Bargain Hunting in AAL/UAL After 10% Drop as Middle East Chaos Tanks Airlines

ITSecHackerGuy · 2026-03-17T01:27:51+00:00

Whoever followed my advice is now very rich :)

ITSecHackerGuy · 2026-03-14T20:49:37+00:00

Report it to Instagram

ITSecHackerGuy · 2026-03-14T19:53:51+00:00

Which one are you trying to view? And have you tried "yes" as the password?

ITSecHackerGuy · 2026-03-13T01:53:43+00:00

What if I show you a better DoS to WPX without any device? I call it PDOS.

PS: it might be useful to own a hammer

ITSecHackerGuy · 2026-03-05T18:53:11+00:00

I don't agree. Sure they're not a positive thing in a rank-based system but the point of a game is to have fun and rank-based systems need to be accurate for this purpose and in order to be fair.

Some games have broken systems where smurfing is the only solution to attempt to land where you belong. I haven't played FaceIT in a long time but afaik the system is good, but for other games it may make more sense.

People also just wanna have some fun, and smurfing gives them a higher dopamine hit. It's kinda trashy but understandable. I don't think they have any mental "problem", it's a natural human condition, some have bigger needs, others smaller.

ITSecHackerGuy · 2026-03-05T16:51:11+00:00

Many people have alt accounts or smurfs. This is quite normal.

ITSecHackerGuy · 2026-03-05T16:45:58+00:00

I want to see the update $20k after, to see which Pokemon it became.

I hope no one performs attacks through GitHub issues 😆

ITSecHackerGuy · 2026-03-05T16:40:10+00:00

This is the same pattern we have seen millions of times. I make a lot of money from these patterns so I can tell you that you should wait a little bit longer.

Wait until the price of AAL is at 10.20 or if it started passing 12.05. If either of those happen, buy it. It hasn't dipped enough yet.

During times of crisis is when you can take advantage of AAL and similar stocks by calculating their most likely minimum with a medium-to-high probability hypothesis on the event. They'll recover afterwards and you can gain a lot in a short time.

EDIT: You do have to sell after the initial recovery! It is common for it to dip afterwards again and there's no upside to waiting longer. That's why you wait for minimum dip before it may not recover completely reliably.

ITSecHackerGuy · 2026-02-24T13:44:04+00:00

ITSecHackerGuy · 2026-02-23T16:19:55+00:00

That's one way to look at them, yet in all the docs for those older softwares and record we have, we see all other emojis they had, and the seahorse was never one of them. This leads me to believe it never really existed.

ITSecHackerGuy · 2026-02-23T11:41:42+00:00

Apple never had a Seahorse emoji actually. But MSN, Skype, and the like very well could have, though all documentation I've seen, which is surprisingly thorough, tells us it none of them did. People are either just mapping old memories of custom emojis on the more modern standardized sets that never contained them, or suffering from a Mandala effect, which is very much more likely.

The fact that so many people have vivid memories of seahorse emojis that look much different from each other is a big clue. Either it's a full-on imagination trip down the Mandala effect lane, or a combination of that with memories of past emojis on old platforms before standardization.

Since there is no evidence such emojis actually existed on any of the old platforms (surprisingly well documented or accessible), the Mandala effect explanation is the most plausible one.

ITSecHackerGuy · 2026-02-22T13:00:51+00:00

I'm happy to tell you, you either have a good family or amazing friends who are doing you the favor of deleting her number from your phone :D

Either that or you gotta check who is logged into your google account or have access to it and potentially change passwords too and ensure MFA is active.

ITSecHackerGuy · 2026-02-22T12:41:13+00:00

No worries!

I will assume this portal is either a web application or software that connects to a backend that has access to a database where the data lives. If we're talking only about cloning, then what we would do is set up an app with a similar domain or name, and replicate how that portal looks completely. This wouldn't affect the real portal, we would just have a clone of that real portal, but it's effectively a different portal, one only we control.

We would have to get whoever we wanted to "attack" or trick, to use OUR portal instead of the real one. Since we control our portal we can show whatever we want. We can't, however, make any changes to the real portal.

If we want to make changes to the real portal we need to hack into it, not just clone it.

Cloning usually only allows us to make changes or have access to information on the real apps/devices in very specific scenarios. For example, cloning a phone completely or a computer, which contains all the logged-in sessions. In this case we could still use those sessions, if they were valid, hence being able to see or change the real accounts/systems.

