Louis Dion-Marcil

@ldionmarcil

pentest stuff /. vegan btw. My opinions are my own, but they are also facts.

Montréal, QC
Vrijeme pridruživanja: lipanj 2011.

Tweetovi

Blokirali ste korisnika/cu @ldionmarcil

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ldionmarcil

  1. Prikvačeni tweet
    7. lip 2019.

    Here are my slides for "Cache Me If You Can: Messing with Web Caching", presented & ! 🎉 Material includes: - Web Caching 101 - Web Cache Deception - Edge Side Include Injection - Web Cache Poisoning ...with real bugs showcased!

    Poništi
  2. 4. velj

    My automated recon engine that I've been working on for some weeks found its first bug today, all on it's own! I'M SO PROUD OF MY BABY 😭

    Poništi
  3. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    Poništi
  4. proslijedio/la je Tweet
    27. sij

    Did you know that the address '<a@b.com>c@d.com' when given to SES will send an email to a@b.com? this could lead to interesting exploit scenarios with some email parsing libraries/code

    Poništi
  5. 21. sij
    Prikaži ovu nit
    Poništi
  6. 21. sij

    Time to learn how to crack these bad boys open...

    Prikaži ovu nit
    Poništi
  7. 18. sij

    What are the best tools to dump .git/ folders found on web hosts? I used git-dumper on one recently, but for some reason I get a bunch of 404s and I end up with half of a git repository...

    Poništi
  8. 16. sij

    I was yesterday-years-old when I learned that Burp extensions like Flow/Logger++ needs to be at the BOTTOM of the load order in order to see traffic from other extensions 🤦‍♂️🤨 This tip and waaay more in this great video by

    Poništi
  9. 14. sij

    The more I use Burp, the less I feel like I know its features. Been using it every day for 8+ years and still learn of handy features like intruder greps...

    Poništi
  10. proslijedio/la je Tweet
    14. sij

    NEW: Google to phase out user-agent strings in Chrome * UA strings to be replaced with Client Hints * Move is part of the larger Privacy Sandbox project * UA string freezing and deprecation to take place between Chrome 81 and 85

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    14. sij

    We need your help to select the top 10 web hacking techniques of 2019! Cast your vote here:

    Prikaži ovu nit
    Poništi
  12. 13. sij

    Spent close to 3h trying to fingerprint this mysterious SQL engine yesterday. Could add logic conditions (2>3, 1=1) to modify the behaviour but not subqueries... Turns out I was injecting in a <xsl:when test="..."> THAT BURP IDENTIFIED 3 HOURS PRIOR....... Trust your tools 😅

    Poništi
  13. proslijedio/la je Tweet
    8. sij
    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    3. sij

    To start the new year I'm releasing another write-up where I explain the process of detecting and exploiting a chained HTTP request smuggling vulnerability which led me to an account takeover.

    Poništi
  15. 13. stu 2019.

    Another thing we tried was to point the "url" to a server we control, and issue a 302 redirect to a `file://c:/...` location. We couldn't do that because is dropping HTTPS packets that are not using the corporate certificate. So this bypass came in quite handy!

    Prikaži ovu nit
    Poništi
  16. 13. stu 2019.

    Here `WebClient.DownloadData` isn't safely used. You can pass file:// but by default, omitting the protocol defaults to a file on disk. What could've been a SSRF could be used to read files. This is due to how windows handles non-existing directories with relative pathing.

    Prikaži ovu nit
    Poništi
  17. 13. stu 2019.

    TIL, regarding Local File Read vulnerabilities on Windows, you can use non-existing directories to bypass poor implementations of protocol limitations. was checking that the "url" began with "https"; it was still possible to read files with `https/../web.config`

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet

    Turbo Intruder now supports labelling requests and storing data within the engine. Here's a demonstration of using that functionality for a crude timing attack (demo URL included):

    Poništi
  19. proslijedio/la je Tweet
    9. lis 2019.

    So FEYE just opened up some internal security APIs (detection as a service, virtual NX) and launched a developer relations program. 😯 That's a very... different & a surprise even to employees. 🌐Developer hub: 🔗AWS Apps:

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    26. ruj 2019.

    We are proud to launch our brand new interactive XSS cheatsheet featuring novel vectors from

    Poništi
  21. proslijedio/la je Tweet
    25. ruj 2019.

    DOMPurify 2.0.3 was released to fix yet another mXSS variation, spotted again by who is officially our hero now. Get the release here: We hope to have this uphill battle against the broken HTML parser under control now, fingers crossed.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·