alp1n3 🌲
@alp1n3.dev
🔮 AppSec & Go | Ex: ARCYBER
Previously: Malware, Helpdesk, and More 🎉
Previously: Malware, Helpdesk, and More 🎉
Pinned
alp1n3 🌲
@alp1n3.dev
· Nov 13
📍Feel free to give me a follow if you’re into:
- Application Security
- Web App Pentesting
- Bug Bounty Hunting
- Malware Analysis
- Shitposting about F1 🏎️
- Web3 / Crypto & Cybersecurity
I’m always trying to share what I learn along my journey! 📰
- Application Security
- Web App Pentesting
- Bug Bounty Hunting
- Malware Analysis
- Shitposting about F1 🏎️
- Web3 / Crypto & Cybersecurity
I’m always trying to share what I learn along my journey! 📰
We heard you hated getting stuck in loops on the phone with the horrible robot, so now we’ve got a new and improved way to get you stuck via chat!
Amazon used to be the pinnacle for customer support - but now I have to go thru a useless AI bot to connect to a human to fix my problem.
Never thought I'd be this grateful to be talking to a human - these AI support bots are just truly terrible, even for Amazon
Never thought I'd be this grateful to be talking to a human - these AI support bots are just truly terrible, even for Amazon
November 21, 2025 at 1:03 PM
We heard you hated getting stuck in loops on the phone with the horrible robot, so now we’ve got a new and improved way to get you stuck via chat!
Reposted by alp1n3 🌲
Not sure who made this, but probably the most accurate representation of the current state of tech to date
November 20, 2025 at 10:59 PM
Not sure who made this, but probably the most accurate representation of the current state of tech to date
Reposted by alp1n3 🌲
I get these. I also get emails from people who tell me they taught themselves malware reversing and forensics with ChatGPT and they have discovered incredibly sophisticated malware on their phone that could only have been put there by a state actor. They send me their chat logs as "evidence."
I am by no means a prominent public intellectual, but my inbox is increasingly filled with messages from people who have been convinced by sycophantic chatbots that they have discovered revolutionary theories that entirely upend our scientific understanding of the universe.
November 21, 2025 at 5:09 AM
I get these. I also get emails from people who tell me they taught themselves malware reversing and forensics with ChatGPT and they have discovered incredibly sophisticated malware on their phone that could only have been put there by a state actor. They send me their chat logs as "evidence."
Reposted by alp1n3 🌲
Added 3 new Java CVEs to our Java Code Review Badge!
Now at 64 real-world labs to sharpen your Java code review skills.
Try them here: pentesterlab.com/badges/java-...
More CVEs coming soon 👀🔥
Now at 64 real-world labs to sharpen your Java code review skills.
Try them here: pentesterlab.com/badges/java-...
More CVEs coming soon 👀🔥
PentesterLab: Learn with our Java Code Review Badge
The Java Code Review Badge is our badge dedicated to code review in Java. It covers the discovery of weaknesses and vulnerabilities using source code review.
pentesterlab.com
November 21, 2025 at 6:25 AM
Added 3 new Java CVEs to our Java Code Review Badge!
Now at 64 real-world labs to sharpen your Java code review skills.
Try them here: pentesterlab.com/badges/java-...
More CVEs coming soon 👀🔥
Now at 64 real-world labs to sharpen your Java code review skills.
Try them here: pentesterlab.com/badges/java-...
More CVEs coming soon 👀🔥
Reposted by alp1n3 🌲
This year, I have gone back to talk at cybersecurity conferences, presenting the talk "app.alert(1) is the new alert(1)", at BSides Sofia and BSides Krakow. I have analyzed 4 CVEs: now you can find 3 PoCs in my GitHub :) because slides are cool, but code is better: github.com/luigigubello...
GitHub - luigigubello/bsides-2025: My talk "app.alert(1) is the new alert(1): PDF files as a vector to inject JavaScript code in web applications", presented at BSides Sofia 2025 and BSides Krakow 202...
My talk "app.alert(1) is the new alert(1): PDF files as a vector to inject JavaScript code in web applications", presented at BSides Sofia 2025 and BSides Krakow 2025. - luigigubello/bsid...
github.com
November 10, 2025 at 9:39 AM
This year, I have gone back to talk at cybersecurity conferences, presenting the talk "app.alert(1) is the new alert(1)", at BSides Sofia and BSides Krakow. I have analyzed 4 CVEs: now you can find 3 PoCs in my GitHub :) because slides are cool, but code is better: github.com/luigigubello...
Reposted by alp1n3 🌲
So tempted to write a troll thread on how this incident shows Rust has bad error handling and wouldn’t have happened in Go, where we actually handle errors 🫣🫢😜
blog.cloudflare.com/18-november-...
blog.cloudflare.com/18-november-...
Cloudflare outage on November 18, 2025
Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.
blog.cloudflare.com
November 19, 2025 at 10:14 AM
So tempted to write a troll thread on how this incident shows Rust has bad error handling and wouldn’t have happened in Go, where we actually handle errors 🫣🫢😜
blog.cloudflare.com/18-november-...
blog.cloudflare.com/18-november-...
