Arbaz Hussain

@ArbazKiraak

cat /etc/arbaz | grep -Eir "Information-Security|Machine Learning|Bug-Hunter" 👨‍🏭

Hyderabad, India
medium.com/@arbazhussain
Prikaz prijenosa uživo Prijenos UŽIVO
Vrijeme pridruživanja: lipanj 2015.
165 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @ArbazKiraak

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ArbazKiraak

  1. Prikvačeni tweet
    27. kol 2019.

    LinkDumper TabView:

    67 proslijeđenih tweetova 185 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    4. velj

    by $12,500 USD Read From The File System Access (potencial RCE) on Whatsapp Desktop (electron)

    82 proslijeđena tweeta 227 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    4. velj

    Hackers from Indore and nearby location, there is an IBH regional meet coming up. Organizers: - Appsec & bug bounty hunter - Penetration tester and bug bounty hunter & Signup -

    23 proslijeđena tweeta 73 korisnika označavaju da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    4. velj

    I just published a blog post "Responsible Disclosure: Breaking out of a Sandboxed Editor to perform RCE"

    51 proslijeđeni tweet 104 korisnika označavaju da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    3. velj

    When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.

    19 replies 463 proslijeđena tweeta 1.447 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    4. velj

    When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018)

    11 replies 284 proslijeđena tweeta 964 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    2. velj

    This month I learnt how to analyse the JavaScript of a React Native application while bounty hunting. I wanted to share what I found out with everyone else.

    9 replies 207 proslijeđenih tweetova 564 korisnika označavaju da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    1. velj

    Here is my writeup for Facebook's BountyCon 2020 CTF. Was not able to give much time but enjoyed solving a couple of challenges.🧑‍💻

    57 proslijeđenih tweetova 185 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    30. sij

    I published another blog today. This is a story about an interesting SQL Injection I found. “A Not-So-Blind RCE with SQL Injection” by Prashant Kumar

    136 proslijeđenih tweetova 294 korisnika označavaju da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    29. sij

    We all love Burp suite by , right? Want to send over all the ffuf job matches to Burp? Easy with -replay-proxy ffuf -u -w wordlist.txt -replay-proxy http://127.0.0.1:8080 If you ffuf on remote box, this totally works through ssh tunnels too!

    38 proslijeđenih tweetova 148 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    30. sij

    Don't mince your words, say it as it is. isn't a news channel, it has no relationship with journalism, whatsoever. The channel is criminal.

    30 replies 689 proslijeđenih tweetova 926 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    30. sij

    Some hunters made over €50.000 in bug bounties with this simple trick. 🤑 Thanks for the , !

    12 replies 432 proslijeđena tweeta 1.210 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    29. sij

    -API TIP:26/31- Looking for BOLA (IDOR) in APIs? got 401/403 errors? AuthZ bypass tricks: * Wrap ID with an array {“id”:111} --> {“id”:[111]} * JSON wrap {“id”:111} --> {“id”:{“id”:111}} * Send ID twice URL?id=<LEGIT>&id=<VICTIM> * Send wildcard {"user_id":"*"}

    7 proslijeđenih tweetova 15 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    29. sij

    One more: Find a subdomain such as <grafana>.corp.company.com which points to a external IP example however only accessible inside VPN and such SSRF could be leveraged in that way. You can often find such hosts over SSL. Have exploited such in pasts. Might even be a

    1 reply 28 proslijeđenih tweetova 145 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    28. sij

    So glad to finally be able to release Collaborator++! It adds the ability to view interactions from all contexts, manually poll for interactions on old contexts, and secure your private servers with a pre-shared key!

    5 replies 54 proslijeđena tweeta 99 korisnika označava da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    24. sij
    Odgovor korisnicima

    If the remote target running on Windows OS, it might be possible to leverage this SSRF vulnerability to steal the user/service (running the IIS server) Net-NTLM hash using tool. A good blog post on this topic can be found at

    1 reply 9 proslijeđenih tweetova 19 korisnika označava da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    27. sij

    Did you know that the address '<a@b.com>c@d.com' when given to SES will send an email to a@b.com? this could lead to interesting exploit scenarios with some email parsing libraries/code

    127 proslijeđenih tweetova 343 korisnika označavaju da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    23. sij

    How India's prime minister and his party are endangering the world's biggest democracy. Our cover this week

    1.946 replies 8.520 proslijeđenih tweetova 14.148 korisnika označava da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    23. sij

    Nice, found an older adminer version on a host which allows using "Elasticsearch (beta)" as a source and it turns out, we can abuse this. At least blind ssrf ;)

    11 replies 23 proslijeđena tweeta 115 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    22. sij

    DNS Rebinding attack in one Screenshot. 🙂

    1 reply 204 proslijeđena tweeta 545 korisnika označava da im se sviđa
    Poništi
  21. proslijedio/la je Tweet
    21. sij

    Proud to announce another tool from Team PD. Best part is it can be very easily integrated in your piplines. It's intended to be very flexible and simple. Try it out at

    0:04
    Opensourcing another project from team , Simple and Fast port scanner with handy features to use with another tool in your recon pipeline. Link to project:-
    Prikaži ovu nit
    1 reply 4 proslijeđena tweeta 33 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi

@ArbazKiraak još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·