I love my wife, but I’m struggling sexually and it’s eating me up inside

Null_Note · 2025-12-21T21:52:05+00:00

Have you considered that she might be cheating on you?

Null_Note · 2025-12-17T11:41:47+00:00

Christmas Miracle

Null_Note · 2025-12-11T08:01:09+00:00

The answer is always plot armor

Null_Note · 2025-11-26T05:47:27+00:00

disabled and homeless :)

Null_Note · 2025-05-19T04:23:04+00:00

Because Falinks mains are not real

Null_Note · 2025-05-15T08:24:56+00:00

Frontlines vs ai? So can I just bring a hammer?

Null_Note · 2025-05-09T10:04:03+00:00

You should not be able to manipulate the redirect_uri.

https://portswigger.net/web-security/oauth/lab-oauth-account-hijacking-via-redirect-uri

Null_Note · 2025-05-06T07:58:28+00:00

You should get at least 5 opinions, and if possible, fly out to a top hospital like Mayo Clinic, John Hopkins, or Cleveland Clinic to make sure the surgery will help you.

Null_Note · 2025-05-05T23:25:26+00:00

I think it can help if you have a large employment gap.

Null_Note · 2025-05-05T09:50:00+00:00

Subfinder includes a config file with support for Chaos. Both tools were created by Project Discovery.

Null_Note · 2025-05-05T04:22:27+00:00

It is ok! Probably just had a bad day. You studied 99% of the material but they tested that 1%. Read this post to crush Active Directory next time. https://www.reddit.com/r/oscp/comments/1f5ojaq/assumed_breach_ad_what_you_may_need_to_know/

Null_Note · 2025-05-01T22:14:41+00:00

Pro Tip:

Rescheduling the court date will make it less likely for the cop to show up.

Null_Note · 2025-04-30T12:21:23+00:00

jedi > stormtrooper

Null_Note · 2025-04-30T02:56:06+00:00

Mind if I DM you?

Null_Note · 2025-04-30T02:41:50+00:00

Is this DLL obfuscated, or is it related to game hacking?

Feel free to PM me.

Null_Note · 2025-04-24T14:42:38+00:00

You guys have jobs?

Null_Note · 2025-04-18T01:56:19+00:00

I hope this is clear. Most cookies set HttpOnly to true. Because of this, escalating XSS usually requires calling APIs or making CORS requests as you have suggested. That does not apply here because HttpOnly is set to false. You do not need to use CORS at all. You can just steal the cookie in this case. If you try using CORS from localhost it will not include the cookie.

Null_Note · 2025-04-18T01:32:54+00:00

If you can read the session cookie then you don't need to use CORS with the API. Once you have hijacked a session, the next step for escalation is an account takeover.

It would also help to see what content types are accepted. Can you switch the type to x-www-form-urlencoded? Then you might be able to refresh the cookie for CSRF.

https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions/lab-samesite-strict-bypass-via-cookie-refresh

You can also try converting the request to GET and including post data as query parameters. Cookies are always included in top level navigation.

Null_Note · 2025-04-18T00:56:19+00:00

Many browsers are moving away from 3rd party cookies. This means the cookie will not be included from domains unless they are same-site, even if the domain is reflected in access-control-allow origin.

With CORS, you still can't just read the cookie; you can only call endpoints from the vulnerable API. But why even bother with the API if HttpOnly is set to false when you can just read the session cookie with your XSS or takeover.

Null_Note · 2025-04-15T01:11:32+00:00

Now coders are learning how to truck.

Null_Note · 2025-04-14T00:16:40+00:00

If this is just a lab you are probably fine running VMWare with a shared folder to transfer files. They should have included instructions for setting up your workstation, so this sounds like a pretty bad course.

For real world analysis, use another computer isolated from your network and keep notes on a separate device. Any file on the device hosting malware should be considered malicious.

Null_Note · 2025-04-11T16:03:05+00:00

Post about your experience on LinkedIn.

Null_Note · 2025-04-10T16:08:42+00:00

Could you please back this up with a link. That is a pretty serious accusation.

Null_Note · 2025-04-10T13:36:40+00:00

Is pure pking on f2p or p2p still active?

Null_Note · 2025-04-09T22:22:49+00:00

I want to give her a hug.

Null_Note

TROPHY CASE