nikhil

@niksthehacker

Synack Guardians of Trust Award Winner 2019, ambassador, Bug Bounty Hunter, CobaltCore Lead at , Organizer

India
medium.com/@mrnikhilsri
Vrijeme pridruživanja: travanj 2013.
119 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @niksthehacker

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @niksthehacker

  1. Prikvačeni tweet
    20. ožu 2019.

    So stoked , thank you 😊

    Synack Recognizes as Most Trusted Hacker of 2019 alongside the Most Trusted security leaders awarded to CrowdStrike, Domino's, General Dynamics Information Technology, Just Eat, and Santander UK. Read the press release!
    10 replies 9 proslijeđenih tweetova 101 korisnik označava da mu se sviđa
    Poništi
  2. proslijedio/la je Tweet
    prije 3 sata

    New blog post: Simple Remote Code Execution Vulnerability Examples for Beginners

    1 reply 18 proslijeđenih tweetova 72 korisnika označavaju da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    prije 22 sata

    Bug Hunting Tip: Every time you find the word "PROXY" in a URL, ask it for fun stuff.

    7 replies 155 proslijeđenih tweetova 651 korisnik označava da mu se sviđa
    Poništi
  4. proslijedio/la je Tweet
    4. velj

    I just published a blog post "Responsible Disclosure: Breaking out of a Sandboxed Editor to perform RCE"

    51 proslijeđeni tweet 104 korisnika označavaju da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    4. velj

    Here is slide of talk on "A methodology using fuzzing and info disclosure"

    19 proslijeđenih tweetova 76 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    4. velj

    When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018)

    11 replies 284 proslijeđena tweeta 962 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    3. velj

    When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.

    19 replies 462 proslijeđena tweeta 1.444 korisnika označavaju da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    3. velj

    Hey bug hunters! Want a look at some of the top vulnerabilities ever found on ? They just released the last blog post I wrote before leaving. Enjoy!

    200 proslijeđenih tweetova 601 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    2. velj

    This month I learnt how to analyse the JavaScript of a React Native application while bounty hunting. I wanted to share what I found out with everyone else.

    9 replies 207 proslijeđenih tweetova 564 korisnika označavaju da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    1. velj

    Just in case you haven’t seen the details yet, here it is it is always good to run code on a SharePoint server :)

    With thanks to , I have more details about CVE-2020-0646! Now that's the most interesting one; this one allowed RCE via Workflows again similar to and but using another technique 🤓
    14 proslijeđenih tweetova 50 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    1. velj

    Here is my writeup for Facebook's BountyCon 2020 CTF. Was not able to give much time but enjoyed solving a couple of challenges.🧑‍💻

    57 proslijeđenih tweetova 185 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    31. sij

    Much details. Very XXE.

    53 proslijeđena tweeta 170 korisnika označava da im se sviđa
    Poništi
  13. 31. sij

    Akamai WAF Bypass, worked on a recent program <x onauxclick=a=alert,a(domain)>click

    106 proslijeđenih tweetova 297 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    31. sij

    Call to security researchers, bug bounty hunters, and security enthusiasts. Bharti Airtel is organizing an invite-only bug bounty event. Please follow the below link for registration.

    5 replies 12 proslijeđenih tweetova 22 korisnika označavaju da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    9 replies 196 proslijeđenih tweetova 395 korisnika označava da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    29. sij

    Hola everyone! The last date to submit call for nominations is 7th Feb, do submit your bugs to win amazing Prizes like Xbox, hak5 gear, 1-year PentesterLab subscription and bug bounty village unique swags. .

    1 reply 14 proslijeđenih tweetova 23 korisnika označavaju da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    30. sij

    Episode #2 - We sit down with to talk about how to be successful in bug bounty, live events, music and creativity and of course, how to reach cosmic brain level 10. Listen on

    53 proslijeđena tweeta 181 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    28. sij

    Hacker tip: when you’re looking for IDORs in a model that references another model, try storing IDs that don’t exists yet. I’ve seen a number of times now that, because the model can’t be found, the system will save the ID. (1/2)

    5 replies 89 proslijeđenih tweetova 364 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    29. sij

    One more: Find a subdomain such as <grafana>.corp.company.com which points to a external IP example however only accessible inside VPN and such SSRF could be leveraged in that way. You can often find such hosts over SSL. Have exploited such in pasts. Might even be a

    1 reply 28 proslijeđenih tweetova 145 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    28. sij
    Odgovor korisnicima i sljedećem broju korisnika:

    Thoughts: - try specifying the port to see if 80 still responds to SSL traffic - see if you can find validation issues, e.g. https://x<new line>http://localhost - leverage a redirect to downgrade - try redirecting to file://, |ls, or gopher:// - inject headers for cache poisoning

    1 reply 8 proslijeđenih tweetova 82 korisnika označavaju da im se sviđa
    Poništi
  21. proslijedio/la je Tweet
    28. sij

    SVG animate XSS vector by

    66 proslijeđenih tweetova 213 korisnika označava da im se sviđa
    Poništi

@niksthehacker još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·