Tweetovi

Blokirali ste korisnika/cu @m0chan98

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @m0chan98

  1. Prikvačeni tweet
    2. lis 2019.

    Just put a whole bunch of new cool stuff on my Windows Cheatsheet :)

    Poništi
  2. proslijedio/la je Tweet
    6. velj

    Made around $42k from in one month..... Best month so far. A big thanks to for such a great program.

    Poništi
  3. proslijedio/la je Tweet

    to get commoncrawl assets! curl -sL | grep 'href="/CC' | awk -F'"' '{print $2}' | xargs -n1 -I{} curl -sL {}-index?url=* | awk -F'"url":\ "' '{print $2}' | cut -d'"' -f1 | sort -u | tee domain.txt

    Prikaži ovu nit
    Poništi
  4. prije 23 sata

    Yay, I was awarded a $500 bounty on !

    Poništi
  5. proslijedio/la je Tweet
    26. stu 2019.

    Seriously, another unauthenticated database. Google Firebase is a ripe target for getting easy wins, just append "/.json" to the URL and it dumps the entire database. More info on my blog:

    Poništi
  6. proslijedio/la je Tweet
    3. velj

    HTTP Request Smuggling can allow attackers to get unauthorised access, compromise other users etc. It can also be a bug bounty cash cow for the right researcher. There aren't many write-ups that explain it in action, so here you go...

    Poništi
  7. proslijedio/la je Tweet
    23. sij

    "ondragend" event seems to bypass certain WAFs <p ondragend=[1].map(prompt) draggable="true">dragMe</p> cc

    Poništi
  8. proslijedio/la je Tweet

    Friendly reminder that breach after breach traces back to misconfigured and unsecured S3 buckets. Check your AWS environments with tools like Bucket Finder, S3-inspector, S3Scanner. Find these problems before the criminals do.

    Poništi
  9. proslijedio/la je Tweet
    22. sij

    Here is the link to the SpecterOps Adversary Tactics: PowerShell course material: Enjoy! For information about our current training offerings, information can be found here: (4/4)

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    21. sij

    I Interviewed last week and we talked about bug bounty, recon and life! I highly recommend this video, especially if you are into recon, bug bounty, want to get started & learn some new stuff! Jason definitely dropped some knowledge🔥

    Poništi
  11. proslijedio/la je Tweet
    20. sij

    It's here!!! Tell your colleagues, tell your friends, tell your grandma.

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    19. sij

    1 liner to get a list of all *.mil sites for DeptOfDefense's program on crtsh %.mil | rev | cut -d "." -f 1,2 | rev | sort -u | tee -a ~/recondata/milsite.txt | grep -v "\@"

    Poništi
  13. proslijedio/la je Tweet
    15. sij

    😱 Apparently has lost access to his account and there's an important document we need to retrieve from this site. Can you retrieve the document before he does? An all-expense ticket for could await.

    Poništi
  14. proslijedio/la je Tweet
    15. sij

    Regarding the bug we recently turned in to Microsoft: If you think that one is a doozie, just imagine what we're sitting on that we HAVEN'T turned in.

    Poništi
  15. proslijedio/la je Tweet

    Some of the biggest and most costly breaches in recent memory caused by 20 year old security bugs in security products by security vendors: - Fortigate SSL VPN. - Citrix ADC (SSL VPN). - Pulse Secure (SSL VPN). In each case they all lacked basic security mitigations.

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    13. sij

    Use shodan if your looking for CVE-2019-19781 title:"Netscaler" port:"443" org:"organization" 200 title:"Netscaler" port:"443" :.*.domain.com 200

    Poništi
  17. proslijedio/la je Tweet
    12. sij

    Flight out of Chicago cancelled so I’ve been put up in the O’Hare Comfort Inn. Lady at reception said I’m in the ‘Boardroom Suite’. I thought to myself “weird name”, then walked into this... 😂

    Poništi
  18. proslijedio/la je Tweet
    13. sij

    While pentesting webapps, whenever you notice a redirect, check what caused it. If it's a client side redirect (caused by JavaScript), try redirecting to javascript:alert(), now you have XSS!

    Poništi
  19. proslijedio/la je Tweet
    10. sij
    Poništi
  20. proslijedio/la je Tweet
    7. sij

    Hi all, dropping another tool today. This one is very simple, it does reverse DNS lookups as fast as possible. It's a great way of discovering domains and subdomains owned by a company when you know their IP address range(s). Check it out:

    Poništi
  21. proslijedio/la je Tweet
    6. sij

    This was actually sensational. Ricky Gervais at The Golden Globes -

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·