Terry Zhang

@pnig0s

Know me then ignore me.

Beijing, China
Vrijeme pridruživanja: svibanj 2011.

Tweetovi

Blokirali ste korisnika/cu @pnig0s

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @pnig0s

  1. proslijedio/la je Tweet
    24. sij

    Construction began on the night of January 23 for a new specialized hospital for patients in central China's City. The hospital is designed to have an area of 25,000 square meters with 1,000 beds and will be put into use by February 3

    Prikaži ovu nit
    Poništi
  2. 24. sij

    Happy ! 新年快乐

    Poništi
  3. 20. sij

    Happy to announce that I'll be presenting my research about identity security at 2020! Also it's nice to see BlueHat expand its topic to cover more on AppSec. How i pwn your Email: When Online Identity Fails

    Poništi
  4. proslijedio/la je Tweet
    16. sij

    I watched all 44 2019 talks (~32 hours of video) and wrote detailed summaries for you 📚 Learn about , scaling security, threat modeling, building a security program, & more.

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    17. sij

    Vulnerability severity levels

    Poništi
  6. proslijedio/la je Tweet
    16. sij

    So you believe UUID's are a sufficient protection against IDOR's? Think again! 🤦 Thanks for the ,

    Poništi
  7. 16. sij

    At least,if the case is out of scope somehow, we deserve a certain explanation on the specific case not some general reply template.

    Poništi
  8. 16. sij

    And i really advise that the bounty/severity review shouldn't based on the conclusion of only one analyst. Shouldn't it be reviewed by a few team members?

    Poništi
  9. 16. sij

    Got negative experience on MSRC program all the time :( It really need to be more transparent. Case 55832 a cross tenant PoE issue on an Azure service,classified as Moderate and out of scope. But the team fix it within a few days i report...

    Poništi
  10. proslijedio/la je Tweet
    10. sij

    Awesome research by looking at CVE-2019-19781 Citrix ADC RCE. Purposely not provided the fire and forget exploit (although this is well known now). Technical details provided for those looking at just how this issue manifests itself.

    Poništi
  11. proslijedio/la je Tweet
    6. sij

    One of the scarier bugs I’ve found: with Microsoft’s go-ahead & after many hours spent, I’m excited to finally publish this writeup and PoC! 👩🏼‍💻

    Poništi
  12. proslijedio/la je Tweet
    4. sij

    An amazingly well written description of the upcoming SameSite cookie enforcement in Chrome 80. If your org makes use of cross-origin cookie access, you’re running out of time to fix before Feb 4. Via

    Poništi
  13. 30. pro 2019.

    Having a great experience hacking on Github this year.Always impressed by the fast triaging speed of the team.Clear understanding to the product features,to the attack scenario in reports. No need for extra words.

    Poništi
  14. proslijedio/la je Tweet
    27. pro 2019.
    Poništi
  15. proslijedio/la je Tweet
    24. pro 2019.

    Writeup on how I made $40,000 breaking the new Chromium Edge using essentially two XSS flaws.

    Poništi
  16. 18. pro 2019.
    Poništi
  17. proslijedio/la je Tweet
    12. pro 2019.

    Cached and Confused: Web Cache Deception in the Wild [PDF]

    Poništi
  18. 9. pro 2019.

    MSRC portal seems broken...again.

    Poništi
  19. 5. pro 2019.

    MSRC has made the program and severity/impact clear for each case in bounty In-Scope email.

    Poništi
  20. proslijedio/la je Tweet
    24. stu 2019.

    New write-up: Command injection is usually mitigated but argument injection is often overlooked. An example of an argument injection chain leading to code execution:

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·