Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @ih3bski
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ih3bski
-
Segf0lt proslijedio/la je Tweet
When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.
#bugbountytip#bugbountytip#bugbountyHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Segf0lt proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Segf0lt proslijedio/la je Tweet
Load encrypted PE from XML Attribute. MSBuild is still the best.
https://github.com/XwingAngel/PELoader/ …
MSBuild sets Property then calls Execute.
Use this example to decouple payloads & prove that all security products have a "Single File Bias".
Decouple payloads to subvert detection.pic.twitter.com/648rujlLQn
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Segf0lt proslijedio/la je Tweet
Some essential process execution/cmd lines to monitor for initial access/persist. powershell cmd rundll32 control wscript javaw csc regsvr32 reg certutil bitsadmin schtasks wmic eqnedt32 msiexec cmstp mshta hh curl installutil regsvcs/regasm at msbuild sc cscript msxsl runonce
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Segf0lt proslijedio/la je Tweet
#OSINT : Better Whois:http://www.betterwhois.com Active Whois:http://www.johnru.com ZabaSearch:http://www.zabasearch.com TinEye:http://www.tineye.com isearch:http://www.isearch.com/ serversniff:http://serversniff.net/ robtex:http://www.robtex.com#BugBountyTip#Hacking#pentestHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Segf0lt proslijedio/la je Tweet
SOP bypass SOP Bypass via browser-cache https://enumerated.wordpress.com/2019/12/24/sop-bypass-via-browser-cache … Exploiting a Microsoft Edge Vulnerability to Steal Files https://www.netsparker.com/blog/web-security/stealing-local-files-with-simple-html-file … Google sites and exploiting same origin policy https://link.medium.com/RejU1vJyI3 https://thehackerblog.com/reading-your-emails-with-a-readwrite-chrome-extension-same-origin-policy-bypass-8-million-users-affected/index.html …
#bugbounty,#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Segf0lt proslijedio/la je Tweet
With all the fun around Citrix Netscalers here's how to decrypt encrypted values from the config file (like bind dn passwords)
#shitrix https://dozer.nz/citrix-decrypt/Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Segf0lt proslijedio/la je Tweet
Quickly identify users / groups / password policy of the domain with prettyloot after dumping domain info using ntlmrelayx ! https://github.com/mpgn/prettyloot The script reads all files from the loot directory and prints information like a classic enum4linux output
https://twitter.com/ditrizna/status/1103964505510416384 …pic.twitter.com/H52izvze1Z
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Segf0lt proslijedio/la je Tweet
First blog post: Unauthorized Google Maps API Key Usage Cases, and Why You Need to Carehttps://link.medium.com/gOzO3Gy9o3
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Segf0lt proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Segf0lt proslijedio/la je Tweet
You can now install Empire in Kali by simply running: apt-get install powershell-empire Run it with: powershell-empire
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Segf0lt proslijedio/la je Tweet
For all you the defenders working on CVE-2019-19781.
@x1sec made excellent notes on the Citrix analysis.https://github.com/x1sec/x1sec.github.io/blob/master/CVE-2019-19781-DFIR.md …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Segf0lt proslijedio/la je Tweet
#CVE-2020-2551 Weblogic RCE via iiop protocol, funny bug:Dpic.twitter.com/Xv6ar3w8GxHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Segf0lt proslijedio/la je Tweet
CVE-2020-0601 - PoC for code signing PE files using a Certificate Authority using ECC https://github.com/ollypwn/cve-2020-0601 …pic.twitter.com/QKIaWrRQFL
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Segf0lt proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Segf0lt proslijedio/la je Tweet
Blog describing how to decrypt passwords stored in Citrix Netscaler config Two likely attack paths post Netscaler compromise
Decrypt AD service account password in ns.conf
Steal session token & take over user’s session (similar to Heartbleed)
https://dozer.nz/citrix-decrypt/ Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Segf0lt proslijedio/la je Tweet
Update CVE-2019-19781 You can exploit the vulnerability without the file http://newbm.pl and only use the file http://rmbm.pl ! You can inject your payload inside the name of the XML file and fire the command execution !

#shitrix#citrixpic.twitter.com/g2P1GAJo1R
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Segf0lt proslijedio/la je Tweet
Want Free
? Jump on the Citrix wagon!
Pick a program on https://github.com/arkadiyt/bounty-targets-data/blob/master/data/wildcards.txt …
git clone https://github.com/cisagov/check-cve-2019-19781 …
cd check-cve-2019-19781
pip3 install -r requirements.txt
cat hosts.txt | while read url ; do cve-2019-19781 $url ;done > loot.txt 2>&1 cat loot.txt | grep appearHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Segf0lt proslijedio/la je Tweet
If you haven't heard the news, I have decided to create a list of vulnerable boxes I have gone through that have helped me prepare for AWAE/OSWE so far
. I will continue to update this as I finish the course.
You can find the list here: https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=665299979 …pic.twitter.com/vlp0otTMZ3
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Segf0lt proslijedio/la je Tweet
Continuing the series of process injection techniques. Wrote the post on APC Queue Process Injection Technique. https://3xpl01tc0d3r.blogspot.com/2019/12/process-injection-part-v.html … The code can be found on my github repo https://github.com/3xpl01tc0d3r/ProcessInjection …
#csharp#redteam#processinjection#apcqueueinjectionHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
