Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @HafidAitChikh
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @HafidAitChikh
-
Abdel Hafid Ait Chikh proslijedio/la je Tweet
WooT! There is always a way. New
#bugbounty#pentest short write up! Chain the bugs till you get what you want.#bugbountytip#bugbountytips#hacking Some steps were not mentionned. RT, Like and Comments are appreciated. For any pentest work DM me:)
pic.twitter.com/nlAv4pMPhx
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Abdel Hafid Ait Chikh proslijedio/la je Tweet
@ngalongc,@EdOverflow, and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover. https://blog.reconless.com/samesite-by-default/ …pic.twitter.com/5R23YmpksT
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Abdel Hafid Ait Chikh proslijedio/la je Tweet
This is a summary for what i discussed with
@NahamSec in our latest#twitch stream about my recon process, that will be easier for you as you might mess some when you watch the video later on. https://pastebin.com/dyNMPAAJ Thanks Ben, what you do for community is dope#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Abdel Hafid Ait Chikh proslijedio/la je Tweet
Did you find the
#SSRF, but http://169.254.169.254/ is blacklisted?#protip try http://0xA9FEA9FE/, http://0251.0376.0251.0376/ or get more examples from@agarri_fr talkhttps://www.youtube.com/watch?v=TrBUrVDlc20&feature=youtu.be&t=27m55s …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Abdel Hafid Ait Chikh proslijedio/la je Tweet
I always had a hard time finding
@GoogleVRP writeups beacuse they were all over the place in different blog posts, so I made this. If you know of something that is not in there, you are more than welcome to contribute!
#BugBonty#infosec#GoogleVRPhttps://github.com/xdavidhu/awesome-google-vrp-writeups …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Abdel Hafid Ait Chikh proslijedio/la je Tweet
Here is how i made
$XXXX with my first bug in instagram.#ethicalhacking#bugbounty#facebook#Instagram#Infosec#securityhttps://medium.com/nassec-cybersecurity-writeups/this-is-how-i-got-xxxx-from-facebook-for-instagram-bug-aaff50342246 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Abdel Hafid Ait Chikh proslijedio/la je Tweet
Hello hunters ! last year i published my recon map, this year i share with you my
#bugbounty checklist ! Feel free to ask questions and make comment to improve it ! and hope you enjoy ;) https://bit.ly/2RBvEVq#bugbountytips#togetherwehitharderpic.twitter.com/1LPF8qf7y0
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Abdel Hafid Ait Chikh proslijedio/la je Tweet
One of the scarier bugs I’ve found: with Microsoft’s go-ahead & after many hours spent, I’m excited to finally publish this writeup and PoC!
https://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Abdel Hafid Ait Chikh proslijedio/la je Tweet
Finally got the approval, Here are multiple Linode's access token stealing/account takeover bugs, I like the second one. Retweet if you like it.
#bugbountyhttps://medium.com/@rootxharsh_90844/abusing-feature-to-steal-your-tokens-f15f78cebf74 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
it's running bounties this morning
الحمد لله.
#BugTip: Stick to one program and test it like no one has tested it before, then keep playing with its features and use your brain to break them. we may have same skills or methodologies but we don't have same brain.@Hacker0x01pic.twitter.com/OzilZowmGy
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Abdel Hafid Ait Chikh proslijedio/la je Tweet
A Tale of Exploitation in Spreadsheet File Conversions - Researching exploitation in headless document conversion in LibreOffice w/
@erbbysam,@Smiegles,@Daeken https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/ …pic.twitter.com/lwPkzfwRy0
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Abdel Hafid Ait Chikh proslijedio/la je Tweet
Just wrote an article about how I found two RCE 0-days (CVE-2019-16662 and CVE-2019-16663) in rConfig network configuration and management software via static code analysis. I didn't expected to find such an easy to spot vulnerabilities in this software.https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Abdel Hafid Ait Chikh proslijedio/la je Tweet
Wrote about an interesting account takeover which I found around a year back.https://medium.com/@akashmethani/how-i-discovered-an-interesting-account-takeover-flaw-18a7fb1e5359?source=---------2------------------ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
What an amazing write-up by
@MattiBijnens Btw This exact class of bug was also discussed in the Web Application Hackers Handbook - Chapter 11 Attacking Application Logic - Example: Asking the Oracle. http://incidentsecurity.com/how-spending-our-saturday-hacking-earned-us-20k/ …#HackWithIntigriti#BugBounty#WriteUp#BugHunterpic.twitter.com/aK3393Wc8k
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I've just received this new great book in the field by
@redteamtraining#redteamopsec#redteam#redteaming#PenetrationTesting#PhysicalPentestingpic.twitter.com/JJp1nwMcCt
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Abdel Hafid Ait Chikh proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Abdel Hafid Ait Chikh proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Abdel Hafid Ait Chikh proslijedio/la je Tweet
Ppl interested to learn about SSRF attacks
1. https://medium.com/bugbountywriteup/server-side-request-forgery-ssrf-testing-b9dfe57cca35 …
2. https://www.shorebreaksecurity.com/blog/ssrfs-up-real-world-server-side-request-forgery-ssrf/ …
3. https://hackerone.com/reports/115748
4. https://www.kernelpicnic.net/2017/05/29/Pivoting-from-blind-SSRF-to-RCE-with-Hashicorp-Consul.html …
5. https://geleta.eu/2019/my-first-ssrf-using-dns-rebinfing/ …
6. https://medium.com/@androgaming1912/gain-adfly-smtp-access-with-ssrf-via-gopher-protocol-26a26d0ec2cb …
7. https://medium.com/@w_hat_boy/server-side-request-forgery-ssrf-port-issue-hidden-approch-f4e67bd8cc86 …
8. https://medium.com/@armaanpathan/pdfreacter-ssrf-to-root-level-local-file-read-which-led-to-rce-eb460ffb3129 …
WriteupsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Abdel Hafid Ait Chikh proslijedio/la je Tweet
sick xxe tricks- https://www.youtube.com/watch?v=eHSNT8vWLfc … Demos java xml processor xxe -> tomcat creds ->xxe file upload via jar:// scheme ->tomcat .war deploy, all via xxe other lessons: - CDATA to exfil more chars - java doesnt http://user:pass@targ, but does ftp://user:pass@targ
#BugBountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Abdel Hafid Ait Chikh proslijedio/la je Tweet
A CVE-2019-19781 is this easy – 1. Traversal to vpns folder, traversal in the NSC_HEADER + http://newbm.pl to write a malicious bookmark to the /netscaler/portal/templates/ folder (1st HTTP request), 2. Passing that template through the Template Toolkit (2nd request)pic.twitter.com/xMHMSixviQ
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
