/home/ /spade.py

@phspades

Parrot Sec Community Philippine Ambassador • Security Researcher • Hacker

127.0.0.1
Vrijeme pridruživanja: rujan 2015.

Tweetovi

Blokirali ste korisnika/cu @phspades

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @phspades

  1. Prikvačeni tweet
    26. srp 2019.
    Poništi
  2. Seven Program Invites. WTF

    Poništi
  3. proslijedio/la je Tweet
    4. velj
    Poništi
  4. Thanks for swags this month of February.

    Poništi
  5. proslijedio/la je Tweet
    4. velj

    Check out my interview with from my stream last week! Tons of great tips on recon, using , asset management with , and looking for bugs with high impact! Full interview:

    Poništi
  6. proslijedio/la je Tweet
    3. velj

    Anyone! who can explain help in learning about writeable Firebase db? I'm testing again't my own app with public permission! ref: the report and poc at doesn't really show a proper way to write data?

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    3. velj

    When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.

    Poništi
  8. proslijedio/la je Tweet
    2. velj
    Poništi
  9. proslijedio/la je Tweet
    1. velj

    I was tired of outdated XSS cheat sheets that don't touch on frameworks, html5, filter bypasses and other important stuff, so I made my own. I hope you find it as useful as I do. :)

    Poništi
  10. proslijedio/la je Tweet
    2. velj

    SQL Injection Payload List by Password Cracking Is Easy: Here’s How to Do It by in API Security Testing(Part 1) by Saumya Prakash Rana

    Poništi
  11. 1. velj

    In January, I submitted 18 vulnerabilities to 12 programs on .

    Poništi
  12. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    Poništi
  13. proslijedio/la je Tweet
    30. sij

    PlaystoreDownloader : A command line tool to download Android applications directly from the Google Play Store : (not affiliated with Google in any way)

    Poništi
  14. 30. sij

    Looks like im belong to the winner.. Let see..

    Poništi
  15. proslijedio/la je Tweet
    28. sij

    Hacker tip: when you’re looking for IDORs in a model that references another model, try storing IDs that don’t exists yet. I’ve seen a number of times now that, because the model can’t be found, the system will save the ID. (1/2)

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    Poništi
  17. proslijedio/la je Tweet
    27. sij

    Did you know that the address '<a@b.com>c@d.com' when given to SES will send an email to a@b.com? this could lead to interesting exploit scenarios with some email parsing libraries/code

    Poništi
  18. proslijedio/la je Tweet
    26. sij

    An excellent talk by : clear methodology, novel bugs and interesting links 💯

    Poništi
  19. proslijedio/la je Tweet
    24. sij
    Poništi
  20. 24. sij
    Poništi
  21. proslijedio/la je Tweet
    23. sij

    "ondragend" event seems to bypass certain WAFs <p ondragend=[1].map(prompt) draggable="true">dragMe</p> cc

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·