Pieter Hiele

@honoki
8 Followers
317 Following
83 Posts
cyber entomologist ๐Ÿ› hack for fun and profit ๐Ÿ’ฐ amateur musician ๐ŸŽน occasional blogger
Bloghttps://honoki.net
Twitterhttps://twitter.com/honoki
Githubhttps://github.com/honoki
HackerOnehttps://hackerone.com/honoki
Pieter HieleMay 12, 2023
Just got word that we can go get the VW ID.Buzz that we ordered back in October. So excited to meet it in person. ๐Ÿ˜ #idbuzz #volkswagen #ev
Pieter HieleApr 27, 2023

I learned to use a 3D printer for the first time yesterday. Made some good progress on customizing a music box to play a lullaby of my own composition. A bit of tweaking left!

Thanks to the fabulous Brussels cityfab for the help! https://cityfab1.brussels

#makers #brussels #bxl #3dprinting

Pieter HieleFeb 2, 2023

I pushed the first bugfixes and new features of BBRF in over a year(!) so if you're using it, go install the updates now.

pip install --upgrade bbrf
bbrf server upgrade

https://github.com/honoki/bbrf-client

GitHub - honoki/bbrf-client: The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices

The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices - GitHub - honoki/bbrf-client: The Bug Bounty Reconnaissance Framework (...

GitHub
Pieter HieleJan 9, 2023
I'm thinking Emma Thompson as Trunchbull would be great if ever Charles Dance is looking to shoot a biopic.๐Ÿ˜…
Pieter HieleDec 16, 2022
Spent three lovely cold sunny days in Paris โ€“ all I needed to recharge before the year end.
Pieter HieleDec 7, 2022
#ChatGPT really taking image recognition to the next level
Pieter HieleDec 5, 2022

"XXE-scape through the front door: circumventing the firewall with HTTP request smuggling"

Read my write-up about a pretty cool way in which I bypassed a firewall stopping me from exploiting an XXE vulnerability.

https://honoki.net/2020/03/18/xxe-scape-through-the-front-door-circumventing-the-firewall-with-http-request-smuggling/ #bugbounty #writeup #xxe #crosspost

XXE-scape through the front door: circumventing the firewall with HTTP request smuggling โ€“ honoki

Pieter HieleNov 24, 2022

If you haven't heard about local DTDs in XXE yet, check it out here: https://github.com/GoSecure/dtd-finder/blob/698fd678f26395e1c7c097525f7182aecad0cd5f/list/xxe_payloads.md

Another cool trick with error-based XXE is to access a file starting with colon (:) to trigger a "no protocol" error.

#xxe #websec

dtd-finder/xxe_payloads.md at 698fd678f26395e1c7c097525f7182aecad0cd5f ยท GoSecure/dtd-finder

List DTDs and generate XXE payloads using those local DTDs. - dtd-finder/xxe_payloads.md at 698fd678f26395e1c7c097525f7182aecad0cd5f ยท GoSecure/dtd-finder

GitHub
Pieter HieleNov 8, 2022
Im finally sponsoring $5/mo to Signal for keeping my conversations safe. โค๏ธ