Michael Sheff

@alda0r

h1/aldaor

Vrijeme pridruživanja: rujan 2012.

Tweetovi

Blokirali ste korisnika/cu @alda0r

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @alda0r

  1. proslijedio/la je Tweet

    1/ The 31st HTB box I solve in preparation for the OSCP. Initial Foothold - verbose error message + blind SQLi + PHP type juggling vulnerability + lack of input validation on upload functionality + cleartext creds + reuse of creds

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    2. velj

    WooT! There is always a way. New short write up! Chain the bugs till you get what you want. Some steps were not mentionned. RT, Like and Comments are appreciated. For any pentest work DM me:) 🎉🎉

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    2. velj

    SQL Injection Payload List by Password Cracking Is Easy: Here’s How to Do It by in API Security Testing(Part 1) by Saumya Prakash Rana

    Poništi
  4. Poništi
  5. proslijedio/la je Tweet
    Poništi
  6. proslijedio/la je Tweet
    28. sij
    Odgovor korisnicima i sljedećem broju korisnika:

    Thoughts: - try specifying the port to see if 80 still responds to SSL traffic - see if you can find validation issues, e.g. https://x<new line>http://localhost - leverage a redirect to downgrade - try redirecting to file://, |ls, or gopher:// - inject headers for cache poisoning

    Poništi
  7. proslijedio/la je Tweet
    22. stu 2019.

    I just published Hacking SAML

    Poništi
  8. proslijedio/la je Tweet
    28. sij

    I always had a hard time finding writeups beacuse they were all over the place in different blog posts, so I made this. If you know of something that is not in there, you are more than welcome to contribute! 🎉

    Poništi
  9. proslijedio/la je Tweet
    28. sij

    This is a summary for what i discussed with in our latest stream about my recon process, that will be easier for you as you might mess some when you watch the video later on. Thanks Ben, what you do for community is dope

    Poništi
  10. proslijedio/la je Tweet
    28. sij
    Odgovor korisniku/ci

    Tried to save an ID once, that didn't exist, with value 99999999999. MYSQL could only store highest integer value of 2147483647. It inserted the new model with the highest possible primary key. Locked table for further insertions. Brought down whole backend for new registrations.

    Poništi
  11. proslijedio/la je Tweet
    29. sij

    [BUG BOUNTY WRITE-UPS] Cross-Site Websocket Hijacking bug in Facebook that leads to account takeover hijack the Websocket connection of a Facebook user who is using the new Facebook platform (name REDECATED)

    Ovo je potencijalno osjetljiv multimedijski sadržaj. Saznajte više
    Poništi
  12. proslijedio/la je Tweet
    30. sij

    Episode #2 - We sit down with to talk about how to be successful in bug bounty, live events, music and creativity and of course, how to reach cosmic brain level 10. Listen on

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    30. sij

    Web Application Penetration Testing Cheat Sheet Cross-site Request Forgery SQL injection Cross-site Scripting Offline Password Cracking Remote File Inclusion Local File Inclusion Open Redirection OS Command Injection XML External Entities Vul Scanning

    Poništi
  14. proslijedio/la je Tweet
    29. stu 2019.

    Finally took the time to do a write up! Wrote up my first RCE (was also my first critical at that time): There’s some shout-outs in this post to:

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    30. sij

    Some hunters made over €50.000 in bug bounties with this simple trick. 🤑 Thanks for the , !

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    8. lis 2018.

    If you ever get access to a jenkins server, you can decrypt stored credentials via the script console using println(hudson.util.Secret.decrypt("{XXX=}"))

    Poništi
  17. proslijedio/la je Tweet
    10. stu 2018.

    Hi, I just published "Understanding XXE from basic to Blind".

    Poništi
  18. proslijedio/la je Tweet
    20. stu 2018.
    Poništi
  19. proslijedio/la je Tweet
    11. stu 2018.

    So, on August I've found clickjacking on google worth 7,500$ , This is the write up : Thanks to all of the community who teach me a lot for finding a bug. Specially for indonesia bug hunter community. 🙏

    Poništi
  20. proslijedio/la je Tweet
    11. pro 2018.
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·