Eri😊

CSRF: - Check if the token is present on any form it should be — ONLY Create, Update and Delete forms should have CSRF tokens - Server checks if the token length is correct - Server checks if parameter is there - Server accepts empty parameter - Server accepts responds without CSRF token - Token is not session bound -https://t.co/qFz1i60dNf JWT: - None-signing algorithm is allowed - Secret is leaked somewhere - Server never checks secret - Secret is easily guessable or brute-forceable -https://t.co/wkr8SGtjby - https://t.co/RV1c5jGbDE

Bug Bounty reports are one thing, but full penetration test reports are a different beast entirely. In this demo, we fed multiple findings to ReportLM with a detailed prompt for: 🟧 Executive summary 🟧 Technical evidence 🟧 Severity 🟧 Clear remediation guidance The result? Flawless enterprise grade reports in seconds 😌

The true God cannot guide me to Islam and let me tell you why in a honest way. First of all, Jesus already said loud and clear: “I am the way, the truth, and the life.” So why will God guide me to another route when Jesus already dropped the Google Maps pin Himself? No confusion here, one way, straight road, no traffic. 🚗💨 John 14:6 approved. Secondly, the God who gave me freedom will not move me to a system full of “do this, don’t do that, stand here, face here, recite this, recite that.” Jesus made the yoke easy…not “easy with terms and conditions.” With Jesus I can pray anywhere… kitchen, bedroom, bathroom, toilet, on top of my bed… God picks up the call ANYTIME. No special network required. Thirdly, God wants a relationship, not a religious workout routine. He calls Himself our “Father.” Why would He take me from being His child… to being somebody’s “slave”? A slave have no mind of his own and cannot ask questions, but me? I ask my Father questions every day. And He doesn’t shout “haram!” at me. Instead, He listens with love. That father-child privilege? I’m not trading it for anything less. Fourthly, I can’t move to a belief system where even the founder wasn’t sure of his own destination. Meanwhile Jesus spoke with FULL confidence, He knew where He came from, where He was going, and He even promised to come back for me. That’s the kind of leader I’m following. Now let’s talk about Arabic… Listen, I love languages, but ehn, I cannot come and kill myself because I want to “score points” with Allah. Imagine learning a whole new language just so your prayers can be accepted. My dear, God already understands my English, my broken English, my Igbo, and even my silent tears. No Arabic exam needed. 😅 I can’t be doing gym exercises just to pray, up, down, touch the floor, kiss the ground, repeat. When I can simply sit quietly on my couch, talk to God, and He hears me perfectly well. No warm-up required. And honestly, I can’t look at mountains of evidence about Jesus’ death and crucifixion, historical records, eyewitness accounts, multiple sources and then ignore all of that because one man showed up 600 years later and said, “Nah, it didn’t happen, it only looked like it did.” I’m sorry… I’m way too smart to trade thousands of witnesses for a single late correction. Lastly, checking boxes? I will fail! I already know myself. I will forget this one today, forget that one tomorrow. But in Christianity, Jesus ticked EVERY box for me. All prophecy boxes ✔️✔️✔️ All salvation boxes ✔️ All righteousness boxes ✔️ Meanwhile Islam requires you to tick your own boxes one by one. And me? I already know my score will be 2/10. And that’s not looking good at all. 😂 So yes, the true God who loves me, freed me, adopted me, and keeps things simple for me… will not guide me away from His Son, Jesus Christ. That’s the truth. My list is long, but let me just pause here before I write a whole new Holy book. 😅 May the true God open your hearts and point you all to the real path, Jesus Himself. 🙏

There's no place like 127.0.0.1, but this IP address is often blocked for SSRF payloads. Thankfully - IP addresses are super weird, so you can write them in a bunch of different formats, some of which might bypass SSRF protections. Try these, which are all the same as 127.0.0.1: 👉 2130706433 👉 017700000001 👉 127.1 👉 Any hostname that resolves to 127.0.0.1 (like https://t.co/yq0A2gyZe0) Learn more about circumventing common SSRF defenses here: https://t.co/x4EVxZovmy

People keep asking if we “already have the IOCs” for this or that malware. We usually don’t need them - we already detect the malware family and its behavior. I stopped adding static file hashes on purpose. It’s outdated thinking. One byte changes, one new AWS IP, and your whole detection collapses. If that’s your detection model, you’re stuck in last decade. We build rules for methods and characteristics, not for single files that evaporate on recompile.