MrR3boot

@MrR3boot

Security Engineer | MrR3boot @ HackTheBox

India
hackthebox.eu/profile/13531
Vrijeme pridruživanja: kolovoz 2013.

Tweetovi

Blokirali ste korisnika/cu @MrR3boot

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @MrR3boot

  1. proslijedio/la je Tweet
    prije 23 sata

    CVE-2019-18426  
From Persistent-XSS in Whatsapp to Reading from the File System on Mac/Windows with a potential for RCE

Bounty: $12,500




    132 proslijeđena tweeta 324 korisnika označavaju da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    9 replies 196 proslijeđenih tweetova 395 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    25. sij

    One more writeup for AI from is up: That SQL injection using text-to-speech gave me a hard time.

    5 replies 13 proslijeđenih tweetova 62 korisnika označavaju da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    25. sij

    AI video is now online. A really cool "out of band" style of an SQL Injection using "Speech To Text". So you need to Verbally Speak out the injection. Once on the box do a pretty cool privesc via Java Debugging.

    69 proslijeđenih tweetova 375 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    25. sij

    AI just retired from HTB. It was a neat theme exploiting an AI / smart home like device using audio to perform an SQL injection. Then I'll use Java Debug to escalate to root.

    11 proslijeđenih tweetova 66 korisnika označava da im se sviđa
    Poništi
  6. 25. sij

    AI retired today from and here is my official walkthrough of it

    4 korisnika označavaju da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    24. sij

    Cross-Site Websocket Hijacking bug in Facebook that leads to account takeover By Bounty: $12500

    73 proslijeđena tweeta 217 korisnika označava da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    22. sij

    Here is the link to the SpecterOps Adversary Tactics: PowerShell course material: Enjoy! For information about our current training offerings, information can be found here: (4/4)

    20 replies 533 proslijeđena tweeta 952 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    18. sij

    What an amazing challenge from !! My write-up on Player is online. On the menu: a lot of enumeration, JWT token crafting, some slick FFMpeg exploit, a restricted shell bypass, a Codiad exploit and a PHP Object Injection!

    1 proslijeđeni tweet 3 korisnika označavaju da im se sviđa
    Poništi
  10. 18. sij

    Here is my official walkthrough of Player

    1 reply 4 proslijeđena tweeta 18 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    18. sij

    Player from required enumeration and several interesting exploits to slowly build a full shell. Root was a good chance to play with PHP deserialization. There were several alternative paths as well.

    5 replies 19 proslijeđenih tweetova 80 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    18. sij

    I had a hard time finding the initial source code file for the launcher page on the Player box but I liked the LFI part using ffmpeg and the PHP deserialization priv esc at the end.

    7 proslijeđenih tweetova 52 korisnika označavaju da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    10. sij

    PlayerTwo!

    Dear Community! Time to say goodbye to an amazing 2019, thank you for making it amazing 💚 The BEST is yet to come... Comment below your favorite Machine of 2019 🔥
    1 proslijeđeni tweet 1 korisnik označava da mu se sviđa
    Poništi
  14. 12. sij

    MrR3boot owned root on Monteverde ! via As usual great content from . Thanks for it. User is trivial but root part taught me very good lesson about Azure AD concepts. Keep them coming.

    1 reply 12 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    9. sij

    Have reproduced Citrix SSL VPN pre-auth RCE successfully on both local and remote. Interesting bug!

    10 replies 309 proslijeđenih tweetova 708 korisnika označava da im se sviđa
    Poništi
  16. 7. sij

    Learned a ton solving this challenge. Definitely the best SQLi i solved till date.

    2 proslijeđena tweeta 8 korisnika označava da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    6. sij

    Protip: Use ffuf/wfuzz to look for public S3 buckets rather than s3recon or bucket finder. I went from 5-10 tests per second to almost 300. Just check for status code 200.

    18 proslijeđenih tweetova 58 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    4. sij

    Introducing MemLabs - Educational, CTF-styled labs for individuals interested in Memory Forensics, is now released. Link: Author:

    289 proslijeđenih tweetova 562 korisnika označavaju da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    5. sij

    A Red Teamer's guide to

    1 reply 28 proslijeđenih tweetova 60 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    4. sij
    Odgovor korisnicima i sljedećem broju korisnika:

    use this burp extension

    1 reply 3 proslijeđena tweeta 15 korisnika označava da im se sviđa
    Poništi

@MrR3boot još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·