This is a letter for you, that got interested in my work.
I would like you to know that this blog is the result of a necessity to explain in much more words some of the concepts I used to share privately to some people.
After disclosing so many stuff related to my own research on Cross-Site Scripting (XSS) in my main Twitter account @brutelogic, I decided to create a private account to support that very research.
In 2015 I started @brutalsecrets, a private Twitter account designed to share to a few what I simply couldn’t keep sharing for free in a regular Twitter feed.
Actually it also includes 2 tools
that I’m still developing (and wide open to feedback):
1 – pmap: a server side based tool to discover XSS using the techniques tweeted in this account and highlighting useful entries in source code for further exploitation (whose features will be migrated to KNOXSS);
1. KNOXSS (for limited time): to replace pmap features in XSS discovering, a new tool called KNOXSS (which will be public with its own subscription plans) will be available for @brutalsecrets followers in a special offer: 1 year plan of standard edition for FREE. This will be valid only until the official launch of the tool (very soon). (LAUNCHED, no longer valid)
2 – BruteX: a custom Google Chrome extension designed to help in finding XSS flaws by checking for reflection straight into DOM with a point-and-click approach (but still requiring manual inspection).
There’s also a special version of my XSS cheat sheet, with some tweeted secrets added.
A lot of people already joined this account gaining access to this knowledge and tools, which brought them some competitive advantage. Some even used it to get bounties in bug bounty programs.
So, if you got interested and want to join this selected group of web application security professionals and enthusiasts, just make the checkout for a lifetime access. But before, see these testimonials:
— Filippos (@filipposmastro) July 26, 2015
— xlimbolandx (@xlimbolandx) January 12, 2016
Picked up a smart trick from @Brutalsecrets that's just helped with a bug bounty submission – well worth $35 for lifetime access 🙂
— Lewis (@Lewis) February 25, 2016
— Spam404 (@Spam404Online) April 15, 2016
50$ well spend, this will be worth 250$ soon. https://t.co/82cP0otNhK
— GasGeverij (@_c0mrad) May 31, 2016
— dawgyg (@thedawgyg) September 8, 2016
— Karel Origin (@Karel_Origin) October 12, 2016
Come be the next to appear here too!