Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @hacker_
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @hacker_
-
Prikvačeni tweet
New blog post: Analysis of an Atlassian Crowd RCE - CVE-2019-11580https://www.corben.io/atlassian-crowd-rce/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Corben Leo proslijedio/la je Tweet
When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.
#bugbountytip#bugbountytip#bugbountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Seriously, if you use ffuf you should consider sponsoring on GitHub – literally $1-10 a month! https://github.com/sponsors/joohoi https://twitter.com/joohoi/status/1223987162900836352 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I'm nuking the bugbountylink site – it's open-source here:https://github.com/lc/bugbountylink …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Corben Leo proslijedio/la je Tweet
The story behind why Kobe flew in a private helicopters in LA
pic.twitter.com/0jeB9qCpHdHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Corben Leo proslijedio/la je Tweet
Did you know that the address '<a@b.com>c@d.com' when given to SES will send an email to a@b.com? this could lead to interesting exploit scenarios with some email parsing libraries/code https://nathandavison.com/blog/exploiting-email-address-parsing-with-aws-ses …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Corben Leo proslijedio/la je Tweet
Here are my (updated) slides from
@AppSecCali for my talk "Owning The Cloud Through SSRF & PDF Generators" with Chris Holt from@TheParanoids. Big thank you to@daeken,@bbuerhaus,@infosec_au ,@orange_8361,@Alyssa_Herrera_, and@hacker_ ! https://docs.google.com/presentation/d/1vMbvg05euZdq1wDxtR04EvC6iBiyIbcFeRAHWr1McdA/edit#slide=id.g6f82de3c45_0_9 …pic.twitter.com/q3UwhtzfbE
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Corben Leo proslijedio/la je Tweet
Cross-Site Websocket Hijacking bug in Facebook that leads to account takeover https://ysamm.com/?p=363
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The research I worked on, Exploring Continuous Integration Services as a Bug Bounty Hunter, was nominated for this! If you enjoyed it and found it useful please consider voting :)https://twitter.com/PortSwiggerRes/status/1217100103548313601 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Corben Leo proslijedio/la je Tweet
I'm excited to share my post about discovering & exploiting multiple critical vulnerabilities in Cisco's DCNM. Busting Cisco's Beans :: Hardcoding Your Way to Hell https://srcincite.io/blog/2020/01/14/busting-ciscos-beans-hardcoding-your-way-to-hell.html … PoC exploit code: https://srcincite.io/pocs/cve-2019-15975.py.txt … https://srcincite.io/pocs/cve-2019-15976.py.txt … https://srcincite.io/pocs/cve-2019-15977.py.txt …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Corben Leo proslijedio/la je Tweet
CVE-2019-19781 post-exploitation notes: If you are seeing attackers reading your /flash/nsconfig/ns.conf file then you need to change all passwords. The SHA512 passwords are easily crackable with hashcat.pic.twitter.com/mNMaTT1oCE
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Corben Leo proslijedio/la je Tweet
If a subdomain returns a default/under construction or dead page, it may still be worth to run it through
@hacker_'s getallurl +@TomNomNom's concurl tools to request all URLs & identify any URLs with different response. See image for commands.#BugBounty#bugbountytippic.twitter.com/YNXB7uamRY
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Corben Leo proslijedio/la je Tweet
Should we talk about the Citrix RCE?


@hacker_ and I made a video: Enumerating, Analyzing, and Exploiting The Citrix ADC Remote Command Execution - CVE-2019-19781. https://youtu.be/v_qpiebydk4 It's already demonetized by YouTube so enjoy!
pic.twitter.com/wro8tKRiCI
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Corben Leo proslijedio/la je Tweet
Just posted Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2. Using a payload containing three different programming languages :)https://spaceraccoon.dev/remote-code-execution-in-three-acts-chaining-exposed-actuators-and-h2-database …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Corben Leo proslijedio/la je Tweet
Despite being 2020-01-11, I think
@cyb3rops just won the PR of the year award!https://github.com/projectzeroindia/CVE-2019-19781/pull/1 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
A CVE-2019-19781 is this easy – 1. Traversal to vpns folder, traversal in the NSC_HEADER + http://newbm.pl to write a malicious bookmark to the /netscaler/portal/templates/ folder (1st HTTP request), 2. Passing that template through the Template Toolkit (2nd request)pic.twitter.com/xMHMSixviQ
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Corben Leo proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Corben Leo proslijedio/la je Tweet
To start the new year I'm releasing another write-up where I explain the process of detecting and exploiting a chained HTTP request smuggling vulnerability which led me to an account takeover.https://hipotermia.pw/bb/http-desync-account-takeover …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I never tweet these but since it's the first bounty of the decade I'll make an exception
Yay, I was awarded a $5,000 bounty on @Hacker0x01! https://hackerone.com/cdl#TogetherWeHitHarderHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
2020 Goals: – Make some money, doesn't matter how much. – Learn more – Automate more of my hunting process. – Maybe speak at a conference?
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
