ahpaleus

@ahpaleus

Juggling with computer atoms {}. just infosec/penetration testing/bjj.

Vrijeme pridruživanja: veljača 2018.

Tweetovi

Blokirali ste korisnika/cu @ahpaleus

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ahpaleus

  1. proslijedio/la je Tweet
    30. sij

    I found this article to be excellent. From building Windbg Tooling to working exploits. Its a dense and rich read. Really well done. I thought. Introduction to SpiderMonkey exploitation.

    Poništi
  2. proslijedio/la je Tweet
    19. sij

    What a start of the year. We have finished at 5th position in Teaser 2020! 😻🦈

    Poništi
  3. proslijedio/la je Tweet
    16. sij

    After a lot of work and some crypto-related delays, I couldn't be more proud to publish 's and mine latest research - The complete overview of CET internals on Windows (so far!):

    Poništi
  4. proslijedio/la je Tweet
    14. sij

    I'm excited to share my post about discovering & exploiting multiple critical vulnerabilities in Cisco's DCNM. Busting Cisco's Beans :: Hardcoding Your Way to Hell PoC exploit code:

    Poništi
  5. proslijedio/la je Tweet
    10. sij

    If you are interested in cryptography this free book is a must-read.

    Poništi
  6. proslijedio/la je Tweet
    7. sij

    Here is the first post of my planned fuzzing (file parsers) series: As promised it is foundation level and mainly targeted to people starting with fuzzing. The next post will continue from it and will cover my approach to collecting files for mutating.

    Poništi
  7. proslijedio/la je Tweet
    27. pro 2019.
    Poništi
  8. proslijedio/la je Tweet
    2. sij

    Public the exploit code for cve-2019-8038 and cve-2019-8039. Two UAF bug in Adobe reader DC. It could pop a calc after disable ASLR. More details will be described after my final exam....

    Poništi
  9. proslijedio/la je Tweet
    27. pro 2019.

    My "simple" XSS challenge is over! Once again congratz to and for solving it! But also to everyone else that tried their best. Have you found all 11 vulnerabilities? 💪

    Poništi
  10. proslijedio/la je Tweet
    21. pro 2019.

    New writeup, one of my favorite bugs 🤠 - Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty Featuring...

    Poništi
  11. proslijedio/la je Tweet
    10. pro 2019.

    If you're a hiring manager in infosec, here's your 2020 goal : hire at least 1 person with no experience in infosec at all. Let them challenge everything. Every damn thing.

    Poništi
  12. proslijedio/la je Tweet
    7. pro 2019.

    Using request smuggling to increase the severity of an otherwise-harmless IDOR, by

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    6. pro 2019.

    Just in case someone wonders: bcrypt.

    Poništi
  14. proslijedio/la je Tweet
    6. pro 2019.

    Hey! We are organizing justCTF just before the end of the year. Are you ready to compete for big prizes? 🙀 If the answer is YES - RT! Thanks to and for sponsoring the event! 🐱🐟

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    6. pro 2019.

    Here is an exploit chain I wrote for Firefox that gets RCE via CVE-2019-9810 and escape the sandbox with CVE-2019-11708/CVE-2019-9810. Once compromised, it drops a payload and injects privileged JS code in already/newly created tabs.

    Poništi
  16. proslijedio/la je Tweet

    This turned out to be a real vulnerability! 😮 The certificate was issued by , who are now required to revoke it. It was issued before mandatory CT, so didn't show up in . See for context.

    Poništi
  17. proslijedio/la je Tweet
    30. stu 2019.

    Here is a recent writeup that I did. It's not as indepth as I want. I'll write a definitive guide for hunting these bugs starting with 0 knowledge when I'm home in a few weeks. I'll also upload all my pocs to github, including recent bugs. I'm pissed. Bye

    Poništi
  18. 28. stu 2019.
    Poništi
  19. proslijedio/la je Tweet
    4. tra 2018.
    Odgovor korisniku/ci

    Coolest thing I did on a real server was turning a JSONP endpoint into XSS: _header('Content-Type','text/html') Given the right misconfiguration, you could probably upload a profile pic with embedded tags and have it come back as text/html.

    Poništi
  20. proslijedio/la je Tweet
    21. stu 2019.

    Here we go! Paper review time!

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·