Prints came out good! Still will need another round of prototyping.
- Thicker
- Wider
- Slightly larger holes for webbing
Turns out when something isn’t supported on one side it just will bend this way and that 😂
- Thicker
- Wider
- Slightly larger holes for webbing
Turns out when something isn’t supported on one side it just will bend this way and that 😂
November 19, 2025 at 3:02 AM
Prints came out good! Still will need another round of prototyping.
- Thicker
- Wider
- Slightly larger holes for webbing
Turns out when something isn’t supported on one side it just will bend this way and that 😂
- Thicker
- Wider
- Slightly larger holes for webbing
Turns out when something isn’t supported on one side it just will bend this way and that 😂
$10 IS A STEAL — Support your local makerspace!
> 4 x prototype parts
> 42 mm wide, min 38mm long, 4mm thick.
> SLS prints
> 4 x prototype parts
> 42 mm wide, min 38mm long, 4mm thick.
> SLS prints
> nb4 I get the estimate for labor & parts
Fingers crossed it's not too expensive to have some prototypes printed @ the local makerspace. 🤞
Fingers crossed it's not too expensive to have some prototypes printed @ the local makerspace. 🤞
November 17, 2025 at 5:12 PM
$10 IS A STEAL — Support your local makerspace!
> 4 x prototype parts
> 42 mm wide, min 38mm long, 4mm thick.
> SLS prints
> 4 x prototype parts
> 42 mm wide, min 38mm long, 4mm thick.
> SLS prints
Reposted by alp1n3 🌲
My favorite iOS 18 feature that Apple kept for iOS 26 is when you type a search query into your browser and literally nothing happens until you clear the field and try your search again.
November 15, 2025 at 4:43 PM
My favorite iOS 18 feature that Apple kept for iOS 26 is when you type a search query into your browser and literally nothing happens until you clear the field and try your search again.
This is also great for employees when it comes time for performance reviews.
It can really help your manager and you to have a folder of compliments that you can point to.
It can really help your manager and you to have a folder of compliments that you can point to.
I have a dedicated "happy testimonials" folder for all my projects where I put screenshots of really nice social media comments / support ticket emails.
Think praises like "wow this is the best tool we have used in years thank you so much for building it. it's worth way more than you charge"
Think praises like "wow this is the best tool we have used in years thank you so much for building it. it's worth way more than you charge"
November 16, 2025 at 1:30 PM
This is also great for employees when it comes time for performance reviews.
It can really help your manager and you to have a folder of compliments that you can point to.
It can really help your manager and you to have a folder of compliments that you can point to.
Amazing book! Blew through it in a day 🙌
i got the UK Del Rey version because i demand authenticity*
*actually because i jumped the gun and slammed the first pre-order link i saw, but i like this cover
*actually because i jumped the gun and slammed the first pre-order link i saw, but i like this cover
November 16, 2025 at 1:28 PM
Amazing book! Blew through it in a day 🙌
Reposted by alp1n3 🌲
This has been such a cool project to follow. If you’ve not heard of the Kilopixel yet, Ben has a great write up of the build process benholmen.com/blog/kilopix... and the experience of releasing it benholmen.com/blog/kilopix...
The Kilopixel is now on display at my favorite coffee shop, and ever since I moved it from my office it's been finicky. On the plus side I'm getting a good coffee almost every day
November 16, 2025 at 7:35 AM
This has been such a cool project to follow. If you’ve not heard of the Kilopixel yet, Ben has a great write up of the build process benholmen.com/blog/kilopix... and the experience of releasing it benholmen.com/blog/kilopix...
Reposted by alp1n3 🌲
Reposted by alp1n3 🌲
This is a great new feature from Kagi! Users can flag sites as "slop," providing a human reputational signal to penalize generative content.
Introducing SlopStop: Community-driven AI slop detection in Kagi Search | Kagi Blog
-------------------------------------------------------------------
Your collective defense against AI-generated spam and content farms
-------------------------------------------------------------------
We made it our mission to prevent the web from becoming useless and a harmful space.
blog.kagi.com
November 14, 2025 at 4:34 PM
This is a great new feature from Kagi! Users can flag sites as "slop," providing a human reputational signal to penalize generative content.
Reposted by alp1n3 🌲
this is a really well written article on why Cross-site Scripting (XSS) vulnerabilities still exist today flatt.tech/research/pos...
November 14, 2025 at 4:01 PM
this is a really well written article on why Cross-site Scripting (XSS) vulnerabilities still exist today flatt.tech/research/pos...
Reposted by alp1n3 🌲
🚨 Denmark is attempting to force #ChatControl 2.0 through the back door TODAY!
Take action now!
fightchatcontrol.eu
Take action now!
fightchatcontrol.eu
November 12, 2025 at 9:55 AM
🚨 Denmark is attempting to force #ChatControl 2.0 through the back door TODAY!
