lystena.bsky.social - Profile | ThreadSky | a Reddit-style client for Bluesky

lystena.bsky.social

team red -> team blue connoisseur of "how hard is it really?" consequences

16 posts 80 followers 344 following

Posts 8 Comments 11

Defenders use cross-origin requests through CSS url() or injected JS to leak your phishing URL in the HTTP Referer header. Today, I've been reminded about the excellent post by Keanu Nys, which contains a lot of great evasion ideas! insights.spotit.be/2024/06/03/c...

submitted 105 days ago • 0 comments

Oh, I never posted my gotofail story on here. Early 2014, someone came to me about a catastrophic vulnerability in Apple's TLS implementation. I shit you not, they'd overheard someone at a bar drunkenly bragging about how they were going to sell it to a FVEY intelligence agency for six figures.

submitted 106 days ago • 7 comments

#DEATHCON24 has been great and what looks to be still a bunch of great content to go through. Enjoyed the format!

submitted 105 days ago • 0 comments

Unlucky that discord is seeming to be having a bit of an outage during #DEATHCON24

submitted 106 days ago • 0 comments

submitted 108 days ago • 1 comment

My reputation is now fast becoming "oh your the person who just makes the executive sad or uncomfortable about risks introduced by hard problems I'm trying my best to avoid thinking about"

submitted 610 days ago • 0 comments

Document names are kind of like job titles. There are internal and external document names. For example, the external document title is “Risk Register”, but the internal title is “Wish List”.

submitted 648 days ago • 1 comment

Hi, you can call me lystena. I used to do offensive security, find weird bugs, and annoy blue teamers. Then I joined the blue team, wrote weird alerts and automation to annoy red teamers. Now somehow I'm management, I make PowerPoints and I annoy everyone. 🤷‍♂️

submitted 611 days ago • 1 comment