ) is a solid scanner based on templates and is community-driven. Dear attackers, if Nuclei found NOTHING on the first attempt, there’s a high chance that the second attempt will yield the same results—unless you come up with better ideas or

We are hiring for a pentester role! If you’re interested and confident in your ability to break applications, feel free to apply. If you have any questions, don’t hesitate to DM me. linkedin.com/posts/dr-ing-a…

Please do not apply if your only experience is running a web vulnerability scanner of your choice. Scanners alone won’t uncover much—unless you bring some real magic to the table.

Imagine a day when fully automated, AI-based agents begin scanning and attacking your web properties—no signatures, no fixed rules—just pure adaptive logic. Compared to that, today’s web application security scanners feel like the same old recycled garbage, running the same

What is the best CLI tool available to reliably find all GET and POST parameters? I'm in no hurry, but by the end of the scan, I’d like to have a clear list of URLs with their associated GET parameters, and similarly, a list for POST parameters. #BugBounty #security .

Does it really matter if you throw the same junk from one IP or dozens? Who are you trying to fool? If it doesn't work from a single IP, it won’t work from hundreds. Lately, I’ve noticed attackers using an entire /24 subnet—every IP running the same scanner, with zero real

We’re ( Hyundai AutoEver Europe GmbH ) growing and currently hiring for multiple roles: Pentester, GRC Expert, and Security Engineer. If you believe you’re a great fit, feel free to apply via LinkedIn. Also, if you know someone who might be interested, please don’t hesitate to