Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @nilesh_loganx
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @nilesh_loganx
-
Prikvačeni tweet
Twitter CSV Injection - Going beyond Pop-Up Calculator to Taking Meterpreter Shell (y)
#InfoSec#CSV#Injection#BBhttps://nileshsapariya.blogspot.in/2017/06/twitter-csv-injection-going-beyond-pop.html …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
I’ve just published my exploit for the LPE and RCE in OpenBSD’s OpenSMTPD recently disclosed by
@qualys You can find it here: https://github.com/0xdea/exploits/blob/master/openbsd/raptor_opensmtpd.pl …#opensmtpd_too_openpic.twitter.com/q1ykEhz7vh
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
7-Zip: From Uninitialized Memory to Remote Code Execution
#infosec#pentest#bugbounty#exploitDevhttps://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
Wow! "Resources for Beginner Bug Bounty Hunters" has over 1000 stars on GitHub now and we just pushed a new update! Check it out:https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
@ngalongc,@EdOverflow, and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover. https://blog.reconless.com/samesite-by-default/ …pic.twitter.com/5R23YmpksT
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
New #fuzzing blogpost :) Quick blogpost about how I found a OOM/DoS bug in a famous@npmjs/@nodejs package using coverage-guided#javascript fuzzer.
Fuzzer: Jsfuzz by @fuzzitdev
Target: wasm-parser
Bug: DoS/OOM
https://webassembly-security.com/fuzzing-npm-nodejs-webassembly-parsing-library-with-jsfuzz/ …
#WeAssembly#js#wasm#NodeJSHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
Here's my PoC for CVE-2020-7980, a script to gain RCE (root level) to some Satellite controllers.https://github.com/Xh4H/Satellian-CVE-2020-7980 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
CVE-2020-0674: Internet Explorer Remote Code Execution Vulnerability Exploited in the Wild Zero-day remote code execution vulnerability Triggers 0. JScript 1. used in
#argument 2.#recursion ... Proof of Concept Demo Videopic.twitter.com/K3PRkb753sOvo je potencijalno osjetljiv multimedijski sadržaj. Saznajte višeHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
Attacking Azure, Azure AD, and Introducing PowerZurehttps://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
We now have 116 awesome labs on the Web Security Academy. We'll be adding some more soon.https://portswigger.net/web-security/all-labs?utm_source=twitter&utm_medium=social&utm_campaign=existing-labs …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
I always had a hard time finding
@GoogleVRP writeups beacuse they were all over the place in different blog posts, so I made this. If you know of something that is not in there, you are more than welcome to contribute!
#BugBonty#infosec#GoogleVRPhttps://github.com/xdavidhu/awesome-google-vrp-writeups …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
A Red Teamer’s Guide to GPOs and OUs
#infosec#pentest#resteamhttps://wald0.com/?p=179Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
I created this repo for the people who want to learn about windows logical privilege escalation bugs. You can contact me to add good article which I missed. https://github.com/sailay1996/awesome_windows_logical_bugs …
#windows_logical_privilege_escalationpic.twitter.com/nRxvGq40LX
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
We've added 11 new XSS labs, with learning materials. There is new content on CSP, dangling markup injection, and escaping the AngularJS sandbox.https://portswigger.net/web-security/cross-site-scripting …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Nilesh Sapariya proslijedio/la je Tweet
Cross-Site Websocket Hijacking bug in Facebook that leads to account takeover https://ysamm.com/?p=363
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
#day41#bugbounty#learning PDF to XXE This makes me go in-depth about XML* Q like 1. Why XML is made? 2. Who uses XML? 3. What supports XML? 4. Why it can accept any tag? 5. How the tags are executed? 6. How/WHY does an entity work? 7. etc https://www.sitepoint.com/really-good-introduction-xml/ …#day41 ENDS :)Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
It's time to drop my DoS PoC for CVE-2020-0609 & CVE-2020-0610! Gonna make the scanner soon and then hopefully create a full RCE if possible :) Thanks to
@ollypwn for the assistance!https://github.com/ioncodes/BlueGate …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
Post-exploitation
#Friday tip: Do you know how to trivially & remotely hijack an#RDP session without prompt nor warning on user's side using#Microsoft signed binary (no patch/multi-session) ? qwinsta+mstsc shadowing is the answer ;) Details: https://github.com/kmkz/Pentesting/blob/master/Post-Exploitation-Cheat-Sheet …#Pentestingpic.twitter.com/wHVIYQo73A
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
Starting to put together a Linux Privesc Video. Can anyone spot something non-network that I'm missing? - Recon (linPEAS/LinEnum) - Sudo - Permission Overview (file writes - sshKey/cron) - SetUID - Kernel - Cron - Network [mysql, postgres, erlang cookie (couchDb)]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Nilesh Sapariya proslijedio/la je Tweet
This blind XXE technique for out-of-band exfiltration was one of the core use cases we had in mind when developing Burp Collaborator:https://portswigger.net/web-security/xxe/blind/lab-xxe-with-out-of-band-exfiltration …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
