This is a letter for you. Thank you for your interest in my work.

This blog is the result of a necessity to explain, in more than 140 characters (old Twitter limit), some of the concepts I shared privately.

After disclosing so many things related to my own research on Cross-Site Scripting (XSS) in my main Twitter account @brutelogic, I decided to create a private account to support that very research.

In 2015 I started @brutalsecrets, a private Twitter account designed to share some of the most sensitive disclosures that I have found.

Join @brutalsecrets as I share all my original and borrowed research on the expanding field of XSS. Included are techniques to discover and exploit mind-bending attack vectors, javascript payloads, filter bypasses and any other useful tips and tricks related to XSS.

There’s also a special addendum to my XSS cheat sheet, with some tweeted secrets added.

A lot of people already joined this account. Gaining access to this knowledge base has brought them some competitive advantage. It helped noobs and professionals dive deep into the practical understanding of XSS and have even won bug bounties from examples I share.

So, if you got interested and want to join this selected group of web application security professionals and enthusiasts, get lifetime access for $59 USD. But before, see these testimonials:

Come be the next to appear here too!



* Special thanks to @0xtavian for reviewing this text.