Tweetovi

Blokirali ste korisnika/cu @An0ther_N00b

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @An0ther_N00b

  1. Prikvačeni tweet
    31. pro 2019.

    Happy new year 🥳 2019 went well, got some CVE's and bounties. Will try more in 2020😀 Thanks to Nd to all whom I follow, I have learnt a lot from you guys.

    Poništi
  2. proslijedio/la je Tweet
    4. velj
    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    Poništi
  4. proslijedio/la je Tweet
    4. velj

    I just published a blog post "Responsible Disclosure: Breaking out of a Sandboxed Editor to perform RCE"

    Poništi
  5. proslijedio/la je Tweet
    30. sij
    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    4. velj

    ==API TIPS== To welcome the new year, we published a daily tip on API Security & API Pentesting during the month of January 2020. Check out my new article and explore 31 tips + interesting insights about them.

    Poništi
  7. proslijedio/la je Tweet
    3. velj

    When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.

    Poništi
  8. proslijedio/la je Tweet
    4. velj

    When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018)

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    Poništi
  10. proslijedio/la je Tweet
    8. sij

    New Writing Bypass SameSite Cookies Default to Lax and get CSRF Looking at a new Chrome feature and the 2 minute quirk which make it possible to bypass it, also solution to my CSRF challenge.

    Poništi
  11. proslijedio/la je Tweet
    4. sij
    Poništi
  12. proslijedio/la je Tweet
    28. sij

    I always had a hard time finding writeups beacuse they were all over the place in different blog posts, so I made this. If you know of something that is not in there, you are more than welcome to contribute! 🎉

    Poništi
  13. proslijedio/la je Tweet
    28. sij

    This is a summary for what i discussed with in our latest stream about my recon process, that will be easier for you as you might mess some when you watch the video later on. Thanks Ben, what you do for community is dope

    Poništi
  14. proslijedio/la je Tweet
    23. sij
    Poništi
  15. proslijedio/la je Tweet
    22. sij

    I also made a video to demonstrate the CANHack toolkit on real hardware attacking a CAN bus with the five different attacks:

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    23. sij

    2nd critical of this week. Abuse ouath Sign-up flow: 1) Use phone number instead email in 3rd party to sign-up. 2) Link victim's email to your 3rd party account while singnup on target. 3) Login to vicitim's account using your 3rd party account.

    Poništi
  17. proslijedio/la je Tweet
    20. sij

    Dear , Putting the private key for a CA blessed certificate in firmware is a bad idea. and I found a couple a couple terrible things.

    Poništi
  18. proslijedio/la je Tweet
    20. sij

    Exploiting SQL Injection in Android's Download Provider (CVE-2019-2198) Blind SQL injection in Android's Download Provider will retrieve user cookies of downloaded file website (e.g. Gmail). Patched in November's 2019 Android Security Bulletin. PoC + info:

    Poništi
  19. proslijedio/la je Tweet
    10. sij
    Poništi
  20. proslijedio/la je Tweet
    7. sij

    So my guest blog post for about my recon techniques is finally out. Check it out here-

    Poništi
  21. proslijedio/la je Tweet
    6. sij

    CSRF Bypasses: 1. Check if there is any CSRF token in request, if yes, remove token and send request, is it bypassed? Modify the CSRF token to any other CSRF token, Check if CSRF token is matched with any cookie token, if yes, you can bypass this.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·