Xentropy

@SamuelAnttila

I write infosec articles & tools. Pentester and security researcher . Antivirus escape artist & Top 10 @ HackTheBox. He/Him.

Disjointed Kingdom of Brexitia
Vrijeme pridruživanja: travanj 2010.

Tweetovi

Blokirali ste korisnika/cu @SamuelAnttila

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @SamuelAnttila

  1. Prikvačeni tweet
    6. sij

    Protip: Use ffuf/wfuzz to look for public S3 buckets rather than s3recon or bucket finder. I went from 5-10 tests per second to almost 300. Just check for status code 200.

    Poništi
  2. prije 23 sata

    Interesting Facebook company open redirect: <put anything here>?href=<any url> e.g. Already reported but they showed no interest in it, so full disclosure it is.

    Poništi
  3. proslijedio/la je Tweet
    2. sij

    lsassy 1.0.0 is finally out ! 🔸 Remotely dump **with built-in Windows tools only**, procdump is no longer necessary 🔸 Remotely parse lsass dumps to extract credentials 🔸 Link to to detect compromised users with path to Domain Admin

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    29. sij

    ffuf 1.0 released! phew, this is a big one. Feature highlights in this thread Huge thanks for all the contributors, and special thanks to for pulling off a feature bounty and for fulfilling it in a record time (and contributing said bounty to charity).

    Prikaži ovu nit
    Poništi
  5. 1. velj

    I was tired of outdated XSS cheat sheets that don't touch on frameworks, html5, filter bypasses and other important stuff, so I made my own. I hope you find it as useful as I do. :)

    Poništi
  6. proslijedio/la je Tweet
    1. velj

    Attention CTF players (and organizers, CTFd v2.0.0 - v2.2.2 has a serious vulnerability (CVE-2020-7245) in which an attacker could perform account takeover using a leading-trailing on the Registration form. It has been fixed in v2.2.3. Make sure to update!

    Prikaži ovu nit
    Poništi
  7. 1. velj

    Just got my sweet t-shirt and love it. Happy to support such an awesome event when all the money goes to charity. :D

    Poništi
  8. proslijedio/la je Tweet

    Expectation going into InfoSec: Tetris. What InfoSec actually is: IT Jenga.

    Prikaži ovu nit
    Poništi
  9. 30. sij

    Sometimes I can't believe I actually get paid to hack stuff. Best job ever, wtf.

    Poništi
  10. 30. sij

    Love that Twitter trains you to be succinct. Used to word-vomit, now I'm comfortable with only a few words. :D

    Poništi
  11. proslijedio/la je Tweet
    29. sij
    Poništi
  12. proslijedio/la je Tweet
    28. sij

    From the folks that brought you Atomic Red Team, Chain Reactor is a new open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.

    Poništi
  13. 29. sij

    Love that is moving to a default non-root user. Security model makes a lot more sense now.

    Poništi
  14. 29. sij

    More uncommon 0-click XSS vectors: <details open ontoggle="alert()"> (chrome & opera) <video onwaiting=alert() autoplay><source src=x></video> (firefox) <style> x{}</style><a style="animation-name:x" onanimationend=alert()>

    Poništi
  15. proslijedio/la je Tweet

    Fuses and circuit breakers, do you actually know what they do and how they work? It seems that lots of people think a 15A breaker will trip with more than 15A, and it's totally wrong.

    Prikaži ovu nit
    Poništi
  16. 27. sij

    sqlmap can fail! Know how to fingerprint manually with db-unique functions: MySQL - database() MsSQL - db_name() SQLite - sqlite_version() PostgreSQL - current_database() The functions don't exist in other solutions, so if they work you know which one it is!

    Poništi
  17. 27. sij

    Tonic is a vegetable, right?

    Poništi
  18. proslijedio/la je Tweet
    13. svi 2019.

    AD Security Event IDs: Lockouts: 4740 User Logon: 4624 Group Changes: 4728, 4729, 4732, 4733, 4756, 4757, 4761, 4762 Group Creation/Del: 4727, 4730, 4731, 4734, 4759, 4760, 4754, 4758 GP Change: 5136, 5137, 5141 Log Clear: 1102, 104

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    25. sij

    Built up a little C2 + agent using Discord to communicate between the two. Really happy with this, turns out Discord is useful for something 🖖

    Poništi
  20. proslijedio/la je Tweet
    26. sij

    Looks like there's been a at SuperCasino and other affiliate sites too

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·