Karim Shoair

@D4Vinci1

A hacker, high&low-level coder and a lot of things between. Author of , , , , , etc.

~
goo.gl/NhEQRz
Vrijeme pridruživanja: rujan 2016.
37 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @D4Vinci1

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @D4Vinci1

  1. Prikvačeni tweet
    22. lip 2019.

    Happy to announce the release of version 2. One-lin3r now got a rewrote with a lot of new features like installing it from PyPI, copying the liner automatically, variables and more. Also, it now has 155 liners instead of 33 liners. Check it out:

    1 reply 6 proslijeđenih tweetova 25 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    30. sij

    My new report about (Facebook page admin disclosure)

    12 proslijeđenih tweetova 49 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    2. velj

    Reflected XSS

    1 reply 165 proslijeđenih tweetova 400 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    28. sij

    Hacker tip: when you’re looking for IDORs in a model that references another model, try storing IDs that don’t exists yet. I’ve seen a number of times now that, because the model can’t be found, the system will save the ID. (1/2)

    5 replies 89 proslijeđenih tweetova 364 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    27. sij

    Did you know that the address '<a@b.com>c@d.com' when given to SES will send an email to a@b.com? this could lead to interesting exploit scenarios with some email parsing libraries/code

    127 proslijeđenih tweetova 343 korisnika označavaju da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    25. sij

    time: combine Arjun from with BurpIntuder to bruteforce parameter values. I once got "?debug" as a valid parameter and got "on" as a good value which disclosed juicy information helping me chain bugs to a P1. Final: "?debug=on" RT & L

    69 proslijeđenih tweetova 245 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    24. sij

    Cross-Site Websocket Hijacking bug in Facebook that leads to account takeover

    92 proslijeđena tweeta 238 korisnika označava da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    21. sij

    time: when you see a POST request made with JSON, convert this to XML and test for XXE. You can use "Content-type converter" extension on to do achieve this! RT and Follow, book coming!

    7 replies 266 proslijeđenih tweetova 694 korisnika označavaju da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    22. sij

    time: I've got a RCE by using this tip: while testing for malicious file uploads, if .php extension is blacklisted you can try .PhP , .php5 and .php3 Sometime this fools the backend and you get shell! RTs & comments are appreciated. Follow

    12 replies 112 proslijeđenih tweetova 468 korisnika označava da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    18. sij

    Figuring out source of a file 👀 For example, If you download an image from Reddit, it will be saved as [a-z0-9]{13}.jpg Below is a list of such schemes that I made under 15 minutes: It's kinda useless but it's 5 AM and I just had to tweet it 👀

    7 replies 74 proslijeđena tweeta 351 korisnik označava da mu se sviđa
    Poništi
  11. proslijedio/la je Tweet
    19. sij

    Excellent write up of the Remote Desktop Protocol (RDP) Gateway vulnerabilities Microsoft patched this week. If you have this in your environment, especially Internet facing, patch now. Previous called Terminal Services. CVE-2020-0609 CVE-2020-0610

    1 reply 13 proslijeđenih tweetova 26 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    20. sij

    Time for a new tip! When I sign up to a website/newsletter/reset password, I look at the website which hosts the logo/image in the email I receive. This led me multiple time to insecure AWS S3 buckets and scope expansion.

    150 proslijeđenih tweetova 534 korisnika označavaju da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    16. sij

    So you believe UUID's are a sufficient protection against IDOR's? Think again! 🤦 Thanks for the ,

    8 replies 172 proslijeđena tweeta 584 korisnika označavaju da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    15. sij

    Ghidra Script that sets the names for missing function names by looking for relevant patterns in the binary! Hope that will help you too :)

    130 proslijeđenih tweetova 407 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    13. sij

    Some dude who works at $localSecurityCompany just lectured me on bus opsec because he could tell by the labels on my laptop I was a hacker. My dude... it's when you see me with a BLANK computer you need to be suspect. Bad guys don't come with warning labels.

    66 replies 261 proslijeđeni tweet 2.468 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    13. sij

    My great friend Ahmed Khlief wrote an article about recreating MuddyC3 that used before by MuddyWater Iranian APT group. The article is a great opportunity for both red teamers and blue teamers to understand more about how the threat groups acting!

    30 proslijeđenih tweetova 61 korisnik označava da mu se sviđa
    Poništi
  17. proslijedio/la je Tweet
    13. sij

    I just released some of my PoCs! IDOR: Stored XSS: Stored XSS: RXSS: RXSS: RXSS: RXSS:

    11 replies 333 proslijeđena tweeta 717 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    10. sij

    I just published "Hunting Good Bugs with only <HTML>" I hope you enjoy this post!

    40 replies 257 proslijeđenih tweetova 669 korisnika označava da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    6. sij

    One of the scarier bugs I’ve found: with Microsoft’s go-ahead & after many hours spent, I’m excited to finally publish this writeup and PoC! 👩🏼‍💻

    217 proslijeđenih tweetova 655 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    5. sij

    A while back I made a Discord server, but got tied up with real life stuff and couldn't put in the time to moderate it. When I came back it had gotten super toxic, but the toxic members were also smart and extremely active. 1/?

    25 replies 1.225 proslijeđenih tweetova 3.753 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    5. sij

    Resources-for-Beginner-Bug-Bounty-Hunters : A list of resources for those interested in getting started in bug bounties cc

    5 replies 188 proslijeđenih tweetova 497 korisnika označava da im se sviđa
    Poništi

@D4Vinci1 još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·