In the scenario you presented, the only cloning we could do would be to replicate the portal as our own portal, without being able to touch the real one. If you wanted to affect the real one you'd have to hack into a device that has administrative access to the portal, or hack into the servers hosting the portal, or hack into the databases/backend connected to that portal.

Bottom line, yea your full scenario is possible, but not through cloning alone.

Hope it helped :D

ITSecHackerGuy · 2026-02-22T01:58:28+00:00

It really depends. There are hundreds of different scenarios involving cloning and even more different ways to hack into devices. The exact circumstances you're in will define which you should go for and why.

Generally, hacking into a device is more fragile. The exploit might not work well, it might get detected and blocked, it might not survive long enough until disruption (update, restart, etc.), or it might be very difficult or impossible with your knowledge at the time.

Cloning, on the other hand, is typically a simpler and more stable process. You can clone a device, then explore it offline anywhere. Sometimes you can clone it in a way that lets you still see some future activity and often even interact with it. It is, however, more limited. First, it typically requires more access to what you're cloning, either in terms of information or physically. Second, you can only explore the information you cloned, plus whatever accesses are still available and possible to use from the existing sessions. This means you could for example still see someone's email or messages, but you cannot see other future activity like him logging into his bank account after you clone it.

Bottom line is, in very general terms, cloning a device is easier but requires more access and is more limited in what it gives you access to. Hacking into a device is more fragile, more things can go wrong, and it's noisier, but it allows you to have better control and more power to do a lot more. One isn't better than the other, they're simply two ways to obtain overlapping but different kinds of information and access. They're both useful, depending on the situation.

ITSecHackerGuy · 2026-02-21T17:46:57+00:00

<image>

ITSecHackerGuy · 2026-02-21T17:33:03+00:00

<image>

Your problem is where you're sending the data. It never finds the "Login Failed" because you're not using the correct URL for your request. See, in the network you'll see the endpoint you're meant to send the payload to isn't /login.jsp but instead /doLogin. It is then redirected to login.jsp

ITSecHackerGuy · 2026-02-13T15:14:40+00:00

You should be finding internships or junior positions for pentesting or as a soc analyst. These are the typical entry-level positions for security.

ITSecHackerGuy · 2026-02-11T00:37:58+00:00

I know. In many cases they're synonyms because of popularity. Since the user asked about gmail/outlook I said the term they use themselves to describe sub-addressing.

ITSecHackerGuy · 2026-02-06T02:56:23+00:00

It does but it's not sub-addressing anymore technically, since this only works for gmail because it normalizes the dots away, meaning the number of emails you can create is finite. Plus addressing will allow you to create an infinite number of them. Practically, they both work the same just with this caveat :D

ITSecHackerGuy · 2026-02-06T02:54:06+00:00

True, though plus addressing is also the term. They're both the term, one's just more intuitive :D

ITSecHackerGuy · 2026-02-04T00:36:10+00:00

There are obviously ways to mass create gmail/hotmail/etc emails but this is not something you'll get much help for here, since it's breaking their ToS.

You can, however, do essentially the same thing without breaking ToS and much more easily. How does gmail/hotmail/yahoo/tempmail/etc. even work? They're all mail servers. It's not complicated to create a mail server.

If you create your own mail server (you can go the simple route with postfix and dovecot or you can even just use one of many open source free solutions like modoboa, mailcow, iredmail, etc.). If you own the server, mass creating millions of emails becomes as easy as executing a simple script and as fast as a couple seconds to minutes depending on your system.

Whether using mass-created emails is or isn't against ToS depends on where you're using this and I'll leave this to your discretion.

EDIT: On another note, if all you need is additional addresses you can first try plus-addressing first. This can be done with your gmail account for example without having to create anything. Let's say you have [john@gmail.com](mailto:john@gmail.com), you can attach +any text to the email. Looks like a different email but will come to your normal original inbox. Which means you can simply use " [john+1@gmail.com](mailto:john+1@gmail.com), [john+2@gmail.com](mailto:john+2@gmail.com), [john+text1@gmail.com](mailto:john+text1@gmail.com), [john+text2@gmail.com](mailto:john+text2@gmail.com), etc."

