I was nervous about researching timing attacks because they have a reputation of rarely working outside lab conditions. Even if my techniques worked, there was a risk people wouldn't give them a chance. Hence my slightly snarky subtitle "Timing attacks that actually work" 😂

Men, If it feels scary, do it If it feels uncomfortable, do it If it feels hard, do it If if causes uncertainty. do it If it pushes you to your edge, do it Growth awaits, embrace it

If you're a hacker, and you feel bad about not knowing everything, listen up: No one knows everything. No one. The best hackers in the world only know a tiny fraction of everything there is to know about hacking.

Good news - I'll be presenting "Listen to the whispers: web timing attacks that actually work" at DEF CON! See you there! #DEFCON32

A freebie from next weeks tbhmlive.com - my revisions to renniepak 's javascript parsing bookmarklet. 1⃣ Create any bookmark in Chrome 2⃣ Right click edit it 3⃣ Rename jsparser and paste the js from the Gist in the URL section. Viola. Visit a site and click the

Remember, with hacking you must always stay curious, embrace challenges, and learn from every experience. Every step forward is progress. You've got this!

When hunting for vulnerabilities, one effective method is to look for internal domains exposed through SSL certificates . This can reveal internal infrastructure or services that might be accessible due to misconfigurations or overlooked security measures. #bugbountytips

It all starts with little habits and discipline. Small steps lead to great achievements. Set some small goals that look easy to do for 1 week, then increase for the next week and so on.

A hacking hat-trick: previewing three PortSwigger Research publications coming to DEF CON & Black Hat USA portswigger.net/research/a-hac…

The whitepaper is live! Listen to the whispers: web timing attacks that actually work. Read it here -> portswigger.net/research/liste…

It is a very decent way to attract hackers far more than money.

Bug Bounty Tips: Extract API Endpoints and Construct Complex HTTP Requests from JavaScript Files Using AI Stuck analyzing complex JS files while manually hunting on a target and can't figure out how to construct those GET/POST requests? 🤯 No fancy tools needed! 👉 Quick tip: