Swissky's Avatar

Swissky

@swissky

RedTeam | Pentest Author of PayloadsAllTheThings & SSRFmap http://github.com/swisskyrepo

712
Followers 267
Following 8
Posts 29.07.2023
Joined
Posts Following

Latest posts by Swissky @swissky

Preview
LeHack 2025 - PayloadPLZ Last weekend, I took part in the LeHack 2025 event in Paris. As always, the challenges hosted by YesWeHack were top-notch and full of valuable learning opportunities. This year's highlight was craftin...

Writeup of "Payload Plz" challenge - Le Hack 2025
The goal was to write a polyglot payload for 13 contexts 🀯
swisskyrepo.github.io/blog/payload...

03.07.2025 11:40 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
How and Why to Ditch GitHub How much of your code do you feel like entrusting to Microsoft? How about American data centers? Here's an easy way to jump ship and maintain operations.

I migrated my coding life, including my static websites, off GitHub. It's easier than you might think! Here's how I did it.

taggart-tech.com/mig...

31.03.2025 13:24 πŸ‘ 9 πŸ” 5 πŸ’¬ 1 πŸ“Œ 2
Preview
I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny A series of API flaws in McDelivery India made it possible to order food for a penny, hijack other people’s delivery orders, view user information, and more.

A great write up on McDonald's API security by Eaton:

eaton-works.com/2024/12/19/m...

If you want to learn some API hacking techniques, I've just pushed a new API module to DVWA:

github.com/digininja/DVWA

29.01.2025 13:08 πŸ‘ 11 πŸ” 4 πŸ’¬ 1 πŸ“Œ 0
Preview
Twitch Twitch is the world

Yop ! 🌿
Reprise des veilles technos ce soir 21h ! πŸŒ–
En compagnie de @drypaint.bsky.social @maltemo.bsky.social @swissky.bsky.social 😎

~ See you there ~
www.twitch.tv/thelaluka

28.01.2025 17:47 πŸ‘ 2 πŸ” 2 πŸ’¬ 0 πŸ“Œ 1

The results are in! Congratulations to the winnersβ€”you’ll receive your prize via DM. Thank you all for participating! 😊

25.12.2024 09:56 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

New module on #NetExec : wam
Dump #Entra access tokens from Windows Token Broker Cache, and make your way to Entra πŸš€

Thanks @xpnsec.com for the technique! More info on his blog : blog.xpnsec.com/wam-bam/

18.12.2024 16:26 πŸ‘ 21 πŸ” 12 πŸ’¬ 0 πŸ“Œ 0
Preview
Payloads All The Things

πŸš€ Big Announcement! πŸš€

After 8+ years of working on PayloadsAllTheThings, I’m excited to release it as an ebook on Leanpub! πŸ“–βœ¨

To celebrate, I’m gifting 2 free copies to random reposters! πŸ”₯

πŸ‘‰ Repost for a chance to win

Thank you all for your incredible support! πŸ™Œ

#CyberSecurity #Infosec

01.12.2024 16:16 πŸ‘ 14 πŸ” 10 πŸ’¬ 2 πŸ“Œ 1
Preview
Payloads All The Things

Payloads All The Things: Web Application Security Cheatsheets leanpub.com/payloadsallt... by Swissky is the featured book on the Leanpub homepage! leanpub.com #ComputerProgramming #ComputerSecurity

02.12.2024 21:49 πŸ‘ 0 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Payloads All The Things


This cheatsheet has been a labor of love and countless hours of dedication.

πŸ‘‰ Grab your copy now: leanpub.com/payloadsallt...

The results will be announced on 25th December. Entries will close Tuesday 24th, December at 12:00 PM (GMT) πŸ•

01.12.2024 16:16 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Payloads All The Things

πŸš€ Big Announcement! πŸš€

After 8+ years of working on PayloadsAllTheThings, I’m excited to release it as an ebook on Leanpub! πŸ“–βœ¨

To celebrate, I’m gifting 2 free copies to random reposters! πŸ”₯

πŸ‘‰ Repost for a chance to win

Thank you all for your incredible support! πŸ™Œ

#CyberSecurity #Infosec

01.12.2024 16:16 πŸ‘ 14 πŸ” 10 πŸ’¬ 2 πŸ“Œ 1
Preview
NTLM Relaying - Making the Old New Again | JUMPSEC LABS I am old enough to remember that it was not always possible to get domain admin within the first hour of a test via Active Directory Certificate Services (ADCS) misconfigurations or over permissioned ...

NTLM Relaying – Making the Old New Again
labs.jumpsec.com/ntlm-relayin...

29.11.2024 15:27 πŸ‘ 8 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

still the best bug: GraphQL discloses internal beer consumption (hackerone.com/reports/419883)

25.11.2024 08:35 πŸ‘ 6 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

I run @agarri.fr (this main account) and @mastering-burp.agarri.fr (dedicated to @burpsuite.bsky.social tips)

And I like how custom handles bring your "brand" (aka domain name) front and center while helping to combat impersonation

02.11.2024 10:37 πŸ‘ 0 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0
Preview
Anatomy of Pokemon glitches Digging into the anatomy of Pokemon Yellow glitches, or how to impress your school friends during break time.

🌧️ On a rainy day, I dove into Pokémon Yellow glitches. Ever wondered how they work under the hood?
As kids, we were already hackers manipulating bits in memory! πŸ”πŸ‘Ύ
Read more in my latest blog post:
swisskyrepo.github.io/Pokemon-Glit...

01.11.2024 17:34 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Ph0wn CTF 2019 - Flag Digger Ph0wn CTF 2019 - Flag Digger TLDR: It’s never too late to try to solve an old challenge. This blog post is a quick writeup of a challenge from the Ph0wn CTF 2019 where you were given a small chip a...

It’s never too late to solve an old challenge. I spent some time this week-end to try my luck on a hardware challenge from the Ph0wn CTF 2019.
Here is my writeup,
swisskyrepo.github.io/Ph0wn-Flag-D...

04.02.2024 20:00 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
DLS 2024 - RedTeam Fails - Red Team Fails - β€œOops my bad I ruined the operation”, a story on how to fail a red team assessment. TLDR: Recently I had the pleasure to give a rump during the β€œDrink Love Share” meet organi...

DLS 2024 - RedTeam Fails - "Oops my bad I ruined the operation", a story on how to fail a red team assessment πŸ¦–
swisskyrepo.github.io/Drink-Love-S...

16.01.2024 09:36 πŸ‘ 8 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0