alex

@insertScript

Interested in everything IT Security related :) Array(10).join('a'-1)+ Batman!

Vrijeme pridruživanja: lipanj 2012.

Tweetovi

Blokirali ste korisnika/cu @insertScript

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @insertScript

  1. proslijedio/la je Tweet
    28. sij

    Qualys Security Advisory: LPE and RCE (CVE-2020-7247) in OpenSMTPD, OpenBSD's mail server. Erroneous logic in smtp_mailaddr() which validates user and domain. More details and PoC at: PS: "Did you ever play tic-tac-toe?"

    Poništi
  2. 26. sij

    As I have no cool new findings, lets start the year with an old IE bug - bypassing Content-Disposition: attachment with mhtml:

    Poništi
  3. 8. sij

    Introduction of same site cookies with a cool challenge to learn the pitfalls

    Poništi
  4. proslijedio/la je Tweet
    27. pro 2019.

    My "simple" XSS challenge is over! Once again congratz to and for solving it! But also to everyone else that tried their best. Have you found all 11 vulnerabilities? 💪

    Poništi
  5. 23. pro 2019.

    Mostly a note to myself: FF allows SVG animations to react to events of non SVG elements -

    Poništi
  6. 19. stu 2019.

    Ah what a beautiful bug - escalate to system via menu navigation

    Poništi
  7. proslijedio/la je Tweet
    4. stu 2019.

    Deploying honeytokens in Active Directory & How to trick attackers with deceptive BloodHound paths

    Poništi
  8. proslijedio/la je Tweet
    3. stu 2019.

    "Mix and match to bypass the same-origin policy" by

    Poništi
  9. 14. lis 2019.

    PDF template to trigger a POST request in Chromes PDF viewer - a user gesture (eg a click) is now required somewhere on the documents page.

    Poništi
  10. 14. lis 2019.

    Yes!!! :) Get your mathML payloads ready ^^

    Poništi
  11. 13. lis 2019.

    In case you are using ZAPs HUD feature, you should update it. It contains a fix for a DOM XSS via postMessage I reported

    Poništi
  12. proslijedio/la je Tweet
    23. ruj 2019.

    Everyone, here is the final 𝗔𝗹𝗹𝗦𝘁𝗮𝗿𝘀 𝟮𝟬𝟭𝟵 schedule! Please check and RT as it is different from the one on the OWASP Sched website. Schedule updates will also be on our page as linked above.

    Poništi
  13. proslijedio/la je Tweet
    23. kol 2019.

    Slides for my Hitcon 2019 talk has been uploaded! It covers everything I know about cookie exploitation.

    Poništi
  14. 23. kol 2019.

    I managed to bypass the latest fix as well - again RCE via LibreLogo in LibreOffice(6.3.0.4 & 6.2.6) . I will report it of course. No user interaction required - the PoC in the recording is slow because of poor VM performance.

    Poništi
  15. proslijedio/la je Tweet
    21. kol 2019.

    Hack Mobile Apps With Us! Chinese Police, Government-Mandated apps from South Korea, CloudPets, Drones and other fun :) Amsterdam Sept. 23rd-25th

    Poništi
  16. 19. kol 2019.

    Blogpost incoming as soon as I have some time ^^

    Poništi
  17. 12. kol 2019.

    Thanks for this gift :)

    Poništi
  18. proslijedio/la je Tweet

    WebKit: UXSS via XSLT and nested document replacements

    Poništi
  19. proslijedio/la je Tweet
    7. kol 2019.

    What a great way to start the day. I received in the morning the confirmation that I passed my OSCP exam! I wrote a quick blog post on my thoughts and some tips, see: Huge thanks to for putting together such a good course!

    Poništi
  20. 26. srp 2019.

    There is a blogpost now for CVE-2019-9848, aka the LibreOffice LibreLogo RCE, by Nils who found it :) I re-created the PoC correctly ^^

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·