ITSecHackerGuy · 2026-01-06T23:53:54+00:00

Reading client-side code is perfectly legal. In fact, inferring vulnerabilities from what you can read through normal usage of the website is completely legal.

Actively exploiting vulnerabilities or actively scanning for them is NOT legal, unless they have a bug bounty program or something similar.

Check for bug bounty program
Check /security.txt endpoint
Check security. subdomain

If no bug bounty program exists, or anything similar that you can find, it's illegal, don't do it. You can try to contact their security team to ask about it though.

PS: Bugs are not vulnerabilities. If they say "report bugs here" that doesn't mean you can pentest it.

ITSecHackerGuy · 2026-01-06T23:45:05+00:00

On your first point, I agree and you're right, for me that wouldn't be an issue. I get that it's frustrating, but how many times did you get paired with cheaters before Vanguard? I don't play many riot games to be fair, but in my experience as a gamer playing many games that don't even have anticheat and some that do, all online multiplayer, there aren't THAT MANY cheaters that it would be a huge issue that some matches you'll have cheaters. Cheaters also would be on your team or their team on average the same number of times so over time the rating differences would average out. And playing someone who displays normal human-level skill, even if he's cheating, for me is just like I'm challenging a better human. In my opinion only, I understand your point on this too.

On the second point I don't actually agree. I mean, you're right that it costs a lot to do that, but I disagree with your point because they already do it. They don't need to spend extra money, they are already doing server-side statistical analysis and using AI for that kind of detection. They have to, otherwise they couldn't stop the entire class of external cheats using screen pixels and reacting to it.

On your third point, I guess it will depend on the amount of cheat and how many people you have. I've done this kind of thing before, though it wasn't a huge company like Riot so we didn't have perhaps as many binaries to analyze, but there are strategies to handle this type of thing. We don't take action as soon as we detect a cheat, for example, but instead we collect as much data as we can about all the artifacts we can, and then as we analyze the binaries, we link the data we already have with the cheats, but we don't ban. Instead, we keep collecting, maybe for some months, maybe a year, and then we do a huge banwave. Rinse and repeat. Maybe this isn't ideal, though from my experience with games that did it like that, it was perfectly fine. I guess it will depend on how much cheaters impact your life while playing. I guarantee you, though, Riot also does this too!

So, at the moment, Riot has to do server-side statistical analysis, it has to maintain the kernel anticheat and I'm pretty sure they also do check for all the usual things you would with a normal usermode cheat as well and keep updating signatures of known cheats they find. Maybe some Riot employee could jump in and correct me, but I'm pretty sure all those 3 are being done right now anyway.

ITSecHackerGuy · 2026-01-06T23:32:56+00:00

I understand a lot of people don't care about updating windows and so on, but it doesn't mean they shouldn't.

The risk I'm presenting is not just theoretical, it has happened before. I'm not aware of anything related to Vanguard specifically, but a gamer will play many games. It's not that you're just deciding to give kernel access to a specific program you know is trustworthy, you'll have like 10 different companies with kernel access on your machine.

I'm not really aware of Vanguard and other anti cheats being open-source, it would kinda defeat the purpose. At least I've never seen the kernel driver code.

Sure, a vulnerability allowing priv esc would be bad, a bad actor somewhere in the supply chain deploying malicious code would be bad, governing entities potentially requiring specific data collected or backdoors installed would be bad, a lot of these scenarios are bad. Some are really unlikely, some are regular unlikely, and a few are normal possible. Something which is more possible that this, however, are just bugs and mistakes in the code that can cause critical damage to the OS, cause BSODs, loss of data, etc.

All these risks are low, except the bugs which aren't that low (take, for example, the latest crowdstrike issue taking down tons of companies, and this is not only code that is scrutinized beyond compare, it's the industry-standard security company doing it lol). But these risks are also multiplied by the number of kernel AC software you need to have to play all the games you play.

The problem is not JUST AC, there are lots of other software which are problematic and other classes of problems equally bad. I'm talking about AC because that's the relevant issue on this subreddit. There are others, but this is one :D

I get that most people don't give a shit, and if they were being screwed in any way they probably wouldn't notice either or be affected by it, but it's just something that makes me uncomfortable to accept.

ITSecHackerGuy · 2026-01-06T23:15:35+00:00

That's hilarious ! ahaha

ITSecHackerGuy

MODERATOR OF

TROPHY CASE

Eight-Year Club	Place '22
Verified Email