Tushar

@0xdeadpool

Magician, musician and a security geek..

Bengaluru, India
deadpool.sh
Vrijeme pridruživanja: listopad 2014.
9 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @0xdeadpool

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @0xdeadpool

  1. Prikvačeni tweet
    2. velj 2017.

    Finally wrote a blog. An old issue in SpringBoot which could allow RCE. Inspired from blog.

    5 replies 56 proslijeđenih tweetova 78 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    prije 12 sati

    Quickly get the ASN of an IP address, along with the associated company name and location: curl <ip> This is a great way to confirm ownership of an IP/domain. It also is a great way to services that might be in use (AWS/Azure/Cloudfront/Akamai, etc.)

    6 replies 100 proslijeđenih tweetova 291 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    prije 15 sati

    Shopify disclosed a bug submitted by fransrosen: - Bounty: $15,000

    31 proslijeđeni tweet 133 korisnika označavaju da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    5. velj

    Today I presented a rough idea of a (brand-new?) data exfiltration technique with regular expression injection and timing attack at OWASP Night (Japan). Enjoy!

    55 proslijeđenih tweetova 115 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    4. velj

    Silent Arbitrary Code Execution

    1 reply 11 proslijeđenih tweetova 23 korisnika označavaju da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    3. velj

    Our first blog post of 2020 is out! Learn about how we discovered a heap overflow in the F-Secure Internet Gatekeeper, which leads to unauthenticated RCE

    1 reply 45 proslijeđenih tweetova 103 korisnika označavaju da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    30. sij

    Some hunters made over €50.000 in bug bounties with this simple trick. 🤑 Thanks for the , !

    12 replies 437 proslijeđenih tweetova 1.218 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    27. sij

    -API TIP:26/31- Looking for BOLA (IDOR) in APIs? got 401/403 errors? AuthZ bypass tricks: * Wrap ID with an array {“id”:111} --> {“id”:[111]} * JSON wrap {“id”:111} --> {“id”:{“id”:111}} * Send ID twice URL?id=<LEGIT>&id=<VICTIM> * Send wildcard {"user_id":"*"}

    87 proslijeđenih tweetova 221 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    22. sij

    New blog post: A Less Known Attack Vector, Second Order IDOR Attacks

    100 proslijeđenih tweetova 268 korisnika označava da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    23. sij

    I wrote a secret scanner tool and published it under my employer's GitHub org. Since I don't have much Twitter reach I appreciate any RTs! It currently will scrape Git, S3, and GDocs for secrets, and written in Rust for high performance.

    8 replies 229 proslijeđenih tweetova 463 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    22. sij

    if you find 403 Forbidden while testing. Try X-Original-URL and X-Rewrite-URL Headers to bypass restrictions

    189 proslijeđenih tweetova 552 korisnika označavaju da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    21. sij

    The new Shodan has a feature to query domain which lists all DNS records as well as subdomains. Now, it's even easier to extract domains from Shodan, I guess.

    50 proslijeđenih tweetova 133 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    18. sij

    Here my GitHub with many scripts useful for red teamers - Enjoy!

    6 replies 348 proslijeđenih tweetova 807 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    16. sij

    Check out my bug bounty tip for ! Often helps me escalating low severity IDORs to crits!

    So you believe UUID's are a sufficient protection against IDOR's? Think again! 🤦 Thanks for the ,
    19 proslijeđenih tweetova 107 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    2. sij

    lsassy 1.0.0 is finally out ! 🔸 Remotely dump **with built-in Windows tools only**, procdump is no longer necessary 🔸 Remotely parse lsass dumps to extract credentials 🔸 Link to to detect compromised users with path to Domain Admin

    12 replies 451 proslijeđeni tweet 955 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    12. sij

    Just posted Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2. Using a payload containing three different programming languages :)

    11 replies 286 proslijeđenih tweetova 581 korisnik označava da mu se sviđa
    Poništi
  17. proslijedio/la je Tweet
    9. sij

    If you run Citrix in your network you *really* need to read this. A decent dork to find systems is here: Every single system I've spot checked so far has been vulnerable; this will burn people for a while. Take steps to defend yourself ASAP.

    As promised, I've documented some additional information from research into . There is a bit of misleading information out there so I hope this will clear the air a bit. cc:
    75 proslijeđenih tweetova 136 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    10. sij

    Not sure what search filters are available? Check out our new filter reference page:

    6 replies 172 proslijeđena tweeta 472 korisnika označavaju da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    10. sij

    Recently I was on a pentest and needed to manage Active Directory groups from Linux to achieve privilege escalation. If you find yourself in a similar scenario, this is what you can do:

    7 replies 223 proslijeđena tweeta 577 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    10. sij

    Citrix ADC/Netscaler RCE (CVE-2019-19781) 😬

    6 replies 45 proslijeđenih tweetova 225 korisnika označava da im se sviđa
    Poništi
  21. proslijedio/la je Tweet
    9. sij

    Have reproduced Citrix SSL VPN pre-auth RCE successfully on both local and remote. Interesting bug!

    10 replies 309 proslijeđenih tweetova 708 korisnika označava da im se sviđa
    Poništi

@0xdeadpool još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·