Take action now!
fightchatcontrol.eu
Take action now!
fightchatcontrol.eu
> nb4 I get the estimate for labor & parts
Fingers crossed it's not too expensive to have some prototypes printed @ the local makerspace. 🤞
Fingers crossed it's not too expensive to have some prototypes printed @ the local makerspace. 🤞
November 13, 2025 at 1:55 AM
> nb4 I get the estimate for labor & parts
Fingers crossed it's not too expensive to have some prototypes printed @ the local makerspace. 🤞
Fingers crossed it's not too expensive to have some prototypes printed @ the local makerspace. 🤞
Reposted by alp1n3 🌲
New video! Proud to announce Collector, a powerful new extension for @burpsuite that provides solutions for the collection, tracking, and handling of any kind of "token".
Watch here: youtu.be/SsjlL1N1qgM
Try out Collector: github.com/Tib3rius/...
Watch here: youtu.be/SsjlL1N1qgM
Try out Collector: github.com/Tib3rius/...
November 12, 2025 at 3:00 PM
New video! Proud to announce Collector, a powerful new extension for @burpsuite that provides solutions for the collection, tracking, and handling of any kind of "token".
Watch here: youtu.be/SsjlL1N1qgM
Try out Collector: github.com/Tib3rius/...
Watch here: youtu.be/SsjlL1N1qgM
Try out Collector: github.com/Tib3rius/...
Reposted by alp1n3 🌲
When your dad breaks Minecraft.
And the internet.
Watch the full interview about the biggest security vulnerability of all time 👉 https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/?utm_source=social&utm_medium=social&utm_campaign=minecraft
And the internet.
Watch the full interview about the biggest security vulnerability of all time 👉 https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/?utm_source=social&utm_medium=social&utm_campaign=minecraft
November 12, 2025 at 11:21 AM
When your dad breaks Minecraft.
And the internet.
Watch the full interview about the biggest security vulnerability of all time 👉 https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/?utm_source=social&utm_medium=social&utm_campaign=minecraft
And the internet.
Watch the full interview about the biggest security vulnerability of all time 👉 https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/?utm_source=social&utm_medium=social&utm_campaign=minecraft
Can't forget to mention that toasts are annoying and get in the way 99% of the time as well.
(I've got a long running bone to pick with them)
(I've got a long running bone to pick with them)
“GitHub no longer uses toasts because of their accessibility and usability issues.”
Music to my ears!
primer.style/accessibilit...
Music to my ears!
primer.style/accessibilit...
Toasts
GitHub no longer uses toasts because of their accessibility and usability issues.
primer.style
November 12, 2025 at 11:28 AM
Can't forget to mention that toasts are annoying and get in the way 99% of the time as well.
(I've got a long running bone to pick with them)
(I've got a long running bone to pick with them)
Reposted by alp1n3 🌲
Conventional wisdom is that tech books barely ever make back the actual time spent writing, in royalties. And any good book needs serious time investment!
I do believe we need *more* good tech books - which is why I wanted to share how much The Software Engineer’s Guidebook made.
(cont’d)
I do believe we need *more* good tech books - which is why I wanted to share how much The Software Engineer’s Guidebook made.
(cont’d)
November 12, 2025 at 9:42 AM
Conventional wisdom is that tech books barely ever make back the actual time spent writing, in royalties. And any good book needs serious time investment!
I do believe we need *more* good tech books - which is why I wanted to share how much The Software Engineer’s Guidebook made.
(cont’d)
I do believe we need *more* good tech books - which is why I wanted to share how much The Software Engineer’s Guidebook made.
(cont’d)
This will save me sooooo much time and scrolling 🙌
I've just upgraded Turbo Intruder with a shiny new algorithm called HTTP Anomaly Rank, which automatically finds the most unusual responses in your attack! Here's a quick demo, full details in the writeup below: youtu.be/z92GobdN40Y
HTTP Anomaly Rank - a new Turbo Intruder feature
YouTube video by PortSwigger
youtu.be
November 11, 2025 at 6:48 PM
This will save me sooooo much time and scrolling 🙌
Reposted by alp1n3 🌲
Something I observed while manually reviewing every single site on personalsit.es:
Websites built with Next.js very rarely have RSS feeds.
Websites built with React sometimes have RSS feeds.
Completely static sites almost always have RSS feeds.
#RSS
Websites built with Next.js very rarely have RSS feeds.
Websites built with React sometimes have RSS feeds.
Completely static sites almost always have RSS feeds.
#RSS
November 9, 2025 at 4:51 AM
Something I observed while manually reviewing every single site on personalsit.es:
Websites built with Next.js very rarely have RSS feeds.
Websites built with React sometimes have RSS feeds.
Completely static sites almost always have RSS feeds.
#RSS
Websites built with Next.js very rarely have RSS feeds.
Websites built with React sometimes have RSS feeds.
Completely static sites almost always have RSS feeds.
#RSS
Reposted by alp1n3 🌲
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
Overview - OWASP Developer Guide
OWASP Foundation Developer Guide project
devguide.owasp.org
November 9, 2025 at 1:08 PM
To all you AppSec people that are creating your own secure coding guide. Remember that there is this org called OWASP that might have this already. devguide.owasp.org/en/04-design/
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!
It may not contain what you would like it to contain, but that is why it’s open source. Contributions are welcome!