Share this page!

Soroush Dalili 🤖 Profile picture
Twitter logo
23 Dec, 4 tweets, 11 min read
Almost there, tomorrow I will publish the last but probably less serious tips then we can unroll it 🎅 hopefully others will do a similar short-continues note sharing in the future so we can see overlooked/secret stuffs.
Some good candidates from different worlds that quickly come to my mind🤩👀:
@albinowax @orange_8361 @Agarri_FR @tiraniddo @taviso @pwntester @insertScript @garethheyes @steventseeley @domchell @cure53berlin @kinugawamasato @codingo_ @lucacarettoni @0x09AL @pedrib1337 @secalert @buffaloverflow @Jhaddix @avlidienbrunn @shafigullin @psiinon @clintgibler ...
@fransrosen @samykamkar @Saif_Sherei @dlitchfield @ollieatnccgroup @saidelike @NahamSec @hkashfi @BugBountyHQ @kkotowicz @WisecWisec @randomdross @lcamtuf @therealsaumil @filedescriptor @peterwintrsmith @_xpn_ @regilero @SecurityMB @webtonull @exploresecurity @raesene @mwulftange

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Soroush Dalili 🤖

Soroush Dalili 🤖 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @irsdl

Soroush Dalili 🤖 Profile picture
11 Dec
From now until Christmas, I will try to share something from my notes / research every day - most of them are old but might still be useful to remember #XMas2020 #AppSec #Web #HTTP
"max-forwards" http header:
- limit the number of proxies a request can traverse.
- not hop-by-hop
- can't go in the Trailer header

Some usage example:
old: securiteam.com/securityreview…
old: counting servers (proxies) in the middle
new: portswigger.net/research/crack… Image
In something like JS
/*/ comment /*/
is the same as
/* comment */
, makes sense, right? But MSSQL sees it as
/* comment /*...
more interestingly, if you want to close it, you need 2 */
This is important when injections go into multiple places and newline is involved! Image
Read 26 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @irsdl has new unrolls!

Check out other threads from @irsdl!

Read all threads by @irsdl