Secrets

Hi,

This is a letter for you, that got interested in my work.

I would like you to know that this blog is the result of a necessity to explain in much more words some of the concepts I used to share privately to some people.

After disclosing so many stuff related to my own research on Cross-Site Scripting (XSS) in my main Twitter account @brutelogic, I decided to create a private account to support that very research.

In 2015 I started @brutalsecrets, a private Twitter account designed to share to a few what I simply couldn’t keep sharing for free in a regular Twitter feed.

There I share all my original (even if based on someone else’s) research on XSS field, including vectors, javascript payloads, techniques to discover/exploit it, filter bypass tricks and any other useful stuff related to it.

Actually it also includes 2 tools that I’m still developing (and wide open to feedback):

1 – pmap: a server side based tool to discover XSS using the techniques tweeted in this account and highlighting useful entries in source code for further exploitation (whose features will be migrated to KNOXSS);

1. KNOXSS (for limited time): to replace pmap features in XSS discovering, a new tool called KNOXSS (which will be public with its own subscription plans) will be available for @brutalsecrets followers in a special offer: 1 year plan of standard edition for FREE. This will be valid only until the official launch of the tool (very soon). (LAUNCHED, no longer valid)

2 – BruteX:  a custom Google Chrome extension designed to help in finding XSS flaws by checking for reflection straight into DOM with a point-and-click approach (but still requiring manual inspection).

There’s also a special version of my XSS cheat sheet, with some tweeted secrets added.

A lot of people already joined this account gaining access to this knowledge and tools, which brought them some competitive advantage. Some even used it to get bounties in bug bounty programs.

So, if you got interested and want to join this selected group of web application security professionals and enthusiasts, just make the checkout for a lifetime access. But before, see these testimonials:

Come be the next to appear here too!

Sincerely,

Brute.

 

money-back

#hack2learn