Venkatesh Sivakumar

@PranavVenkatS

Ethical Hacker | Web Application Penetration Tester | Security Researcher. All views are my own.

Vrijeme pridruživanja: listopad 2011.

Tweetovi

Blokirali ste korisnika/cu @PranavVenkatS

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @PranavVenkatS

  1. Prikvačeni tweet

    Found a command injection bug in Google,Got a reward of 6000$ !,This bug will be featured in by

    Poništi
  2. proslijedio/la je Tweet
    prije 2 sata

    When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018)

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    prije 11 sati

    Hey bug hunters! Want a look at some of the top vulnerabilities ever found on ? They just released the last blog post I wrote before leaving. Enjoy!

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    17. sij

    Brasil é outro nível

    Poništi
  5. proslijedio/la je Tweet
    3. velj

    I was asked: "What advice would you give an ambitious and talented young person today?" I would say create some space for yourself, space in the physical and metaphorical sense. Space is the room to make mistakes and recover. Space is the "runway" in startup terminology.

    Poništi
  6. proslijedio/la je Tweet
    2. velj

    SQL Injection Payload List by Password Cracking Is Easy: Here’s How to Do It by in API Security Testing(Part 1) by Saumya Prakash Rana

    Poništi
  7. proslijedio/la je Tweet
    1. velj

    Here is my massive lib db (for ctfs/wargames/blind pwns etc.). It consists of thousands of libs across over a dozen Linux distributions and architectures spanning the last 20 years. It indexes symbols & gadgets (including one gadgets AKA magic gadgets).

    Poništi
  8. proslijedio/la je Tweet
    1. velj

    I was tired of outdated XSS cheat sheets that don't touch on frameworks, html5, filter bypasses and other important stuff, so I made my own. I hope you find it as useful as I do. :)

    Poništi
  9. proslijedio/la je Tweet
    2. velj

    This month I learnt how to analyse the JavaScript of a React Native application while bounty hunting. I wanted to share what I found out with everyone else.

    Poništi
  10. proslijedio/la je Tweet
    31. sij

    The 30th HTB box I solve in preparation for the OSCP. Initial Foothold - XXE injection + lack of input validation on user supplied input into the pickle serialization library. Privilege Escalation - Root RSA private key in git history.

    Poništi
  11. proslijedio/la je Tweet
    31. sij

    Akamai WAF Bypass, worked on a recent program <x onauxclick=a=alert,a(domain)>click

    Poništi
  12. proslijedio/la je Tweet
    31. sij
    Poništi
  13. proslijedio/la je Tweet
    31. sij

    Call to security researchers, bug bounty hunters, and security enthusiasts. Bharti Airtel is organizing an invite-only bug bounty event. Please follow the below link for registration.

    Poništi
  14. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    Poništi
  15. proslijedio/la je Tweet

    2019 has been a record-breaking year on lots of fronts - thanks to you all! Keep up your awesome discoveries.

    Poništi
  16. proslijedio/la je Tweet
    30. sij

    Some hunters made over €50.000 in bug bounties with this simple trick. 🤑 Thanks for the , !

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    29. sij

    I took my 8-year-old to the office on Take Your Child to Work Day. As we were walking around, she starting crying & getting very cranky, so I asked her what was wrong. As my coworkers gathered round, she sobbed, 'Daddy, where are all the clowns that you said you worked with?' 🤣

    Poništi
  18. proslijedio/la je Tweet
    28. sij

    Some Lateral Movement Methods: -Pass the Hash/Relay ((Net-)NTLM) -Pass the Ticket (Silver/Golden) -RDP (Legit creds) -Remote Services (VNC/SSH) -(D)COM (Remote sched tasks, Services, WMI) -Remote Service Vuln (EB) -Admin Shares (PSExec) -Webshell (Chopper) -WinRM (PS Remoting)

    Poništi
  19. proslijedio/la je Tweet
    28. sij

    I always had a hard time finding writeups beacuse they were all over the place in different blog posts, so I made this. If you know of something that is not in there, you are more than welcome to contribute! 🎉

    Poništi
  20. proslijedio/la je Tweet
    28. sij

    [Educational] One of the best blog posts that I ever read about going from 0 to unauth RCE in f**king Mikrotik OS step by step:

    Prikaži ovu nit
    Poništi
  21. Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·