Pxmme

@pxmme1337

Don't be a NPC | Views and opinions are my own and do not reflect my employer's | Triager @ HackerOne

Vrijeme pridruživanja: listopad 2016.

Tweetovi

Blokirali ste korisnika/cu @pxmme1337

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @pxmme1337

  1. Prikvačeni tweet
    13. lis 2019.

    Ncat: Connection from bash: no job control in this shell bash-4.2$

    Poništi
  2. 25. sij

    What's the best VPS provider out there? I'd like to automate some of my recon... Thinking Amazon right now?

    Poništi
  3. proslijedio/la je Tweet
    16. sij

    French infosec addict looking for a vulnerability researcher/pentester remote position. RT appreciated ! DMs open ;)

    Poništi
  4. 1. sij

    All our internal apps are made in python2

    Poništi
  5. proslijedio/la je Tweet
    31. pro 2019.
    Odgovor korisnicima i sljedećem broju korisnika:
    Poništi
  6. 30. pro 2019.
    Poništi
  7. 27. pro 2019.

    my printer isn't printing anymore, could you...

    Poništi
  8. proslijedio/la je Tweet
    20. pro 2019.

    HackerOne disclosed a bug submitted by the_arch_angel:

    Poništi
  9. proslijedio/la je Tweet
    10. pro 2019.
    Poništi
  10. proslijedio/la je Tweet
    3. pro 2019.

    💌 A love letter: You are disclose for me you session you are gevi me your session on last report I am can use your session(sorry) ❤️

    Poništi
  11. 2. pro 2019.

    "Your finding belongs to the Sensitive Data Exposure category, so by default, it's capped at $500. However, due to the high impact and sensitivity of the exposed data, we've decided to award you the max bounty ($1500) of our program [...]" Impact matters

    Poništi
  12. proslijedio/la je Tweet
    30. stu 2019.

    Here's an story: 1. Access other users' details -> names/emails by forcing IDs in URL 2. Rejected as the numeric IDs were very long & hard to enumerate 3. Created 10k accounts 4. Run Burp Sequencer to analyze their IDs -> poor entropy 5. Profit

    Poništi
  13. 30. stu 2019.

    We are living in a fucked-up era

    Poništi
  14. proslijedio/la je Tweet
    29. stu 2019.

    HTTP Request Smuggling in one Screenshot. 🙂

    Poništi
  15. proslijedio/la je Tweet
    28. stu 2019.

    Finally reached the famous top 10 of the month on !! What a great adventure since 02 months! Doing Bug-Bounty is really really exicted!!

    Poništi
  16. 28. stu 2019.

    I just love working with APIs. Especially when devs assume security by obscurity is the way to go. No swagger, huh? But also no rate limiting? Hold my wfuzz

    Poništi
  17. proslijedio/la je Tweet
    23. stu 2019.

    decompile android app. and go to : Resources > resources.arsc > res > values > strings.xml search for *.firebaseio.com in xml file. ,and open browser try https://*.firebaseio.com/.json , you might find read access to database there. .

    Prikaži ovu nit
    Poništi
  18. 22. stu 2019.
    Poništi
  19. 22. stu 2019.
    Poništi
  20. 20. stu 2019.

    NPCs, NPCs everywhere

    Poništi
  21. proslijedio/la je Tweet
    20. stu 2019.
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·