奥卡姆剃刀下的蚂蚁世界

@Stonejiajia

Shanghai
Vrijeme pridruživanja: kolovoz 2010.
3 fotografije ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @Stonejiajia

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Stonejiajia

  1. proslijedio/la je Tweet
    26. pro 2019.

    Interactive Guide to Buffer Overflow Exploitation : cc Interactive Beginner's Guide to ROP :

    1 reply 105 proslijeđenih tweetova 306 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    30. lis 2019.

    What do you do when doing blackbox web testing that may be obvious to you but not so obvious to other people?

    11 replies 12 proslijeđenih tweetova 67 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    23. stu 2019.

    JWT Attack Playbook (Primer + all known exploits against JWT + more) :

    77 proslijeđenih tweetova 198 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    5. stu 2019.

    Once you have a list of subdomains your next steps are literally >nmap >content discovery >more content discovery based on that content >googling for specific CVE's based on identifiers >more content discovery >more content discovery >find a bug >repeat

    11 replies 121 proslijeđeni tweet 418 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    12. stu 2019.

    ICYDK I made a slide deck about the basics of PDF structures.

    8 replies 270 proslijeđenih tweetova 1.033 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    14. tra 2019.

    We have a look at another interesting XSS vector due to weird Firefox parsing, and then explore how researchers find this stuff.

    5 replies 217 proslijeđenih tweetova 699 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    13. kol 2019.

    Got RCE or SSRF inside an AWS Lambda function? Request "localhost:9001/2018-06-01/runtime/invocation/next" for the function's event data. Check the HTTP headers returned too!

    7 replies 275 proslijeđenih tweetova 696 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    16. kol 2019.

    If you need to mix Turbo Intruder with other extensions (like Hackvertor or Logger++), simply add "engine=Engine.BURP" to RequestEngine(). Note: the custom HTTP stack is _much_ faster than the default one, so this change will slow down things

    36 proslijeđenih tweetova 122 korisnika označavaju da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    17. kol 2019.

    If CSP policy points to a dir and you use %2f to encode "/", it is still considered to be inside the dir. All browsers seem to agree on that. This leads to a possible bypass, by using "%2f..%2f" if server decodes it, example:

    10 replies 157 proslijeđenih tweetova 417 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    26. kol 2019.

    Note sure why "AWS Signer" by isn't in the BApp Store, but it's sooooo useful when interacting with authenticated AWS endpoints (S3, API Getway, ...). And it supports temporary Cognito creds!

    1 reply 31 proslijeđeni tweet 99 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    27. kol 2019.

    Revealing AWS S3 bucket name: step 1: Find any CDN object URL step 2: append following string to after URL: `?AWSAccessKeyId=[Valid_ACCESS_KEY_ID]&Expires=1766972005&Signature=ccc ` and boom it will reveal the bucket name.

    5 replies 372 proslijeđena tweeta 811 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    26. ruj 2019.

    Testing a Ruby on Rails app? Add .json to the URL and see what happens! 😏 Thanks for the , ! 🙌

    7 replies 92 proslijeđena tweeta 326 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    16. lis 2019.

    Our guy, , had a presentation at OWASP Poland Day about exploiting prototype pollution to RCE on the example of Kibana, by abusing environmental variables in node. The slides are here: We will also release a writeup soon so stay in touch!

    132 proslijeđena tweeta 270 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    2. lis 2019.

    If you're new or been in InfoSec for awhile and you've not read these 2 classic papers, take 15 minutes today and do it. Thank me later.

    6 replies 39 proslijeđenih tweetova 224 korisnika označavaju da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    20. ruj 2019.

    I paid for something, got receipt in PDF, changed a parameter, and got the AWS token... This was a nice reference :)

    Here are the slides from our talk at - "Owning the clout through SSRF and PDF generators". We'll probably write 3 blog posts on a few bug bounty examples soon! Also a big thank you to for being my partner in crime through this research.
    13 proslijeđenih tweetova 66 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    16. ruj 2019.

    [CPR-Zero] We removed the view restriction from the SQLite vulnerabilities affecting iOS \ macOS

    Just presented at DEFCON our innovative technique for exploiting SQLite memory corruptions. Read all about it:
    46 proslijeđenih tweetova 86 korisnika označava da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    9. ruj 2019.

    Time-Based Blind SQL Injection In GraphQL The “sortc” parameter in the endpoint was vulnerable to a SQL injection. 1) Login to the website. 2) Intercept the following request: 3) In the request body, add “OR SLEEP(20)” in sortc

    64 proslijeđena tweeta 198 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    4. ruj 2019.

    Understand, don't memorize. 🧠

    50 replies 1.691 proslijeđeni tweet 6.050 korisnika označava da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    10. kol 2019.

    SELECT code_execution FROM * USING SQLite;

    1 reply 125 proslijeđenih tweetova 362 korisnika označavaju da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    10. kol 2019.

    Whitepaper and slides for our .NET SAML bypass research is now available at server: [WhitePaper] [Slides] [Burp Plugin]

    7 replies 199 proslijeđenih tweetova 413 korisnika označava da im se sviđa
    Poništi

@Stonejiajia još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·