Olivia
Online
Tim Tomes
@LaNMaSteR53
Believer † | Husband :-* | Father \o/ | Veteran o7 | PractiSec | "Burp Suite master and king of making HTTP requests tremble."
Upstate South Carolina
Joined August 2009
122 Following
8K Followers
15.2K Posts
Pinned Tweet
If you've seen me present, you know I introduce myself as a follower of Jesus. Everyone has an opinion of what that means. Can I challenge you to watch this explanation? It's more important than anything I've ever said, and may surprise you. https://t.co/4DbVU43xc1
Don't ya go missin' @LaNMaSteR53's talk "Web Application Authorization: Taming the Perfect Storm" at Wild West Hackin' Fest - Deadwood 2025! Grab yer tickets before time runs out! -> https://t.co/FI92HNjnHm
#WWHF #Deadwood2025 #TheFutureIs
It's the last week to sign up for Practical Web Application Penetration Testing (#PWAPT) and the Practical Training Bundle. Class starts next Monday! https://t.co/sh1G4JW3VA
Just submitted a talk titled "Web Application Authorization: Taming the Perfect Storm" to the @WWHackinFest CFP. I am particularly excited about this one. It's the first time I'll be sharing how I tackle authorization outside the classroom, plus a few extra goodies.
Who to follow
Will Schroeder
@harmj0y
Researcher @SpecterOps. Coding towards chaotic good while living on the decision boundary.
Beau Bullock 
@dafthack
Hacker, trainer, and guitarist | Black Hills InfoSec #RedTeam | @BreakForge Training | Produces music to hack to at @N0BANDW1DTH
Joshua Wright
@joswr1ght
Hacker for @counterhacksec and SANS Faculty Fellow. Pirata informático. Photography at https://t.co/Qbh3jsSKAJ. He/him.
Greetings! There are 2 training opportunities currently available on my events page at https://t.co/sh1G4JWBL8:
* PWAPT beginning April 7th
* PBAT beginning June 9th
Bundle them and save $500!
Just pulled this gem out of a client code base:
"AESKey": "dsfsfdfgsdfsgfdg",
I guess their version of a cryptographically secure RNG is to smash the 4 main fingers of their left hand on the keyboard 4 times.
@Ch33z_plz There is admin enforcement in the actual code, but I left out for brevity. Probably should have made that more clear. But yes, your disgnosis is correct. Lastly, the route for `schedules`, is missing the preceding `/`, which means it isn't a match and can already be accessed.
This is real code I am working with today. This is an authorization check protecting admin-only resources. There are multiple ways to bypass this. What are they? For additional context, this is middleware for an Express.js back end.
Join us on the @RedSiege Wednesday Offensive with @LaNMaSteR53 discussing testing web apps for authorization issues. Join us for just 30 minutes (and no slides!) at https://t.co/atzUBErk1N.
Awkward fam photo time!
I'll be on Wednesday Offensive with @RedSiege today talking about testing for authorization issues in web applications. Would love you have you along. Join us! https://t.co/ir49H9kVrn
As always, I thoroughly enjoyed presenting at WWHF and appreciate the opportunity. If you enjoyed the content of my presentation, then keep an eye on my socials, as I will be announcing my first training opportunities for 2025 in the next week. Happy New Year everyone!
Check out @LaNMaSteR53 's talk, "{JWT}.{ Misuse}. & Abuse," from Wild West Hackin' Fest - Deadwood 2024! https://t.co/yeQMIgVch7
Check out @LaNMaSteR53 's talk, "{JWT}.{ Misuse}. & Abuse," from Wild West Hackin' Fest - Deadwood 2024! https://t.co/yeQMIgVch7
@PortSwigger What parts of the API were added? The dropdown documentation looks the same. Is the AuditIssue class accessible?
Anyone on my feed have a connection with the Carolina Hurricanes?
I was literally saying this to a friend the other day and wondered if I was the only one that noticed. I'm glad I'm not. https://t.co/ZX7vrDBXxB
@hacks2learn My pleasure. The filtering capabilities are in the proxy configuration panel. It behaves like a split-tunnel for HTTP traffic. Pretty awesome. Make sure you set FoxyProxy to proxy by filters though, or they won't apply.
I actually use the FoxyProxy browser extension to accomplish this. It's another tool you have to install (downside), but it persists across projects (upside). Thanks for the tip!
@brightball Pay to play, eh?
I'm going to try and be more active on this platform again. Any tips for finding favor with the algorithm? My engagement is next to zero, and it doesn't seem to matter how many followers I have. Thanks!
@jessecooper Communities and Spaces? ... I've been gone for a while. I got some catching up to do.
@bl4nk_io Bah. That's too bad. Maybe I can add some value. I'll try not to be a bot.
Last Seen Users on Sotwe
Lâm
Seen from Vietnam
طبلوش
Seen from Singapore
Saheb Das
Seen from Turkey
Entre Potes 🔞
Seen from Mexico
Yudi12
Seen from Indonesia
🙏💯DEMİR & ARS & MUĞLA 💯🙏 MARMARİS
Seen from Austria
Şefika Çetin
Seen from Turkey
Tuấn Kiệt
Seen from Vietnam
benim dünyam2
Seen from Germany
Adult Korean
Seen from Indonesia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers