Sign in with Twitter

Username:

Solid 5/7 JavaScript guy - Parsia Hackerman

836 Following   1,392 Followers   7,352 Tweets

Joined Twitter 8/25/09


https://t.co/oqsf6rtAU6https://t.co/ztznLId5fl https://t.co/2J2iMWGVc2
Retweeted by Lewis Ardern
9/21
2020
@ronperris @leifdreizler That was the one i was talking about @ronperris @leifdreizler pretty sure the eslint for finding innerHTML/outerHTML would pick some of that up
8/29
2020
Just wrote a new blog post on "Introduction to CodeQL and Code Scanning". Hope all security researchers find this u… https://t.co/9MMshkDnzn
Retweeted by Lewis Ardern
8/24
2020
I just published a tool that patches the popular rooting framework SuperSU to be more stealthy: Source:… https://t.co/U4sUf049Sd
Retweeted by Lewis Ardern
8/11
2020
Come watch me drop 0 0-days. https://t.co/NSLhLbamks
Retweeted by Lewis Ardern
8/8
2020
Be sure to join @CryptoGangsta's day 2 #AppSec Village at #DefConSafeMode talk on #localghost. Subscribe to our… https://t.co/UXBFqKmabZ
Retweeted by Lewis Ardern
8/4
2020
@pedrofortuna @ronperris @owasp_juiceshop Sadly no, I have an internal one which I can't share the source for... I… https://t.co/A1tmceX6c9
6/23
2020
@Bugcrowd https://t.co/kg70Sjft4z @leifdreizler @Bugcrowd Confirmed https://t.co/ObtgGwJXRCMutation XSS is back! // cc @cure53berlin https://t.co/8iA5XyQt0O
Retweeted by Lewis Ardern
6/16
2020
Added: InQL - Introspection GraphQL Scanner https://t.co/r5XNINGNn7
Retweeted by Lewis Ardern
6/3
2020
🚨 PSA: Security release is coming to @nodejs ⏰Tomorrow! June 2nd or shortly after ✅ Fixes a high severity vulnerab… https://t.co/IZ5bKCJFSN
Retweeted by Lewis Ardern
6/1
2020
@RyanJosephDev @BriceFriha draw me
5/29
2020
@PortSwiggerRes @PwnFunction @garethheyes @cure53berlin @sirdarckcat @slekies @kkotowicz @error <x :=_c.constructor('alert(1)')()> @PwnFunction @PortSwiggerRes @garethheyes @cure53berlin @sirdarckcat @slekies @kkotowicz @error Well Gareth did @PwnFunction @PortSwiggerRes @garethheyes @cure53berlin @sirdarckcat @slekies @kkotowicz @error Techncially we had… https://t.co/Vw2q2aqYkX @PwnFunction @PortSwiggerRes @garethheyes @cure53berlin @sirdarckcat @slekies @kkotowicz @error https://t.co/z59adiupya @PwnFunction @PortSwiggerRes @garethheyes @cure53berlin @sirdarckcat @slekies @kkotowicz @error <x v-on=_c.constructor('alert(1)')()>We've added a VueJS section to the XSS cheat sheet. With a new very short vector from @garethheyes <x v-html=_c.con… https://t.co/MFbFcnqC8u
Retweeted by Lewis ArdernWe forgot to mention @LewisArdern who originally did the pull request for these vectors. So sorry Lewis. Thanks for… https://t.co/TkMJihLF8E
Retweeted by Lewis Ardern @PwnFunction @kkotowicz @PortSwiggerRes @garethheyes @cure53berlin @sirdarckcat @slekies @error Looks like we need… https://t.co/kQEaicH3jq
5/27
2020
@gsuberland @hela_luc Subscribe to @dan_abramov mental models whilst your at it https://t.co/nzV5gpF3KJ @poledesfetes @bitandbang It's on my roadmap but I have yet to dig into Deno :)
5/20
2020
@liran_tal @patmeenan @snyksec I see you also check for headers, but comment still stands down ranking someone for… https://t.co/xKFHAV911Q @liran_tal @patmeenan @snyksec Pretty cool! My feedback is that saying 'Security Score' is pretty misleading, as it… https://t.co/3ja4dtPaTt
5/19
2020
@PhilippeDeRyck @ndm deprecate/remove @PhilippeDeRyck @ndm True, you have to explicitly trust it in AngularJS/Angular which you will do in the future wit… https://t.co/kGwdWe3nII
5/13
2020
This hits the nail on the head. And is 100% matching our long term thinking. Client-side-only is not sustainable. W… https://t.co/X5z9TQhQqg
