Rahul Maini

@iamnoooob

Security Engineer | | | | | OSCP | Author at SecurityIdiots

\\domain\ADMIN$
securityidiots.com
Vrijeme pridruživanja: studeni 2014.
Rođen/a 8. veljače 1998.

Tweetovi

Blokirali ste korisnika/cu @iamnoooob

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @iamnoooob

  1. Prikvačeni tweet
    7. pro 2019.

    I recently exploited an XXE with a very cool trick and wrote a blog post tl;dr; Exploiting XXE to read files when HTTP OOB is not allowed but errors are enabled :D

    327 proslijeđenih tweetova 741 korisnik označava da mu se sviđa
    Poništi
  2. 16. sij

    Wish me luck 🙃 guys!

    See you all tomorrow January monthly meet venue at 4:00 PM with best speakers in town
    21 reply 95 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    14. sij

    I'm excited to share my post about discovering & exploiting multiple critical vulnerabilities in Cisco's DCNM. Busting Cisco's Beans :: Hardcoding Your Way to Hell PoC exploit code:

    17 replies 321 proslijeđeni tweet 583 korisnika označavaju da im se sviđa
    Poništi
  4. 10. sij

    🌜🌜got so frustrating in the end but we were just one char away.

    Reproduced Citrix ADC Remote Code Execution with . Good chaining, Learned new stuff exploiting this together!
    1 proslijeđeni tweet 31 korisnik označava da mu se sviđa
    Poništi
  5. proslijedio/la je Tweet
    10. sij

    I just published "Hunting Good Bugs with only <HTML>" I hope you enjoy this post!

    40 replies 257 proslijeđenih tweetova 669 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    8. sij

    New Writing Bypass SameSite Cookies Default to Lax and get CSRF Looking at a new Chrome feature and the 2 minute quirk which make it possible to bypass it, also solution to my CSRF challenge.

    116 proslijeđenih tweetova 270 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    7. sij

    For the sake of exercising, I looked up some web challenges in a and noticed a cool SQLi one "Secure System". I discovered some cool stuff that you will not find it in tutorials so check it out! 😅

    7 replies 140 proslijeđenih tweetova 356 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    6. sij

    One of the scarier bugs I’ve found: with Microsoft’s go-ahead & after many hours spent, I’m excited to finally publish this writeup and PoC! 👩🏼‍💻

    217 proslijeđenih tweetova 655 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    4. sij

    I've recently been fuzzing the PHP interpreter, and took a UaF bug all the way from crashing-sample to weaponized code execution. Here is the first of several blog posts I plan to write about the process.

    8 replies 200 proslijeđenih tweetova 538 korisnika označava da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    24. pro 2019.

    Writeup on how I made $40,000 breaking the new Chromium Edge using essentially two XSS flaws.

    29 replies 490 proslijeđenih tweetova 1.208 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    20. pro 2019.

    "Hey la Kibana, Inspection des gadgets !" 😋 Pwning Kibana 6.2 using prototype pollution and CVE-2018-17246 by

    68 proslijeđenih tweetova 116 korisnika označava da im se sviđa
    Poništi
  12. 17. pro 2019.

    🔥🔥 AF

    Finally got the approval, Here are multiple Linode's access token stealing/account takeover bugs, I like the second one. Retweet if you like it.
    13 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    13. pro 2019.

    Hi, If you want to know how SSRF Vulnerability was exist in Vimeo, you should read: Reported through ;)

    18 replies 339 proslijeđenih tweetova 843 korisnika označavaju da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    14. stu 2019.

    🎉🎉we are our long awaited project for the community , it’s a cloud based platform for continuous recon and monitoring, please have a look on product video and blog and give a thought about it.

    171 proslijeđeni tweet 457 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    7. stu 2019.

    After a longer time, we had again a look at SAML...resulted in a complete signature bypass in SimpleSAMLphp and xmlseclibs, and my coolest (public) Signature Wrapping exploit. Please patch. Writeup: (CVE-2019-3465) // cc

    92 proslijeđena tweeta 176 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    6. stu 2019.

    Slides and video of my talk "A year of hacking Azure AD" are online! Contains my exploration of the unofficial "1.61-internal" version of the Azure AD graph and the resulting vulnerabilities😃 Slides: Video:

    145 proslijeđenih tweetova 315 korisnika označava da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    5. stu 2019.

    Here is an interesting find and the root cause analysis of an Arbitrary file read vulnerability discovered by me in Note to Devs, never download user controllable HTML locally for converting it in to PDF or PNG if you are using PhantomJs.

    5 replies 52 proslijeđena tweeta 119 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    25. lis 2019.

    Slides from my talk, including HTTP smuggling techniques via fake WebSocket connection

    5 replies 157 proslijeđenih tweetova 365 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    18. lis 2019.

    A Tale of Exploitation in Spreadsheet File Conversions - Researching exploitation in headless document conversion in LibreOffice w/ , ,

    14 replies 262 proslijeđena tweeta 529 korisnika označava da im se sviđa
    Poništi
  20. 16. lis 2019.

    well, It includes various other well written references. Credit where credit's due!

    7 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi

@iamnoooob još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·