IncredInComp

@incredincomp

WiFi intimidate turned rouge web server. Just a collection of 1's and 0's. Data is my passion. they/them hashtags=(🛹 🏍 📷 SecurityNoOne Educator Nerd)

California, USA
Vrijeme pridruživanja: kolovoz 2018.

Tweetovi

Blokirali ste korisnika/cu @incredincomp

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @incredincomp

  1. Prikvačeni tweet
    18. pro 2019.

    I owe a lot to the people here who have had patience with me, who have reached out helping hands or advice, or any of the people I could confidently shake hands with at cons now and not literally implode. Y’all rock and Im excited for another year. Thank you!

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    3. velj

    RETWEET THIS TONIGHT TO HELP For every RT, Olay is donating $1, up to $500K, to help . Because when we , we make space for everyone

    Poništi
  3. proslijedio/la je Tweet
    prije 2 sata

    When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018)

    Prikaži ovu nit
    Poništi
  4. prije 2 sata

    I’m going to get a retail job at the local Target and then socially engineer my way onto their red team. Give me 2 years, I’ll brb

    Poništi
  5. proslijedio/la je Tweet
    prije 9 sati

    When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.

    Poništi
  6. 2. velj

    If you search vmire{dot}news on twitter, a bunch of tweets come up from seemingly fake accounts that all link to various user profiles on the site. Most referencing Ukraine at some point... something’s phisy here

    Prikaži ovu nit
    Poništi
  7. 2. velj

    I’m kind of sad, the phishing site I found the other day got pulled, the whole domain even. Can’t hit on USAA-log{dot}com or even base of vmire{dot}news. I wonder if they noticed my curls in the logs and figured they’d been made. No one listens to me anyway guys, keep it going

    Prikaži ovu nit
    Poništi
  8. 1. velj

    vmire{dot}news IP: 178.33.32.212 OH SH*T they are Russian. Well this just got a whole lot more interesting to me. Russian news site serving phising sites to USAA users. QUOTE ME

    Prikaži ovu nit
    Poništi
  9. 31. sij

    I'm going to write a post about me hunting this down this weekend. Talk a bit about recon and how to not get caught up in something silly while researching potential threats. I am not done looking, and I hope I have more information by Monday too. This seems like a fair target

    Poništi
  10. 31. sij

    vmire{dot}news is out of germany? behind cloudflare though but serving a wordpress titled /usaa? suspect... I am not going there from my IP or PC rn, so Ill check it later when I get my OPSEC in order. basically turn my hotspot and laptop on

    Prikaži ovu nit
    Poništi
  11. 31. sij

    Host IP for usaa-log{dot}com: 192.64.119.126

    Prikaži ovu nit
    Poništi
  12. 31. sij

    I am starting to love my droplet like it's my real computer. It is seriously the cutest little thing, and SO AWESOMELY WELL DONE OF A PLATFORM I CANT EVEN CONTAIN MY EMOTIONS AND I AM SORRY I AM YELLING NOW AND I LOST MY PUNCTUATION KNOW HOW

    Poništi
  13. 31. sij

    Mentor got a text from someone pretending to be today. They don’t have an account with them, but they are a fed employee. Keep an eye out folks

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    31. sij

    So I just found out about the Application for a Pardon I can send to .. I am going to try and request a pardon to have all of my rights restored from my previous hacking convictions. I am going to need character witnesses for this process... 1/x

    Prikaži ovu nit
    Poništi
  15. 31. sij

    I’m part of a discord for infosec high schoolers participating in ctf’s. Recently, the kids figured out they can change their names to whatever they want, so now they’ve all started impersonating the one admin. They just @ each other at his name all day and it’s hilarious to me

    Poništi
  16. proslijedio/la je Tweet
    30. sij

    Windows Red Team Cheat Sheet 1. Recon 2. Elevation of Privileges 3. Lateral Movement 4. Golden and Silver Tickets 5. AD Attacks 6. Bypass-Evasion Techniques 7. Miscellaneous 8. Post exploitation - information gathering 9. Summary of tools

    Ovo je potencijalno osjetljiv multimedijski sadržaj. Saznajte više
    Poništi
  17. 30. sij

    I had to ask the guy if there was an asterisk after the "unlimited". Tech deals over the phone is hard work

    Poništi
  18. proslijedio/la je Tweet
    25. sij

    What if the Windows Desktop was a platformer? First test 👀

    Prikaži ovu nit
    Poništi
  19. 30. sij

    Using LazyRecon on a private program for the first time since my PR... domain exclusion working like a champ. I copied all the out of scope off , threw it in a NotePad++, comma separated them, pasted them into my droplet, fired away. Lets goooo

    Poništi
  20. 29. sij

    If not saving: ESC + :q! If saving: ESC + :wq

    Poništi
  21. proslijedio/la je Tweet
    28. sij
    Odgovor korisnicima i sljedećem broju korisnika:

    Thoughts: - try specifying the port to see if 80 still responds to SSL traffic - see if you can find validation issues, e.g. https://x<new line>http://localhost - leverage a redirect to downgrade - try redirecting to file://, |ls, or gopher:// - inject headers for cache poisoning

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·