zodiac_ @_zodiacHacker - Twitter Profile

21 days ago

Risk-V Emulator in C: Development from Scratch by Zodiac Hacker Youtube: https://t.co/qdIoDJ1f7L Blog: https://t.co/TbRzXGxNqw

0

9

zodiac_ @_zodiacHacker

4 months ago

API Exploitation For Bug Bounty| Hacktricks by Zodiac Hacker https://t.co/MzXMEH7LeB

0

28

_zodiacHacker retweeted

Abhishek Meena 🏵️ @aacle_

7 months ago

CACHE POISONING QUICK WIN: Most apps validate X-Forwarded-Host as a single value. But try this: X-Forwarded-Host: https://t.co/c9BKdXEdW3, https://t.co/TIqwqgLYcJ • CDN: Reads first → Allows ✅ • App: Reads last → Injects ⚠️

0

132

23

137

15K

zodiac_ @_zodiacHacker

7 months ago

Behind the Scenes: Hack The Box: | Reversing Engineering Challenge

0

24

Who to follow

Just a newbie in security world

Jessey Jean

@JesseyJean

💜 People, Animals, Tech, Equal Rights 💙 ATL Braves, ATL UTD, NY Giants (some things can't change) 🖤 True Crime, World Travels, Cooking #WOPR was once my desk

zodiac_ @_zodiacHacker

7 months ago

Hack The Box: Bypass -> 32-bit exe file -> Reversing Engineering -> OllyDbg: 32-bit assembler

0

28

zodiac_ @_zodiacHacker

7 months ago

Spooky License: HackTheBox Reversing Challenge

0

22

zodiac_ @_zodiacHacker

7 months ago

Simple Encryptor - HackTheBox Reversing Engineering Challenge #htb

0

22

zodiac_ @_zodiacHacker

7 months ago

Bypass SSL Pinning & Intercept ANY App Traffic (2026 Guide) | Intercept ... https://t.co/AYBsButrnI via @YouTube

0

29

zodiac_ @_zodiacHacker

7 months ago

Root Any Android in 5 Minutes | No TWRP or Recovery IMG Needed | 100% Wo... https://t.co/RzFyfJtpds via @YouTube

0

49

zodiac_ @_zodiacHacker

8 months ago

Xiaomi Phone Bootloader Unlock & Root! (REDMI/POCO/MI) 2025 Guide https://t.co/9WFV1AXlzJ via @YouTube

0

86

zodiac_ @_zodiacHacker

8 months ago

Install & Setup Genymotion & MobSF for Android APK 📱 Dynamic Analysis (... https://t.co/749AuAgaHl via @YouTube

0

70

zodiac_ @_zodiacHacker

8 months ago

Intercept Android Traffic Over USB→ Burp Suite - USB Debugging (No Root... https://t.co/t9C3NRckg1 via @YouTube

0

46

zodiac_ @_zodiacHacker

9 months ago

Mobile Hacking Resource Kit: Your one‑stop hub for iOS and Android pen testing By @Bugcrowd https://t.co/DcMQwPeSMc

0

38

zodiac_ @_zodiacHacker

9 months ago

Android Bug Bounty Building an Android Bug Bounty lab: the ultimate guide to configuring emulators, real devices, proxies and other mobile hacking tools (featuring Magisk, Burp, Frida): https://t.co/azZxQRV8R1

