Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
Blokirali ste korisnika/cu @An0ther_N00b
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @An0ther_N00b
-
Prikvačeni tweet
Happy new year
2019 went well, got some CVE's and bounties. Will try more in 2020
Thanks to @Hacker0x01 Nd to all whom I follow, I have learnt a lot from you guys.#infosec#bugbounty#cybersecurity#Welcome2020Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
Exploiting Insecure Firebase Database! https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty/ …pic.twitter.com/EXmrMSv9tg
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
#OSINT Awesome OSINT https://github.com/jivoi/awesome-osint … OSINT SubReddit https://reddit.com/r/OSINT/ http://WhotWi.com Spiderfoot https://spiderfoot.net Pymeta https://github.com/m8r0wn/pymeta OSINT Stash https://osint.best My tutorials https://0x00sec.org/t/my-personal-osint-techniques-part-1-of-2-key-layer-contingency-seeding/13033 … https://0x00sec.org/t/my-personal-osint-techniques-volume-2-the-kitchen-sink/13198 …pic.twitter.com/IpqYcWHZM0
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
I just published a blog post "Responsible Disclosure: Breaking out of a Sandboxed Editor to perform RCE" https://jatindhankhar.in/blog/responsible-disclosure-breaking-out-of-a-sandboxed-editor-to-perform-rce/ …pic.twitter.com/E7VBsoJwdY
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Harshit Shukla proslijedio/la je Tweet
==API TIPS== To welcome the new year, we published a daily tip on API Security & API Pentesting during the month of January 2020. Check out my new article and explore 31 tips + interesting insights about them. https://medium.com/@inonst/31-tips-api-security-pentesting-480b5998b765 …
#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.
#bugbountytip#bugbountytip#bugbountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018)
#bugbountytip#bugbountyPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
@ngalongc,@EdOverflow, and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover. https://blog.reconless.com/samesite-by-default/ …pic.twitter.com/5R23YmpksT
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
New Writing Bypass SameSite Cookies Default to Lax and get CSRF Looking at a new Chrome feature and the 2 minute quirk which make it possible to bypass it, also solution to my CSRF challenge.
#CSRF#SameSitehttps://medium.com/@renwa/bypass-samesite-cookies-default-to-lax-and-get-csrf-343ba09b9f2b …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
Payloads collection:- Command Injection:- https://github.com/payloadbox/command-injection-payload-list … XSS Payloads:- https://github.com/payloadbox/xss-payload-list … XXE Payload List:- https://github.com/payloadbox/xxe-injection-payload-list … SQLI Payload List:- https://github.com/payloadbox/sql-injection-payload-list … RFI/LFI :- https://github.com/payloadbox/rfi-lfi-payload-list … Open Redirect:- https://github.com/payloadbox/open-redirect-payload-list …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
I always had a hard time finding
@GoogleVRP writeups beacuse they were all over the place in different blog posts, so I made this. If you know of something that is not in there, you are more than welcome to contribute!
#BugBonty#infosec#GoogleVRPhttps://github.com/xdavidhu/awesome-google-vrp-writeups …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
This is a summary for what i discussed with
@NahamSec in our latest#twitch stream about my recon process, that will be easier for you as you might mess some when you watch the video later on. https://pastebin.com/dyNMPAAJ Thanks Ben, what you do for community is dope#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
Hardware Hackers You will need this shopping list -https://github.com/yadox666/The-Hackers-Hardware-Toolkit/blob/master/README.md …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
I also made a video to demonstrate the CANHack toolkit on real hardware attacking a CAN bus with the five different attacks:https://youtu.be/dATyoWOlEJU
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
2nd critical of this week.
#BugBountyTip Abuse ouath Sign-up flow: 1) Use phone number instead email in 3rd party to sign-up. 2) Link victim's email to your 3rd party account while singnup on target. 3) Login to vicitim's account using your 3rd party account.pic.twitter.com/4yrK5KXa4v
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
Dear
@NETGEAR, Putting the private key for a CA blessed certificate in firmware is a bad idea.@nstarke and I found a couple a couple terrible things. https://gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9 …pic.twitter.com/oOIs8kpoUm
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
Exploiting SQL Injection in Android's Download Provider (CVE-2019-2198) Blind SQL injection in Android's Download Provider will retrieve user cookies of downloaded file website (e.g. Gmail). Patched in November's 2019 Android Security Bulletin. PoC + info:https://github.com/IOActive/AOSP-DownloadProviderDbDumperSQLiWhere/ …pic.twitter.com/9GOTrPA858
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
Antivirus Evasion with Python - really good read!
#infosec#pentest#redteamhttps://medium.com/bugbountywriteup/antivirus-evasion-with-python-49185295caf1 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
So my guest blog post for
@detectify about my recon techniques is finally out. Check it out here-https://blog.detectify.com/2020/01/07/guest-blog-streaak-my-recon-techniques-from-2019/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Harshit Shukla proslijedio/la je Tweet
CSRF Bypasses: 1. Check if there is any CSRF token in request, if yes, remove token and send request, is it bypassed? Modify the CSRF token to any other CSRF token, Check if CSRF token is matched with any cookie token, if yes, you can bypass this.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.