SSRF that IPv4 network standards reserve the entire address block for loopback purposes? that means any packet sent to one of those 16,777,214 addresses always going to call home

that means that any address 127.X.X.X =


to find sql-Injection

/?q=1'||'asd'||' <== concat string
/?q=1' or '1'='1
/?q=1 or 1=1

(DNS Bruteforcing And Subdomain Enumeration With Fierce & Nmap)


Burp Suite > Proxy > Options > TLS Pass Through.
No more noise in your logs!

as you know, the key to hacking the WPA2-PSK is to capture the PSK (pre-shared key or password) as it passes through the air in the 4-way handshake between the client and the AP (you must be in monitor mode to do so). this requires that we either wait for a client to connect to the AP or if a client has already connected, then we bump the client off (de-authenticate) the AP and wait for them to re-connect.

Cloudflare! Thanks for joining the fight against adtech!

Privacy Friendly Club Rule 1: Practice what you preach.

Your landing page for a "privacy-first" product makes calls to Google Analytics, Google Tag Manager, Google Optimize, Adroll, Marketo and a few more.

Facebook Accused of Spying on Instagram Users - Via Phone Cameras. The lawsuit came after an Apple iOS 14 privacy feature showed that Instagram was apparently activating iPhone cameras and microphones even when they weren’t in use.

Jutaan perangkat IOT rentan memudahkan peretas untuk merakit daya tembak yang dibutuhkan untuk serangan DDoS. Produsen perangkat IOT yang ingin menurunkan biaya sering mengabaikan ketentuan keamanan.

saya cek masih banyak web keuangan di indonesia yang tidak menerapkan DNSSEC, bagaimana bila pemilik ISP anda punya jiwa penipu? bisa kaya :)

gejala penyakit urat malu putus biasanya penderita tidak merasa menyesengsarakan rakyat.

researchers still face legal action for “hacking” when reporting the bugs they find - as is the case with a recently reported to the Giggle social network.

␖␛␡ boosted

Help me understand #mastodon better:

I know that the specific instance I'm signed up too doesn't matter too much. Still, the instances have specific rules, and thus different content.

That means that, inevitably, I'll be signed up on multiple instances, each on their own domain.

How do you guys manage this? Do you have a primary account, and then secondary accounts for specific interests?

seminggu amati berita, sepertinya mulai ada agenda baru, peralihan/perebutan/pembusukan dari blog kiri ke kiri.

STS ditatompel

Either Sht Talking Sht or Stop Talking Sht, you decide!