Arminius

@rawsec

Infosec fanboy. I do bug bounty hunting, CTFs, some FOSS, mediocre chess. Mostly no idea what I'm doing. HoF: Google, Chrome, Firefox, Facebook, Paypal et al.

In the wild
github.com/numirias
Vrijeme pridruživanja: listopad 2013.
2 fotografije ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @rawsec

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @rawsec

  1. Prikvačeni tweet
    3. lis 2018.

    Mini XSS challenge 3. Can you solve it? 🤔 <?php = bin2hex(random_bytes(8)); header("Content-Security-Policy: script-src 'nonce-$n'"); printf('<script nonce=%s>"%s"</script>%s', , str_replace('"', '', $_GET['a']), $_GET['b']); ?>

    14 proslijeđenih tweetova 27 korisnika označava da im se sviđa
    Poništi
  2. 3. velj

    Sigh. It's 2020. Crypto exchange just awarded me a $28.49 bounty for an unconditional XSS vuln on their main domain. (via 3rd party component but still...) A little deceitful to call that a program 🤷

    3 proslijeđena tweeta 3 korisnika označavaju da im se sviđa
    Poništi
  3. 26. stu 2019.

    Know someone who needs a Titan security key bundle from Google? Got that promo mail where someone gets a free bundle if I refer them to Google's Advanced Protection Program

    3 korisnika označavaju da im se sviđa
    Poništi
  4. 4. lip 2019.

    Arbitrary code execution vulnerability in Vim < 8.1.1365 and Neovim < 0.3.6 via modelines. 😬 Also, why you should not use Vim with default config, or cat without -v.

    31 reply 751 proslijeđeni tweet 1.270 korisnika označava da im se sviđa
    Poništi
  5. 21. lis 2018.

    Want a riddle for your coffee break (or, if you're me, a weekend full of despair)? Try this tricky "One Line PHP Challenge" from <?php ($_=@$_GET['orange']) && (file($_)[0],0,6) === '@<?php' ? include($_) : highlight_file(__FILE__); ?> http://54.250.246.238/

    4 proslijeđena tweeta 10 korisnika označava da im se sviđa
    Poništi
  6. 7. lis 2018.

    My write-up for Hackover CTF "cyberware" challenge. Using dir trav and manually obtaining packfiles from git meta dir. Was a nice little peek into git internals.

    1 reply 6 proslijeđenih tweetova 9 korisnika označava da im se sviđa
    Poništi
  7. 4. lis 2018.

    Where's Bobby Tables when you need him

    We're investigating a database overload and working to resolve it ASAP.
    2 korisnika označavaju da im se sviđa
    Poništi
  8. 30. ruj 2018.

    Write-up for Nodepad web challenge. :) XSS + SQLi + CSP bypass. That's some neat challenge design!

    52 proslijeđena tweeta 92 korisnika označavaju da im se sviđa
    Poništi
  9. 29. ruj 2018.

    Yay, finally solved Nodepad web challenge with team secse for . That one was super well designed. :) Now time for some sleep

    1 reply 8 korisnika označava da im se sviđa
    Poništi
  10. 23. srp 2018.

    At my bank, a wire transfer requires PIN and TAN. Fine. But as it turns out, to close your account, you can just send in a signed form including the account number you want the balance transferred to. No auth, not even a confirmation call.

    Poništi
  11. 19. srp 2018.

    Apparently, the security of is so abysmal, their bug bounty program explicitly *excludes* RFI, LFI, and XSS.

    1 reply 1 korisnik označava da mu se sviđa
    Poništi
  12. 19. srp 2018.

    Yay, after 8 months, finally fixed an XSS bug on . More vulns incoming. :)

    Poništi
  13. 9. srp 2018.

    Awesome, my bank sending my account information as an encrypted PDF... and the key is my five-digit ZIP code.

    1 reply 4 korisnika označavaju da im se sviđa
    Poništi
  14. 12. velj 2018.

    Fascinating how many people casually backdoor their projects.

    1 proslijeđeni tweet 7 korisnika označava da im se sviđa
    Poništi
  15. 8. kol 2017.

    Great write-up of the "Title Case" CTF challenge!

    1 reply 4 proslijeđena tweeta 5 korisnika označava da im se sviđa
    Poništi
  16. 7. kol 2017.

    Really want to see a write-up for the "Title Case" CTF challenge. That was one annoying Python jail.

    1 korisnik označava da mu se sviđa
    Poništi
  17. 4. kol 2017.

    Excited to play the CTF. Hoping for some interesting challenges. :)

    Poništi
  18. 29. lip 2017.

    Can you solve this 2nd mini XSS challenge, too? <?php echo file_get_contents(str_replace(['/', '.'], '', $_GET['q'])); ?>

    1 korisnik označava da mu se sviđa
    Poništi
  19. 25. lip 2017.

    A small write-up for the Geokitties v2 challenge and a few words on charset sniffing.

    4 proslijeđena tweeta 7 korisnika označava da im se sviđa
    Poništi
  20. 19. lip 2017.

    Can you solve this mini XSS challenge? <?php header('Content-Type: text/html;charset=utf-8'); echo preg_replace('/<\w+/', '', $_GET['q']) ?>

    8 proslijeđenih tweetova 10 korisnika označava da im se sviđa
    Poništi

@rawsec još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·