N B Sri Harsha

@nbsriharsha

Passionate web application security researcher. Always want to learn new things. bug bounty hunter. Ctf with securisec. Founder of defmax.

hyderabad
Vrijeme pridruživanja: lipanj 2012.

Tweetovi

Blokirali ste korisnika/cu @nbsriharsha

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @nbsriharsha

  1. Prikvačeni tweet
    2. velj 2019.

    We have released the source of hackim 2019 ctf

    Poništi
  2. proslijedio/la je Tweet
    28. sij

    [Educational] One of the best blog posts that I ever read about going from 0 to unauth RCE in f**king Mikrotik OS step by step:

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    13. sij
    Poništi
  4. proslijedio/la je Tweet
    8. sij

    CVE-2019-19781 Citrix path traversal base on vpns folder Example: GET /vpn/../vpns/services.html GET /vpn/../vpns/cfg/smb.conf patch >> HTTP/1.1 403 Forbidden no patch >> HTTP/1.1 200 OK [global] encrypt passwords = yes name resolve order = lmhosts wins host bcast

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    4. sij

    I've recently been fuzzing the PHP interpreter, and took a UaF bug all the way from crashing-sample to weaponized code execution. Here is the first of several blog posts I plan to write about the process.

    Poništi
  6. proslijedio/la je Tweet
    23. pro 2019.

    Ever wondered what makes a CTF challenge good? I've asked myself that many times. I wrote this to help me answer that question based on discussions with others in the community

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    24. pro 2019.

    Writeup on how I made $40,000 breaking the new Chromium Edge using essentially two XSS flaws.

    Poništi
  8. proslijedio/la je Tweet
    22. pro 2019.

    Based on community feedback, popularity, and the opinions of , we've compiled this list of the top 10 extensions for pen testers.

    Poništi
  9. proslijedio/la je Tweet
    21. pro 2019.

    New writeup, one of my favorite bugs 🤠 - Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty Featuring...

    Poništi
  10. proslijedio/la je Tweet
    3. pro 2019.

    Burp Suite Secret Finder - Burp Suite Extension To Discover Apikeys/Tokens From HTTP Response

    Poništi
  11. proslijedio/la je Tweet
    29. stu 2019.

    HTTP Request Smuggling in one Screenshot. 🙂

    Poništi
  12. proslijedio/la je Tweet
    22. stu 2019.

    I just uploaded my latest Live Recon stream to YouTube. I'll also be doing several new pieces of video content over the next few months on my channel. This week we used Xmind, Amass Intel, SSLScarpe, ASNLookup, Httprobe, ++. Enjoy!

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    20. stu 2019.

    SSRF in AWS EC2 instances is getting harder to exploit. The new Metadata protocol now requires to issue a PUT request to get a token.

    Poništi
  14. proslijedio/la je Tweet
    18. stu 2019.

    Another write up of a bug found by in Google VRP! An XSS via Dom Clobbering in AMP4Email

    Poništi
  15. proslijedio/la je Tweet
    1. tra 2019.
    Odgovor korisnicima i sljedećem broju korisnika:

    I've added a community transform for this service to recon. I hope you don't mind. Anyway, probably a dedicated elastic search cluster will be coming soon...

    Poništi
  16. proslijedio/la je Tweet
    13. stu 2019.

    Monitorizer: The ultimate subdomain monitorization framework:- By .

    Poništi
  17. proslijedio/la je Tweet
    4. stu 2019.

    Another day, another script. Search endpoints on GitHub for a given (sub)domain. Like all extraction script, it's as good as the regexp configured so feel free to add your own or send them to me :x

    Poništi
  18. proslijedio/la je Tweet

    Did you know you can use the Connection header to delete other headers? Interesting research lead by :

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    29. lis 2019.

    This is such a really interesting bug, which combined both web and binary stuff! Thanks the author neex, and for the bug! By the way, this seems my first time to blog a bug which is not found by me. XD

    Poništi
  20. proslijedio/la je Tweet

    Using Web Cache Poisoning for persistent Denial of Service:

    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    22. lis 2019.

    Freshly patched RCE in PHP-FPM: Exploit: Many nginx+PHP configurations vulnerable, watch out!

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·