Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @Xsimpa
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Xsimpa
-
Xsimpa proslijedio/la je Tweet
Another box solved the unintended way: RE. Once I had RCE after dropping an aspx webshell with the Winrar CVE, I used the UsoSvc service to gain SYSTEM and impersonated the Coby user to decrypt the root flag. Great box by
@0xdf_. https://snowscan.io/htb-writeup-re/#HackTheBoxHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
RE just retired from
@hackthebox_eu. As the creator of the box, I tried to bring phishing/macro obfuscation concepts to the initial access. The intended privescs were the WinRar ACE file exploit, and XXE in Ghidra. I'll show two unintended privescs too.https://0xdf.gitlab.io/2020/02/01/htb-re.html …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
AI just retired from HTB. It was a neat theme exploiting an AI / smart home like device using audio to perform an SQL injection. Then I'll use Java Debug to escalate to root.https://0xdf.gitlab.io/2020/01/25/htb-ai.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
#HackTheBox AI video is now online. A really cool "out of band" style of an SQL Injection using "Speech To Text". So you need to Verbally Speak out the injection. Once on the box do a pretty cool privesc via Java Debugging.https://www.youtube.com/watch?v=7n7YRntu3bc …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
Open Wifi Security (Friday evening rant) 1) Yes, at our
@nordic_choice hotels we have open wifi as standard. No Client<->AP encryption (WPA/23), and no captive portal to logon to. Let me first explain some obvious reasons for doing so. (Often disregarded by infosec pros.)Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
Player from
@hackthebox_eu required enumeration and several interesting exploits to slowly build a full shell. Root was a good chance to play with PHP deserialization. There were several alternative paths as well.https://0xdf.gitlab.io/2020/01/18/htb-player.html …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
I had a hard time finding the initial source code file for the launcher page on the Player box but I liked the LFI part using ffmpeg and the PHP deserialization priv esc at the end. https://snowscan.io/htb-writeup-player/ …
#HackTheBoxHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
#HackTheBox Player has been retired. This was a really fun box, discovering the backups on the webserver was surprisingly difficult so I added a new module to GoBuster. The unintended privesc was also super cool.https://www.youtube.com/watch?v=JpzREo7XLOY …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
We have roughly 250 team slots left. To reiterate: No, there's no limit on team size, and no, you don't have to use Metasploit for the challenges. Come play with us!https://blog.rapid7.com/2020/01/15/announcing-the-2020-metasploit-community-ctf/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Xsimpa proslijedio/la je Tweet
Registration for the 2020 Metasploit community CTF is now open. 1,000 teams, four days to find flags, unlimited shells. Play starts January 30. NOTE: Teams only need to register ONE account. Get it: https://blog.rapid7.com/2020/01/15/announcing-the-2020-metasploit-community-ctf/ …
#metasploitctfHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
Sources say Microsoft on Tuesday will fix an extraordinarily scary flaw in all Windows versions, in a core cryptographic component that could be abused to spoof the source of digitally signed software. Apparently DoD & a few others got an advance patch https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/ …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
No wrap-up this week thanks to CTF challenge dev. The
#metasploit-ctf Slack channel is now up; game details and registration should be up later this week.#metasploitctfHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
Let's do the 20k giveaway! Up for grabs: (1) Burp Suite Pro license (5) Udemy PEH course seats Rules: -1 entry per person -Must have retweeted and be a follower on Twitter at the time of the giveaway -Donation of first born child optionalhttps://forms.gle/TjFv7Rk6p4cYu9PP6 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
#HackTheBox Bitlab video is up! A medium level linux box with two ways to root. https://www.youtube.com/watch?v=Fxq6oZ-H-xI ….Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
Howdy, folks. We'll be hosting another community CTF at the end of January. Stay tuned for a registration announcement next week.
#metasploitctfHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
So the thing to remember about MD5 and SHA-1 issues is that SSL certificates that were issued using those hashes are still secure, but new certificates that use them are not.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
#HackTheBox Craft video is now online. A fun linux box that involved pillaging old git commits to find a JWT Token, then doing some source code analysis to exploit a Eval() vulnerability.https://youtu.be/3znkLWakuUAHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
Better late than never! HackTheBox Smasher2 video is now up. I don’t go over the intended method with the dereferencing but still tons of good stuff.https://m.youtube.com/watch?v=ELiicja60jI …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Xsimpa proslijedio/la je Tweet
WE ARE LIVE!
The gates to Elf University are open at https://www.holidayhackchallenge.com
#HolidayHackpic.twitter.com/f9gcjHzxApHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.