Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @h3xstream
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @h3xstream
-
Prikvačeni tweet
I have just published the slides for my
@GlobalAppSecDC talk on Find Security Bugs. https://gosecure.github.io/presentations/2019-09-12-appsecglobaldc/OWASP_Find-Security_Bugs.pdf … ~ I will be doing a similar presentation at@SectorCA next month with a different demo and different vulnerabilities.#java#security#DevSecOpspic.twitter.com/UWjqtT5oFK
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
Write-up about my last submission in Facebook: Broken session management leads to bypass 2FA and Permanent access to Facebook user’s https://medium.com/@0xBarakat/broken-session-permanent-access-to-facebook-users-cfed68684113 …
#bugbounty#facebook#CyberSecurity#bughuntingHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
I don’t endorse the vocabulary in this tweet but I’d like to share our side of things and perhaps set the records straight. We never really wanted to (and still don’t want to) discredit Dragos publicly, there is really no point. 1/xhttps://twitter.com/osxreverser/status/1195750979876085766 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
Windows
#UAC isn't a favorite feature, but@HexKitchen details a bug submitted by Eduardo Braun Prado that shows how you can use it to escalate from guest to SYSTEM (includes video)http://bit.ly/2QyFQPJHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
We’ve just published a new blogpost about our journey with exploiting prototype pollution in Kibana to RCE (CVE-2019-7609)https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
Slides from my
#Hacktivity2019 talk, including HTTP smuggling techniques via fake WebSocket connectionhttps://www.slideshare.net/0ang3el/whats-wrong-with-websocket-apis-unveiling-vulnerabilities-in-websocket-apis …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
RubyGems >3.0.5 removed an instance of Kernel#open that is key in this universal gadget payload for Marshal.load https://www.elttam.com.au/blog/ruby-deserialization/ …https://github.com/rubygems/rubygems/pull/2834 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I have just published a project update for
#FindSecurityBugs. I've also opened a channel on OWASP slack for discussion around Java security,#DevSecOps and vulnerability research.
https://app.slack.com/client/T04T40NHX/CN8G79Y6P …https://twitter.com/GoSecure_Inc/status/1184929593549115392 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
XS-Leak: Leaking IDs on cross domain elements https://portswigger.net/research/xs-leak-leaking-ids-using-focus … by
@garethheyesHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
How the combination of a HTML sanitizer bug with a Phar Deserialization lead to remote takeover of Magento <= 2.3.1 shops Read on! https://rips.tech/1uv pic.twitter.com/H3h5H95XXV
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
We are proud to launch our brand new interactive XSS cheatsheet featuring novel vectors from
@garethheyeshttps://portswigger.net/research/one-xss-cheatsheet-to-rule-them-all …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
We've added a brand new topic on testing for
#WebSockets vulnerabilities, including three new labs.https://portswigger.net/web-security/websockets …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
DOMPurify 2.0.2 was released to address several new mXSS variations (affecting Blink, Webkit and EdgeHTML) that were spotted after an internal audit. https://github.com/cure53/DOMPurify/releases/tag/2.0.2 … Thanks and
to @kinugawamasato for his help!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
You can now find all resources about *Dupe Key Confusion* attacks (slides, paper, demos and tool) in https://github.com/pwntester/DupeKeyInjector … enjoy it!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I will be presenting at
@OWASP#GlobalAppSec this week and#GitLabCommit next week. Looking to chat with AppSec enthusiasts! Bonus: I will be giving FindSecBugs "limited edition" stickers.
pic.twitter.com/BqXKElocFk
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
Jonathan Birch is sharing tips on new Unicode normalization bugs (HostSplit/HostBond) he discovered. So many vulns found. He is encouraging folks to look around for more and showing how.pic.twitter.com/Kd4OgFTxIY
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
Hello world! A few thoughts on how Apple BLE works (spoiler: it is possible to get your phone number while you're using your Apple Device) https://hexway.io/blog/apple-bleee/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
ProFTPD Remote Code Execution Bug Exposes Over 1 Million Servers - by
@sergheihttps://www.bleepingcomputer.com/news/security/proftpd-remote-code-execution-bug-exposes-over-1-million-servers/ …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
Edge apparently sends the full URL of pages you visit (minus a few popular sites) to Microsoft. And, in contrast to documentation, includes your very non-anonymous account ID (SID).pic.twitter.com/zHMLUGwo9w
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Philippe Arteau proslijedio/la je Tweet
I wrote a blog post about a Docker escape from
@_fel1x. Note that if something works on --privileged containers it doesn't mean there aren't other setups. Here, we use no AppArmor and SYS_ADMIN capability which is "the new root". Hope you enjoy:https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.