André Baptista
@0xacb
Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm. Co-founder @ethiack
คุณอาจชื่นชอบ
Overview of #BSidesLisbon2025 in the portuguese newspaper @Publico. in PT: publico.pt/2025/11/19/est… in EN (auto): www-publico-pt.translate.goog/2025/11/19/est…
When doing recon, if you have a file with a bunch of URLs, you can use @xnl_h4ck3r's urless tool to declutter and reduce the amount of noise in the results. Check it out here 👇 github.com/xnl-h4ck3r/url…
Confused about how the Cookie SameSite attribute works? - SameSite=None: all cross-site requests will include the cookie; if no other protections are in place, opens up the site to CSRF attacks - SameSite=Lax: only GET requests triggered by a top-level navigation will include…
When faced with a GraphQL endpoint, make sure to run it through @amrelsagaei's GraphQL Analyzer Caido plugin. It will try to expose the server's schema using Introspection queries & you can run custom attacks to test the batch query limit, field suggestions, etc.
LFI via SVG 👀 Glad you enjoyed it @aretekzs!
Just learned a very interesting trick from @0xacb’s challenge at the @Bsideslisbon CTF. If an application uses "magick convert" to modify an uploaded image, it may be possible to achieve LFI by using "text:" One of the file formats supported by ImageMagick is "text",
This might be the most important post you read today. @AnthropicAI just dropped the most insane blog. A hacking group, suspected to be a Chinese APT, has just pulled off the first documented case of a large-scale cyberattack executed without substantial human intervention. It…
Our CTF is live and open to everyone right now until tomorrow 6pm UTC👇 Give it a try to learn some new techniques, and maybe pop some 0days 👀 ctf.bsideslisbon.org
The CTF platform is available for anyone to play with. Enjoy! ctf.bsideslisbon.org thank @ethiack !
The CTF platform is available for anyone to play with. Enjoy! ctf.bsideslisbon.org thank @ethiack !
When testing GraphQL APIs make sure to run graphw00f (github.com/dolevf/graphw0…) to fingerprint the specific GraphQL implementation the application is running. Then you can review the Threat Matrix to get likely attack vectors.
If you still haven't: set up a JS file monitor to send you notifications via Telegram or Slack every time your target app JavaScript gets updated, a great way to stay on top of updates 👾 github.com/robre/jsmon There's also a fork with Discord support: github.com/seczq/jsmon
Your AI agent is powerful. But is it safe enough for production? @0xacb from Ethiack showed how to implement robust safety techniques like guardrails and LLM firewalls.
Looking into a potential SSRF or OR but the server checks against a URL whitelist? Try the backslash trick! Due to a difference in URL specifications, some parsers will treat '\' the same as '/', while others will not. Here's an example payload:…
Tomorrow I'll be speaking at @lisbonai_! We're building faster than ever with AI. But are we building securely? I'll show how agents can perform penetration testing and introduce Hackian: an autonomous agent that identifies vulnerabilities before attackers do. See you there:…
As attack surfaces grow exponentially, driven by AI-accelerated development and increasing technical debt, security must scale accordingly. We've been intensely focused on building the future of security, and our Co-founder, André Baptista (@0xacb) is pulling back the curtain on…
Just had an amazing time working with @ShopifyEng in Toronto 🍁 Thanks @Hacker0x01 for organizing such an incredible event and bringing awesome researchers together. #togetherwehitharder #h1416 #shopify #hacking #goleafs
The BsidesLisbon CTF Qualifiers are officially closed! Huge congrats to the Top 10 teams who will be moving on to the intense onsite finals. See the final rankings on the scoreboard here👉 quals.bsideslisbon.org/scoreboard
United States เทรนด์
- 1. Knicks 12.6K posts
- 2. Landry Shamet 1,206 posts
- 3. #AEWDynamite 20.8K posts
- 4. Philon 1,753 posts
- 5. Brandon Williams N/A
- 6. #Survivor49 3,723 posts
- 7. #CMAawards 5,300 posts
- 8. Vucevic 5,192 posts
- 9. #AEWCollision 8,350 posts
- 10. Vooch 1,044 posts
- 11. Blazers 4,034 posts
- 12. Derik Queen 3,535 posts
- 13. #mnwild N/A
- 14. Simon Walker N/A
- 15. Vucci Mane N/A
- 16. Wallstedt N/A
- 17. Donovan Mitchell 3,951 posts
- 18. Bristow 1,099 posts
- 19. Jackson Blake N/A
- 20. Dubon 3,676 posts
คุณอาจชื่นชอบ
-
Frans Rosén
@fransrosen -
Joel Margolis (teknogeek)
@0xteknogeek -
Brett Buerhaus
@bbuerhaus -
James Kettle
@albinowax -
mohammed eldeeb
@malcolmx0x -
Yassine Aboukir 🐐
@Yassineaboukir -
Nicolas Grégoire
@Agarri_FR -
Geekboy
@emgeekboy -
Tanner
@itscachemoney -
spaceraccoon | Eugene Lim
@spaceraccoonsec -
todayisnew
@codecancare -
Julien | MrTuxracer 🇪🇺
@MrTuxracer -
Th3g3nt3lman
@Th3G3nt3lman -
Hussein Daher
@HusseiN98D -
Patrik Fehrenbach
@ITSecurityguard
Something went wrong.
Something went wrong.