Tweetovi

Blokirali ste korisnika/cu @j_kaluzny

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @j_kaluzny

  1. Prikvačeni tweet
    16. pro 2019.

    The recording of my presentation is online: - Let's get evil - at scale :) that's the one with a reverse live hacking session - people in the audience did very well!

    Prikaži ovu nit
    Poništi
  2. 4. velj

    CSRF was one of my favourites - that one in 2012 was my first bug bounty reward from Google, in 2012, before I even got a job as a pentester :)

    Prikaži ovu nit
    Poništi
  3. 4. velj

    Nice to see that trivial POST CSRFs will no longer work on Chrome (80) due to treating cookies as same site=lax by default

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    3. velj

    [PL] Wywiad z Jak powinien wyglądać test penetracyjny? Na co zwrócić uwagę podczas zawierania kontraktu? Ile średnio trwa i kosztuje taka usługa? Jak często zdarza się nie znajdować błędów? Co to jest ? Co to jest modelowanie zagrożeń?

    Poništi
  5. proslijedio/la je Tweet
    27. sij
    Poništi
  6. proslijedio/la je Tweet

    Also I'd like to see a DSCP, or Defensive Security Certified Professional. The exam is you have 24h to set up a defensive infra (with limits, like in the real word!) and then not get pwned within another 24, or get pwned and do IR.

    Prikaži ovu nit
    Poništi
  7. 15. sij

    Nice. Number of IT/ITSec conferences at which I was offered to use a vulnerable Logitech clicker in the last 12 months: 4 out of 6. It always makes a good opening for a threat modelling talk :)

    Poništi
  8. proslijedio/la je Tweet

    "SIM swap" attacks have been in the news for years. They’ve enabled serious financial crimes and even a hack of the Twitter CEO's account. We spent 6 months researching how vulnerable wireless accounts are to these attacks. Our draft study is out today.

    Prikaži ovu nit
    Poništi
  9. 9. sij

    Govs delegate identity management to banks, banks delegate it to telecoms, telecoms cut costs wherever it takes. In the end, our identity and money is secured by a 6 digit SMS OTP and a support technician who will swap a SIM provided you give them a 5-star rating after the call.

    Poništi
  10. proslijedio/la je Tweet
    6. sij

    Excited / slightly nervous that my talk has been accepted for in March! "Plundering GCP - Escalating Privileges, Moving Laterally, and Stealing Secrets in Google Cloud". A 101 of post-exploitation fun, which will be based on a LENGTHY tutorial I am writing now.

    Poništi
  11. proslijedio/la je Tweet
    5. sij

    Consider: millions of years ago our antecedents gave a massive sacrifice of their left hemisphere. We lost a tremendous amount of short term memory and replaced it with Broca’s, Wernicke & the phonological loop. But why? So we can—talk. Thus chimpanzees can do this—we can’t:

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    18. pro 2019.

    Totally blown away by this. BTW - universities and other educational institution has really easy and cheap access with A type licenses to which greatly improves their security posture.

    Poništi
  13. 17. pro 2019.
    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    11. pro 2019.

    Do you want to make friends on the Internet? Take a credit card form and change the method from POST to GET, then submit your card details... Endless hours of fun for the team in charge of debugging that one during their next PCI Audit!

    Poništi
  15. proslijedio/la je Tweet
    25. stu 2019.

    Offensive phishing technique #37: set your phishing domain's A record after you send the phish. Some gateways (like Gmail) will let it right through assuming it's a broken link. Ensure you have the lowest possible dns ttl. Especially useful for newly registered/low rep domains

    Poništi
  16. 25. stu 2019.

    Tomorrow at I'll give a talk on . There will be a reverse-live-hacking session. Reverse means this time I will not be the one hacking, it will be the audience hacking some systems (or themselves) :)

    Poništi
  17. 22. stu 2019.

    Zapraszam na konferencję What The H@ck, na której opowiem jak przeprowadzać sesje modelowania zagrożeń, gdy system zmienia się 3 razy dziennie.

    Poništi
  18. proslijedio/la je Tweet
    19. stu 2019.
    Odgovor korisniku/ci

    To jailbreak iphone == „furgnąć z ciupy na mobilnioku”? 😃

    Poništi
  19. proslijedio/la je Tweet
    12. stu 2019.

    NTLM reflection is back to haunt windows. Read about Ghost Potato here (this time with a fixed link):

    Poništi
  20. 8. stu 2019.

    The recording of my presentation 'security education via security features' is up :)

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·