This is a letter for you, that got interested in my work.

I would like you to know that this blog is the result of a necessity to explain in much more words some of the concepts I used to share privately to some people.

After disclosing so many stuff related to my own research on Cross-Site Scripting (XSS) in my main Twitter account @brutelogic, I decided to create a private account to support that very research.

In 2015 I started @brutalsecrets, a private Twitter account designed to share to a few what I simply couldn’t keep sharing for free in a regular Twitter feed.

There I share all my original (even if based on someone else’s) research on XSS field, including vectors, javascript payloads, techniques to discover/exploit it, filter bypass tricks and any other useful stuff related to it.

There’s also a special version of my XSS cheat sheet, with some tweeted secrets added.

A lot of people already joined this account gaining access to this knowledge, which brought them some competitive advantage. Some even used it to get bounties in bug bounty programs.

So, if you got interested and want to join this selected group of web application security professionals and enthusiasts, just make the checkout for a lifetime access. But before, see these testimonials:

Come be the next to appear here too!