Leonel Emiliano

@leoalgare

Bug Hunter. SecOps Engineer. Reverse engineering lover ☢️

Vrijeme pridruživanja: svibanj 2017.

Tweetovi

Blokirali ste korisnika/cu @leoalgare

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @leoalgare

  1. proslijedio/la je Tweet
    3. velj

    When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.

    Poništi
  2. 1. velj

    In January, I submitted 9 vulnerabilities to 4 programs on .

    Poništi
  3. proslijedio/la je Tweet
    29. sij

    Alguien con experiencia en pentest que quiera pasarse al lado defensivo y aprender crypto? DM 🧉

    Poništi
  4. 28. sij

    Yay, I was awarded a $2,300 bounty on ! RCE + Blind SSRF

    Poništi
  5. 23. sij

    Playa del toro, Isla Victoria, Bariloche, Argentina

    Poništi
  6. proslijedio/la je Tweet
    23. sij

    2nd critical of this week. Abuse ouath Sign-up flow: 1) Use phone number instead email in 3rd party to sign-up. 2) Link victim's email to your 3rd party account while singnup on target. 3) Login to vicitim's account using your 3rd party account.

    Poništi
  7. proslijedio/la je Tweet
    22. sij

    DNS Rebinding attack in one Screenshot. 🙂

    Poništi
  8. proslijedio/la je Tweet
    22. sij

    if you find 403 Forbidden while testing. Try X-Original-URL and X-Rewrite-URL Headers to bypass restrictions

    Poništi
  9. proslijedio/la je Tweet
    16. sij

    So you believe UUID's are a sufficient protection against IDOR's? Think again! 🤦 Thanks for the ,

    Poništi
  10. proslijedio/la je Tweet

    There’s two new pre-auth RCE with CVSS score 9.8 in RD Gateway, commonly used to protect RDP servers (adds MFA etc). RD Gateway is a (great, btw) Enterprise solution for protecting those RDP boxes. You probably want to patch these.

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    14. sij

    We're very excited to welcome our newest satellites Sophie & Marie to the Satellogic fleet tonight... Stay tuned! Follow the countdown:

    Poništi
  12. proslijedio/la je Tweet
    13. sij

    Update CVE-2019-19781 You can exploit the vulnerability without the file and only use the file ! You can inject your payload inside the name of the XML file and fire the command execution ! 🔥💪

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    15. sij

    We have contact from both satellites, and healthy beacons. Congratulations everyone! Ad astra

    Poništi
  14. 14. sij

    I'm having troubles to exploit a get CSRF in safari via xhr. the browser don't send the cookies when I use withcredentials true. I already have checked that the endpoint is vulnerable (allow cors for another domain and also with allowCredentials true)

    Poništi
  15. proslijedio/la je Tweet
    8. sij
    Poništi
  16. proslijedio/la je Tweet
    5. sij

    Australia is on fire right now! What if we all donate 1 or 2 dollars? Maybe we can help save hundreds of animals in danger. To all my friends doing bug bounty, what’s one dollar? 1% of a low risk bug? if you can’t donate, plz RT! Thanks!!

    Poništi
  17. proslijedio/la je Tweet
    2. sij

    It gives me great pleasure to announce the release of the OWASP Foundation API Security Top 10 - 2019 edition. Thank you Inon Shkedy, Paulo Silva, and David Sopas for many MANY hours of work. Download the full publication from here:

    Poništi
  18. proslijedio/la je Tweet
    31. pro 2019.

    New year gift 🎉 Set up a free server to exploit blind vulnerabilities! 1. 2. sudo apt-get install apache2 pagekite 3. add "ServerName localhost" to /etc/apache2/apache2.conf 4. 80->8080 in /etc/apache2/ports.conf 5. pagekite 8080

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    1. sij

    Why not step into the next decade with WAF bypasses? Here are some gifts.😎 - Imperva <a69/onclick=write&lpar;&rpar;>pew - DotDefender <a69/onclick=[0].map(alert)>pew - Cloudbric <a69/onclick=[1].findIndex(alert)>pew Happy 0x32303230.😉

    Poništi
  20. 1. sij
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·