Dilawer

@DilawerSec

Independent Security Researcher

Vrijeme pridruživanja: srpanj 2014.

Tweetovi

Blokirali ste korisnika/cu @DilawerSec

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @DilawerSec

  1. Prikvačeni tweet
    31. pro 2019.

    Happy New Year to Everyone - Earn 100,000$ via bugbounty - Buy my own house - 40+ hours a workweek - Read more - Continue Running twice a week

    Poništi
  2. proslijedio/la je Tweet
    prije 11 sati

    When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.

    Poništi
  3. proslijedio/la je Tweet
    1. velj

    I was tired of outdated XSS cheat sheets that don't touch on frameworks, html5, filter bypasses and other important stuff, so I made my own. I hope you find it as useful as I do. :)

    Poništi
  4. proslijedio/la je Tweet
    2. velj

    This month I learnt how to analyse the JavaScript of a React Native application while bounty hunting. I wanted to share what I found out with everyone else.

    Poništi
  5. proslijedio/la je Tweet
    1. velj

    Here is my writeup for Facebook's BountyCon 2020 CTF. Was not able to give much time but enjoyed solving a couple of challenges.🧑‍💻

    Prikaži ovu nit
    Poništi
  6. Poništi
  7. proslijedio/la je Tweet
    31. sij

    Akamai WAF Bypass, worked on a recent program <x onauxclick=a=alert,a(domain)>click

    Poništi
  8. proslijedio/la je Tweet
    31. sij

    Morning everyone! If you're looking for a job, we've got 114 openings around the world in security! Most positions can be remote, but it's up to the hiring manager. Happy hunting!

    Poništi
  9. proslijedio/la je Tweet
    31. sij

    I am glad to announce that is continuing to run a promotion on multiple scope items of our program until February 29th First 35 people to comment their h1 name and retweet get an invite to our private program 🥳 Only shout if you really want to join! 🧐

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    Poništi
  11. proslijedio/la je Tweet
    24. sij

    Create living room polls as a Facebook page analyst



    Poništi
  12. proslijedio/la je Tweet
    30. sij

    Some hunters made over €50.000 in bug bounties with this simple trick. 🤑 Thanks for the , !

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet

    wow i just learned a thing about metasploit by accident that I wish I could go back and teach myself like ten years ago. i could have saved myself a collective year of typing and tab completion.

    Poništi
  14. proslijedio/la je Tweet
    25. sij
    Poništi
  15. proslijedio/la je Tweet
    27. sij

    -API TIP:26/31- Looking for BOLA (IDOR) in APIs? got 401/403 errors? AuthZ bypass tricks: * Wrap ID with an array {“id”:111} --> {“id”:[111]} * JSON wrap {“id”:111} --> {“id”:{“id”:111}} * Send ID twice URL?id=<LEGIT>&id=<VICTIM> * Send wildcard {"user_id":"*"}

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    27. sij

    We've added 11 new XSS labs, with learning materials. There is new content on CSP, dangling markup injection, and escaping the AngularJS sandbox.

    Poništi
  17. proslijedio/la je Tweet
    26. sij

    As I have no cool new findings, lets start the year with an old IE bug - bypassing Content-Disposition: attachment with mhtml:

    Poništi
  18. proslijedio/la je Tweet
    6. sij

    One of the scarier bugs I’ve found: with Microsoft’s go-ahead & after many hours spent, I’m excited to finally publish this writeup and PoC! 👩🏼‍💻

    Poništi
  19. proslijedio/la je Tweet
    10. sij

    Citrix ADC/Netscaler RCE (CVE-2019-19781) 😬

    Poništi
  20. proslijedio/la je Tweet
    24. sij

    Cross-Site Websocket Hijacking bug in Facebook that leads to account takeover By Bounty: $12500

    Poništi
  21. proslijedio/la je Tweet
    22. sij

    Hello hunters ! last year i published my recon map, this year i share with you my checklist ! Feel free to ask questions and make comment to improve it ! and hope you enjoy ;)

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·