Brendan Scarvell

@menztrual

Security Researcher. Rural Firefighter and member of team.

Brisbane, Australia
Vrijeme pridruživanja: prosinac 2010.

Tweetovi

Blokirali ste korisnika/cu @menztrual

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @menztrual

  1. Prikvačeni tweet
    25. ožu 2019.

    I found bunch of remote code execution vulnerabilities in a variety of products. Full advisory is here: and working PoCs can be found here:

    Poništi
  2. proslijedio/la je Tweet
    1. velj

    I just got a fancy idea to create strings in without using dangerous characters 😃 Inspired by challenge from .

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    28. sij

    [Educational] One of the best blog posts that I ever read about going from 0 to unauth RCE in f**king Mikrotik OS step by step:

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    16. sij

    I'll make my tech report and poc public soon. It was a fun bug affecting most major distributions. one exploit to rule them all w/ all kernel expl mitigation bypasses - no rop chains / hardcoded crap

    Poništi
  5. 5. pro 2019.

    Fun challenge. Highly recommend giving it a go! :)

    Poništi
  6. 28. stu 2019.

    Playing blue team on a red vs blue ctf gives you a much greater appreciation on just how hard a blue teamer’s job is. Props to you guys and girls.

    Poništi
  7. proslijedio/la je Tweet
    26. stu 2019.

    Quick and dirty way to find parameters vulnerable to LFI & Path Traversal & SSRF & Open Redirect: Burp Search > Regex \?.*=(\/\/?\w+|\w+\/|\w+(%3A|:)(\/|%2F)|%2F|[\.\w]+\.\w{2,4}[^\w]) Suggestions are welcome.

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    25. stu 2019.

    If I want to quickly, manually spray an application input, I use this payload: '"><svg/onload=alert()>{{7*7}} It's fairly short, and will give indicators of basic SQLi, XSS and SSTI vulnerabilities. Disclaimer: This isn't a replacement for proper testing.

    Poništi
  9. 19. stu 2019.

    Quote of the night goes to : “if you leave it to the last minute then it only takes a minute”

    Poništi
  10. proslijedio/la je Tweet
    11. lis 2019.

    Found a full-blown CSP bypass on the current version of Firefox (69). Not working on the beta version. PoC: <object data="javascript:alert(1)"></object>

    Poništi
  11. proslijedio/la je Tweet
    14. lis 2019.

    HELLO! Unfortunately or fortunately, elttam has three spare tickets to give away! If you or someone you know is interested, please send us a DM. Maybe some goers are keen?

    Poništi
  12. 29. ruj 2019.

    Highly recommend checking it out if you missed out last year. Incredible conference and will probably sell out quickly.

    Poništi
  13. proslijedio/la je Tweet
    24. ruj 2019.
    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    15. kol 2019.
    Poništi
  15. proslijedio/la je Tweet
    14. kol 2019.

    Ruxmon Melbourne is on again in August. We are trying a new format with lightning talks (max 10 minutes) and are looking for speakers. Please spread the word and submit a talk here:

    Poništi
  16. proslijedio/la je Tweet
    11. kol 2019.
    Poništi
  17. 10. kol 2019.

    can't believe it's been a year! :o

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    4. srp 2019.

    I just used something like this in my work, so I recorded a simple video too. If you like this kinds of stuff, you should sign up for my newsletter: or get my book:

    Poništi
  19. 30. lip 2019.

    and also epic shoutouts to and the rest of the team involved with the enourmous amount of work that would have gone into building the hackable arcade!

    Prikaži ovu nit
    Poništi
  20. 30. lip 2019.

    Competed in my first solo CTF over the weekend and super happy with the outcome. Huge thanks to for an epic conference and great CTF and also a huge thanks to and for the prizes!

    Prikaži ovu nit
    Poništi
  21. 24. lip 2019.

    Freemarker SSTI and can't use < [ or spaces to make the PoC work? Try: ${"freemarker.template.utility.Execute"?new()("id")}

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·