Medijski sadržaj
- Tweetovi
- Tweetovi i odgovori
- Medijski sadržaj, trenutna stranica.
-
This is with the same settings as you, targeting /robots.txt:pic.twitter.com/tHh6WS1MgT
-
The definitive recording of HTTP Desync Attacks is now live, courtesy of
@DEFCON!https://youtu.be/w-eJM2Pc0KI -
I previously posted that the links to Medium from
@Alra3ees go via a redirect to hxxps://rsci.app.link/ which intermittently demands people's phone numbers. It was a mistake to tag@Alra3ees - turns out the root cause of this horrifying behaviour is Medium's official iOS app!pic.twitter.com/RQqPFFqruV
-
HTTP Desync Attacks is now out on YouTube, courtesy of
@Ministraitor and@BSidesMCRhttps://www.youtube.com/watch?v=-y82LadA7N4 …Prikaži ovu nit -
Backslash Powered Scanner can now detect proxy subfolder escapes using
@orange_8361's path normalization research from last year - just enable 'experimental folder attacks'.pic.twitter.com/Lxeb2qW1LP
-
It already does. If you're not seeing interactions, it's probably because the client is trying to connect over HTTPS and the certificate won't be valid. You should still get a DNS interaction though.pic.twitter.com/vqPrGkigjQ
-
While reading this top notch report in 2012, I really didn't expect it'd still be trivial to exploit Firefox in 2019... https://xn--80aa0cbo65f.com/раураӏ.com https://unicode.org/reports/tr36/ pic.twitter.com/Fipq5o3LHt
-
After a wild few months of research, I've just submitted to
#BHUSA! I can't do this research justice with words, so here's a screenshot:pic.twitter.com/JxKHVPAtof
-
ActiveScan++ should now detect the Ruby on Rails file disclosure (CVE-2019-5418). Have a good weekend. https://github.com/albinowax/ActiveScanPlusPlus/blob/763cd0b62609f600d1d3c16a7da424a77ae6bac2/activeScan%2B%2B.py#L187-L199 … https://github.com/mpgn/CVE-2019-5418 …pic.twitter.com/g7WVR6LXjp
-
With Turbo Intruder 1.0.4 you can now selectively import findings into the sitemap, and save attacks as scan-issues. Fully automated Burp integration is possible from within scripts: https://github.com/PortSwigger/turbo-intruder/blob/master/resources/examples/burpIntegration.py … Also, it's very slightly faster :)pic.twitter.com/PgxtmqdRVB
-
Here's how to perform a multi-host vhost guessing attack with Turbo Intruder's speed & diffing logic: https://github.com/PortSwigger/turbo-intruder/blob/master/resources/examples/multiHost.py … cc
@nnwakelampic.twitter.com/Nqc8XZVxyl
-
Nice find! Looks like inline comments work too. RIP WAFspic.twitter.com/iSUtgAi1Uz
-
Just about prepped for my Turbo Intruder stream. Watch it live here - kickoff in two hours: https://youtu.be/OaYYSifVqxI pic.twitter.com/SPfSQMISVU
-
Here's a teaser screenshot from my upcoming
@bugcrowd LevelUp presentation on Turbo Intruder. Watch it streamed live this Saturday at 1300 PT https://skeletonscribe.net/ pic.twitter.com/tPL4AgN6eV
-
Good news for people on small screens - Param Miner's config window now conforms to society's monitor-orientation ideals.pic.twitter.com/ycBqo8d5eh
-
Hi
@acunetix, are you really sending a direct copy+paste of the blind XSS payload@garethheyes developed for@Burp_Suite?pic.twitter.com/1OH0rfTwq5
Prikaži ovu nit -
Unsure if a response is being cached? If it has a Set-Cookie header, request it twice and see if the header disappears in the second response.pic.twitter.com/NCl61QiY4O
-
The key new feature in today's Param Miner update is 'fuzz detect' which appends <a`'"${{\ to input values to try and detect better-hidden params. It's disabled by default because such headers upset various systems including a certain well known social network.pic.twitter.com/fUpDmmI6SY
-
Hahaha of course this server supports a HTTP header called 'GDPR'.pic.twitter.com/EiGUeOPFBV
-
Neat, the official
#BHUSA recording of Practical Web Cache Poisoning is now onlinehttps://www.youtube.com/watch?v=j2RrmNxJZ5c …
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.