Nilesh Sapariya

@nilesh_loganx

Ethical Hacker | Bug Hunter | Dreamer | Believer | Speaker | Dubai | India. The guy who ++ Building

Mumbai
Vrijeme pridruživanja: srpanj 2010.

Tweetovi

Blokirali ste korisnika/cu @nilesh_loganx

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @nilesh_loganx

  1. Prikvačeni tweet
    24. lip 2017.

    Twitter CSV Injection - Going beyond Pop-Up Calculator to Taking Meterpreter Shell (y)

    Poništi
  2. proslijedio/la je Tweet
    2. velj

    I’ve just published my exploit for the LPE and RCE in OpenBSD’s OpenSMTPD recently disclosed by You can find it here:

    Poništi
  3. proslijedio/la je Tweet
    2. velj
    Poništi
  4. proslijedio/la je Tweet
    31. sij

    Wow! "Resources for Beginner Bug Bounty Hunters" has over 1000 stars on GitHub now and we just pushed a new update! Check it out:

    Poništi
  5. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    Poništi
  6. proslijedio/la je Tweet

    🎉 New blogpost :) Quick blogpost about how I found a OOM/DoS bug in a famous / package using coverage-guided fuzzer. ➡️ Fuzzer: Jsfuzz by ➡️ Target: wasm-parser ➡️ Bug: DoS/OOM

    Poništi
  7. proslijedio/la je Tweet
    28. sij

    Here's my PoC for CVE-2020-7980, a script to gain RCE (root level) to some Satellite controllers.

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    30. sij

    CVE-2020-0674: Internet Explorer Remote Code Execution Vulnerability Exploited in the Wild Zero-day remote code execution vulnerability Triggers 0. JScript 1. used in 2. ... Proof of Concept Demo Video

    Ovo je potencijalno osjetljiv multimedijski sadržaj. Saznajte više
    Poništi
  9. proslijedio/la je Tweet
    29. sij
    Poništi
  10. proslijedio/la je Tweet
    29. sij

    We now have 116 awesome labs on the Web Security Academy. We'll be adding some more soon.

    Poništi
  11. proslijedio/la je Tweet
    28. sij

    I always had a hard time finding writeups beacuse they were all over the place in different blog posts, so I made this. If you know of something that is not in there, you are more than welcome to contribute! 🎉

    Poništi
  12. proslijedio/la je Tweet
    28. sij

    A Red Teamer’s Guide to GPOs and OUs

    Poništi
  13. proslijedio/la je Tweet
    27. sij

    I created this repo for the people who want to learn about windows logical privilege escalation bugs. You can contact me to add good article which I missed.

    Poništi
  14. proslijedio/la je Tweet
    27. sij

    We've added 11 new XSS labs, with learning materials. There is new content on CSP, dangling markup injection, and escaping the AngularJS sandbox.

    Poništi
  15. 26. sij
    Poništi
  16. proslijedio/la je Tweet
    24. sij

    Cross-Site Websocket Hijacking bug in Facebook that leads to account takeover

    Poništi
  17. proslijedio/la je Tweet
    23. sij

    PDF to XXE This makes me go in-depth about XML* Q like 1. Why XML is made? 2. Who uses XML? 3. What supports XML? 4. Why it can accept any tag? 5. How the tags are executed? 6. How/WHY does an entity work? 7. etc ENDS :)

    Poništi
  18. proslijedio/la je Tweet
    24. sij

    It's time to drop my DoS PoC for CVE-2020-0609 & CVE-2020-0610! Gonna make the scanner soon and then hopefully create a full RCE if possible :) Thanks to for the assistance!

    Poništi
  19. proslijedio/la je Tweet
    24. sij

    Post-exploitation tip: Do you know how to trivially & remotely hijack an session without prompt nor warning on user's side using signed binary (no patch/multi-session) ? qwinsta+mstsc shadowing is the answer ;) Details:

    Poništi
  20. proslijedio/la je Tweet
    24. sij

    Starting to put together a Linux Privesc Video. Can anyone spot something non-network that I'm missing? - Recon (linPEAS/LinEnum) - Sudo - Permission Overview (file writes - sshKey/cron) - SetUID - Kernel - Cron - Network [mysql, postgres, erlang cookie (couchDb)]

    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    23. sij

    This blind XXE technique for out-of-band exfiltration was one of the core use cases we had in mind when developing Burp Collaborator:

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·