Retweeted by Lewis ArdernAfter a year since episode 9, this is the 10th episode of `Thick Client Proxying`. I talk about the `hosts` file an… https://t.co/2IWZLUnadC
Retweeted by Lewis Ardern
5/10
2020
@c0d3x27 @0xaditya @zseano No, the issue is purely https://t.co/9tOTgH2bmt where you can inject <base href=""> into… https://t.co/Nkup07G569
5/9
2020
Weird it keeps deleting it https://t.co/iYcqzQNVPqFor those who haven’t seen Adams great talk: https://t.co/iYcqzQNVPq https://t.co/2Vr9oEYRGM"XSS is just alert popups, low severity, and not eligible for reward" - Some bounty brief, probably https://t.co/lyBv1ALPOX
Retweeted by Lewis Ardern @0xaditya @zseano You have to inject a <base href=""> and make sure its 'injected' above a relative <script src="./… https://t.co/QxVfJCxfW4 @adam_baldwin @zseano https://t.co/rStOzpMSCY @zseano https://t.co/V1nza50pBF I documented this last year too :)
5/8
2020
@leifdreizler https://t.co/UjuYOO3AMM @leifdreizler https://t.co/LbyBiaPSTy
5/6
2020
Omg I taught my kids to code yesterday we must have uploaded the file over my live site 🤦‍♂️ will fix https://t.co/LEsMWJ8uSk
Retweeted by Lewis Ardern
5/5
2020
Tend to disagree 🙃 https://t.co/jBm3jg1S1b
Retweeted by Lewis Ardern
5/4
2020
'Towards a quieter @Burp_Suite history`. A way to create a Burp config file to filter noisy traffic especially when… https://t.co/T20ZzazsEr
Retweeted by Lewis Ardern
5/2
2020
SPAs are starting to use refresh tokens in the browser. This blog post analyzes the security impact and provides 5… https://t.co/c6HwXjnUey
Retweeted by Lewis Ardern @alexbreeze https://t.co/SwEY8FUarT
4/30
2020
@ethicalhack3r @Burp_Suite https://t.co/s26V2bkrJm
4/29
2020
@EnJens @tamonten Oh this is exciting!
4/28
2020
@zemnmez WeirdChamp WeirdChamp WeirdChamp WeirdChamp WeirdChamp WeirdChamp WeirdChamp WeirdChampThis means that <xss tabindex=1 onfocus=alert(1) autofocus> now works :) no need for a hash https://t.co/QudRYWxNRz https://t.co/DqqqxmmbDr
Retweeted by Lewis Ardern
4/27
2020
Together with some good friends, we have launched a thing that might be useful, check it out! "Pro-bono Pentests f… https://t.co/aFSzXoAr52
Retweeted by Lewis Ardern
4/22
2020
@alexbreeze @SamSykesSwears Danny DeVito playing Neo in The Matrix https://t.co/CJ8QruxM74
4/21
2020
At 17:30 today I turn the last page of chapter 1. I’ve had an absolute blast at @SW_Integrity for the last 7 years,… https://t.co/5VMgMxH0lV
Retweeted by Lewis Ardern
4/20
2020
I did some simple #reverseengineering to figure out how an application creates encrypted logs. I even wrote more th… https://t.co/OyR5IIcVKq
Retweeted by Lewis Ardern
4/18
2020
I don't want 24-hour conferences. I don't want 12 tracks conferences. And I absolutely don't want half-assed talks.… https://t.co/5zPQucV9bq
Retweeted by Lewis Ardern @Zizzamia Gave you a +1
4/17
2020
2015: setting JWT alg to 'none' bypasses verification 2020: setting JWT alg to 'nonE' bypasses verification lmaoo… https://t.co/6kopBoCGut
Retweeted by Lewis Ardern @gsuberland @AppSecBloke Alright mickster @Morware_ thicc boi @ArbitraryRWfriend fired up a drone and took this shot of LA today https://t.co/FkqFHzzMWc
Retweeted by Lewis Ardern
4/16
2020
@tamonten @Squiggle https://t.co/WotfhBbUPR @liran_tal ✅Use AngularJS ng-bind-html @liran_tal https://t.co/ofjx4xD1BB + https://t.co/nMcSiaoJxo @liran_tal https://t.co/KRV2Lpxclp @liran_tal https://t.co/FJy5FY9mnf @liran_tal https://t.co/Q9785daLsU
4/15
2020
@manicode Jeremy is great!
4/14
2020
@DanielMiessler https://t.co/SjiLgacEt6 @fl1bbl3 @Lord_Arse Can we swap? https://t.co/9yHCnpnZ82
