Ron Reshef

@_Ronr_

Hacker, Full time dreamer

Israel
Vrijeme pridruživanja: kolovoz 2016.

Tweetovi

Blokirali ste korisnika/cu @_Ronr_

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @_Ronr_

  1. Prikvačeni tweet
    29. lis 2019.

    Yay, I was awarded a $300 bounty on ! For access to staff discussions

    Poništi
  2. proslijedio/la je Tweet
    prije 38 minuta

    When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.

    Poništi
  3. proslijedio/la je Tweet
    2. velj

    WooT! There is always a way. New short write up! Chain the bugs till you get what you want. Some steps were not mentionned. RT, Like and Comments are appreciated. For any pentest work DM me:) 🎉🎉

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    1. velj

    I just got a fancy idea to create strings in without using dangerous characters 😃 Inspired by challenge from .

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    30. sij

    I published another blog today. This is a story about an interesting SQL Injection I found. “A Not-So-Blind RCE with SQL Injection” by Prashant Kumar

    Poništi
  6. proslijedio/la je Tweet
    30. sij

    Some hunters made over €50.000 in bug bounties with this simple trick. 🤑 Thanks for the , !

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    22. sij

    New blog post: A Less Known Attack Vector, Second Order IDOR Attacks

    Poništi
  8. proslijedio/la je Tweet
    22. sij

    DNS Rebinding attack in one Screenshot. 🙂

    Poništi
  9. proslijedio/la je Tweet
    22. sij
    Poništi
  10. proslijedio/la je Tweet
    14. sij

    It's 2020. How are we still getting *doors* wrong?

    Poništi
  11. proslijedio/la je Tweet
    13. sij

    A customized SharpLocker / fake login screen fools even the best sysadmin - did you lock your screen when you went for coffee ? ( )

    Poništi
  12. proslijedio/la je Tweet
    12. sij

    Into web exploitation? Want to move into OS exploitation? Do what I'm doing: Look at vulnerable URI schemes. Many windows apps can be opened using things like bingmaps://abc If you can inject params to get RCE, put it iframe embedded on a page and it's instant RCE on visitors.

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    12. sij

    If example[.]com points to IP 1.2.3.4 and redirect to www[.]example[.]com but www[.]example[.]com doesn't point to anything (No A, AAAA, CNAME), try submitting your HTTP request to http://1.2.3.4/ with a "HOST: www[.]example[.]com" header.

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    11. sij

    Follow this step-by-step guide to properly test for … Like a ! by

    Poništi
  15. proslijedio/la je Tweet
    10. sij

    I'm releasing ghidra scripts that I made for pwn and reversing tasks, starting with this set of scripts to replace linux/libc magic numbers with readable names for aarch64, amd64/i386, arm/thumb, hppa, m68k, mips, ppc, ppc64, sh, sh4, sparc and sparc64.

    Poništi
  16. proslijedio/la je Tweet
    9. sij

    I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage:

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    9. sij

    This also works for other embedded services (vimeo, dailymotion, twitter, facebook...)! Thanks for the , @̶L̶i̶v̶e̶O̶v̶e̶r̶f̶l̶o̶w̶ !

    Poništi
  18. proslijedio/la je Tweet
    8. sij
    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    8. sij
    Poništi
  20. proslijedio/la je Tweet
    5. sij

    الحمد لله My 2020 Start with SSRF on Here is an Amazing thing i wish to share to Noobs like me.

    Poništi
  21. proslijedio/la je Tweet
    6. sij

    My first bug bounty writeup. It was a bit inexperienced but I wanted to share :)

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·