Evan Custodio

@defparam

FPGA in the Cloud Plumber , Hardware Security Imposter 🕵🏻💻 All opinions are my own

Boston, MA
Vrijeme pridruživanja: svibanj 2014.

Tweetovi

Blokirali ste korisnika/cu @defparam

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @defparam

  1. Prikvačeni tweet
    27. sij

    h1passets - I created a tool that will print all your HackerOne private program URLs that are in-scope and eligible for bounty to stdout

    Poništi
  2. 3. velj

    It's mind boggling that in this day a single point of failure can bring down so much

    Poništi
  3. 3. velj

    ugh, the registry? really?

    Poništi
  4. 3. velj

    Great program! Would hack again ;) Also I’ve never seen these stats from the program perspective. Interesting to see that Zomato in January had a ~5% signal to noise ratio

    Poništi
  5. 1. velj

    In January, I submitted 13 vulnerabilities to 8 programs on .

    Poništi
  6. 24. sij
    Poništi
  7. 24. sij

    Hi Updates! Hi Updates! Hi Updates! 😂

    Poništi
  8. proslijedio/la je Tweet
    Poništi
  9. 21. sij

    10 Triaged Crit/P1, 1 Triaged High, 2 Triaged Medium. All of them HTTP Desync bugs in the span of 2 months (The crits being session cookie/token stealing). This bug class is real and needs more attention...

    Poništi
  10. 18. sij

    I did this 2 years ago with all open source tools (verilator/higan/gtkwave), you can find the repo here:

    Prikaži ovu nit
    Poništi
  11. 18. sij

    While retro enthusiasts argue over FPGA vs. Emulator I went the "Why not both?" path and integrated an FPGA RTL simulation model into Higan (cc ). Instead of fighting, both groups can actually help each other move forward to the same goal :)

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    16. sij
    Poništi
  13. proslijedio/la je Tweet
    15. sij
    Prikaži ovu nit
    Poništi
  14. 14. sij

    It's a pleasure working with the security team. and his team rocks.

    Poništi
  15. proslijedio/la je Tweet
    12. sij

    Just posted Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2. Using a payload containing three different programming languages :)

    Poništi
  16. proslijedio/la je Tweet
    13. sij

    Should we talk about the Citrix RCE? 👀👀👀 and I made a video: Enumerating, Analyzing, and Exploiting The Citrix ADC Remote Command Execution - CVE-2019-19781. It's already demonetized by YouTube so enjoy! 😂

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet

    Diego, a tortoise who is more than 100 years old, displayed such an exceptional sex drive that he’s credited with helping save his species from extinction. Now, with the future secured, he gets to retire.

    Poništi
  18. proslijedio/la je Tweet
    10. sij

    Kernighan’s law: “Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.” Dedicated to ever-increasing python features that help people write one-liners

    Poništi
  19. proslijedio/la je Tweet
    8. sij
    Poništi
  20. 4. sij

    An HTTP Request Smuggling CL.TE bug lets you redirect a victim connection to a forged endpoint with GET parameters. FYI you can execute a forged graphql query this way on the victim by using: GET /graphql?query=<query>

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·