4/13
2020
@FishermansEnemy Same
4/12
2020
By the way, if Wordpress security is important to you ...@_WPScan_ is excellent and their team are high quality people. Recommend.
Retweeted by Lewis Ardern
4/10
2020
@RangeelaRasool_ @omerlh @liran_tal @MilanChhatralia @NunoDuarte83 @karandpr @AlyssaM_InfoSec I tend to look at liv… https://t.co/v8l8eo36Nk @RangeelaRasool_ @omerlh @liran_tal @MilanChhatralia @NunoDuarte83 @karandpr @AlyssaM_InfoSec I don't do much of th… https://t.co/c1kuZJ10Dl @RangeelaRasool_ @omerlh @liran_tal @MilanChhatralia @NunoDuarte83 @karandpr @AlyssaM_InfoSechttps://t.co/SSUHTG2yQk @omerlh @liran_tal @RangeelaRasool_ @MilanChhatralia @NunoDuarte83 @karandpr @AlyssaM_InfoSec +1
4/9
2020
"Build Secure & Reliable Systems" book is finally ready: https://t.co/nPBz7ztbMZ
Retweeted by Lewis Ardern
4/8
2020
@Luke_E_J @alexbreeze @Im_Adam_JamesStay safe out there https://t.co/4lru83iV0U
Retweeted by Lewis Ardern
4/7
2020
Ed Balls https://t.co/iUU41QJm4G
4/6
2020
@zemnmez -> yeet https://t.co/vzbHtgDTzD
4/5
2020
We've temporarily reverted Chrome's SameSite rollout, and intend to pick it back up in the summer. It was a necessa… https://t.co/JONpmhA4tX
Retweeted by Lewis ArdernThings are getting pretty serious. https://t.co/OLc6egO9V5
Retweeted by Lewis Ardern
4/3
2020
@rsinha @xor https://t.co/3g4oStuPK2Last night I recorded a conversation with Leif Dreizler from Segment about all things Security Engineering. Great… https://t.co/ys8XnDbEfY
Retweeted by Lewis Ardern
4/2
2020
@caseyjohnellis @NahamSec bountypls
4/1
2020
Microsoft acquired Skype for $8.5 billion back in 2011, the same year Zoom was founded. If the coronavirus pandemic… https://t.co/A9JqBoUthB
Retweeted by Lewis Ardern
3/28
2020
Disabling __proto__ is a fantastic addition, lets squish out prototype pollution 🐛🐞🐛 https://t.co/wb8IyL6mWvhttps://t.co/6BD0ng7otz @n0x00 @michael_eder_ @buherator @CryptoGangsta tbh cant forget sysinternals... best tools ever to look at strings… https://t.co/oY0YprNELd @n0x00 @michael_eder_ @buherator Then reading everything the dank @CryptoGangsta https://t.co/G5xS21hpAr posts https://t.co/cN3j5wNaAG @n0x00 @michael_eder_ @buherator Few things that are useful to learn: * Frida * Procmon to see whats happening on… https://t.co/0m5pk8uk9JAn alternative soundtrack... https://t.co/NBsdfxc42x
Retweeted by Lewis Ardern @DaftLimmy https://t.co/uF86fqQbHEThere are now more covid-19 cases in the United States than anywhere else in the world. https://t.co/gXIJDhT7MY
Retweeted by Lewis Ardern
3/27
2020
@nickmurison @Outland_no I read Mort and Reaper man, need to continue down the death seriesI'd be thrilled if you did. These are unusual times and I'm giving blanket permission to any teachers and educators… https://t.co/7YgSWGno0z
Retweeted by Lewis Ardern
3/26
2020
This is @SussexUni virtue signalling about Covid-19, at the same time as reports emerge around Brighton that behind… https://t.co/dt8VC8J7ZV
Retweeted by Lewis ArdernWhy are javascript hrefs still a thing? I'm not sure, but I know bug bounty hunters love them. @ColinLohner just re… https://t.co/mT5kZTHd4M
Retweeted by Lewis Ardernhowdy. i'm the sheriff of STOP BUYING ALL THE TOILET PAPER 🤠 🧻🧻🧻 🧻 🧻… https://t.co/ktLVXhUW3L
Retweeted by Lewis ArdernLooks like someone from @NCCGroupplc has fucked the T2 website https://t.co/eh1Z4uV2c5 hahaha https://t.co/CckJ9zk5Iq
Retweeted by Lewis Ardern
3/25
2020
When you're sheltered in place Without much personal space That's a moray https://t.co/XPHL9pUvaV
Retweeted by Lewis ArdernAnother reason for a cheeky nandos! https://t.co/dFaF0bkVcv
3/24
2020

0