0

81

zodiac_ @_zodiacHacker

9 months ago

https://t.co/VGqtpUZDSW

0

36

_zodiacHacker retweeted

Web Security Academy @WebSecAcademy

10 months ago

“HTTP/1 is simple” is one of the most dangerous lies in web security. Its hidden complexity has fueled years of desync vulnerabilities across the internet. Here are 5 lies about HTTP/1.1 and why they’re dead wrong👇 1️⃣ Lie 1: An HTTP/1.1 request can't directly target an intermediary In reality, attackers can craft requests that hit reverse proxies or CDNs directly, bypassing intended routing and opening doors for desync exploits. 2️⃣ Lie 2: An HTTP/1.1 desync can only be caused by a parser discrepancy While parser mismatches are common, other quirks like HTTP/2 downgrades or non-standard header handling can also cause dangerous request misalignments. 3️⃣ Lie 3: An HTTP/1.1 response contains everything a proxy needs to parse it Proxies often need the original request context to know where the response ends. Lose that, and you get chaos. 4️⃣ Lie 4: An HTTP/1.1 response can only contain one header block Multiple header blocks are possible, especially with quirks like the Expect header. This breaks assumptions and can leak sensitive data. 5️⃣ Lie 5: A complete HTTP/1.1 response requires a complete request Responses can arrive before the client finishes sending the request, creating opportunities for timing-based smuggling attacks. The truth? HTTP/1.1’s design leaves tiny bugs with massive consequences. Proxies need complex branching logic to handle header quirks, multiple blocks, and incomplete requests, all while guessing where one request ends and the next begins. HTTP/1.1 is not simple. It’s fragile, unpredictable, and inherently insecure in modern architectures, making more desync attacks are inevitable. The only REAL fix is moving to upstream HTTP/2. Learn more in @albinowax's latest whitepaper "HTTP/1.1 must die: the desync endgame"👇 https://t.co/1GJRNTaliX

WebSecAcademy's tweet photo. “HTTP/1 is simple” is one of the most dangerous lies in web security.

Its hidden complexity has fueled years of desync vulnerabilities across the internet.

Here are 5 lies about HTTP/1.1 and why they’re dead wrong👇

1️⃣ Lie 1: An HTTP/1.1 request can't directly target an intermediary

In reality, attackers can craft requests that hit reverse proxies or CDNs directly, bypassing intended routing and opening doors for desync exploits.

2️⃣ Lie 2: An HTTP/1.1 desync can only be caused by a parser discrepancy

While parser mismatches are common, other quirks like HTTP/2 downgrades or non-standard header handling can also cause dangerous request misalignments.

3️⃣ Lie 3: An HTTP/1.1 response contains everything a proxy needs to parse it

Proxies often need the original request context to know where the response ends. Lose that, and you get chaos.

4️⃣ Lie 4: An HTTP/1.1 response can only contain one header block

Multiple header blocks are possible, especially with quirks like the Expect header. This breaks assumptions and can leak sensitive data.

5️⃣ Lie 5: A complete HTTP/1.1 response requires a complete request

Responses can arrive before the client finishes sending the request, creating opportunities for timing-based smuggling attacks.

The truth?

HTTP/1.1’s design leaves tiny bugs with massive consequences.

Proxies need complex branching logic to handle header quirks, multiple blocks, and incomplete requests, all while guessing where one request ends and the next begins.

HTTP/1.1 is not simple.
It’s fragile, unpredictable, and inherently insecure in modern architectures, making more desync attacks are inevitable.

The only REAL fix is moving to upstream HTTP/2.

Learn more in @albinowax's latest whitepaper "HTTP/1.1 must die: the desync endgame"👇
https://t.co/1GJRNTaliX

1

111

31

47

5K

zodiac_ @_zodiacHacker

10 months ago

HTTP Request Smuggling In Bug Bounty Hunting by Zodiac Hacker https://t.co/ekYRlhE8Aj

0

58

zodiac_ @_zodiacHacker

10 months ago

I completed the Web Security Academy lab: Client-side desync @WebSecAcademy https://t.co/Jdm2Tw4gQC

0

46

zodiac_ @_zodiacHacker

10 months ago

I completed the Web Security Academy lab: Server-side pause-based request smuggling @WebSecAcademy https://t.co/t0Ei2G0XA7

0

44

zodiac_ @_zodiacHacker

10 months ago

I completed the Web Security Academy lab: Bypassing access controls via HTTP/2 request tunnelling @WebSecAcademy https://t.co/53rnwiygHF

0

43

zodiac_

@_zodiacHacker

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users