Ronnie Flathers

@ropnop

security guy, pentester, researcher. i sometimes blog and code based on motivation/caffeine levels. Currently leading product appsec

Chicago
Vrijeme pridruživanja: listopad 2013.

Tweetovi

Blokirali ste korisnika/cu @ropnop

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @ropnop

  1. 4. velj

    So much fun presenting this! Happy to share my slides for "Don't Cross Me! Same Origin Policy and all the 'cross' vulns". SOP is an important topic I feel is not adequately explained and understood by many developers and security pros.

    Poništi
  2. 2. velj

    Anyways I'm pretty happy with these slides so far. I really don't think you can fully grok XSS and CSRF without putting them in context of SOP

    Prikaži ovu nit
    Poništi
  3. 2. velj

    Me: I'll make some quick overview slides of XSS and CSRF Me: But I can't really explain those without first explaining the SOP and browser security model Me: ... (40 slides later) Me: okay, here's a quick overview of XSS and CSRF 🙃

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    29. sij

    Anyone out there deploying container workloads over K8S and using an NGFW to protect those workloads? If so I’d love to discuss. Please R/T.

    Poništi
  5. proslijedio/la je Tweet
    22. sij

    Revisiting RDP lateral movement and releasing a project that will be part of a bigger tool coming next week

    Poništi
  6. 20. sij

    Alright, flipped the switch and is now hosted with and Hopefully no issues, but lmk if I broke anything or links don't work anymore

    Poništi
  7. proslijedio/la je Tweet
    20. sij

    Hi Blue/CTI. It's me. Would you be willing to test something? It's a tool that takes an IP and tells you if it's Empire. That's it. I don't have access to the kind of sample data you do. Is something like this useful to you in your day to day?

    Prikaži ovu nit
    Poništi
  8. 20. sij

    Thinking of migrating my blog to pure static using and . Copied over all my posts and trying to make it look/feel the same. Any thoughts or feedback?

    Poništi
  9. proslijedio/la je Tweet
    14. sij

    Don’t forget: we’re THIS WEDNESDAY! Join a great group of infosec and cigar nerds in The West Loop at ⁦⁩ around 5! Cigar noobs always welcome!

    Poništi
  10. proslijedio/la je Tweet
    14. stu 2019.

    🥳To celebrate the 1st year anniversary of my . I decided to public the beta version of - a framework for web application testing. Enjoy! 🥳

    Poništi
  11. proslijedio/la je Tweet
    6. sij

    As pipelines get more complex and distributed, making the shift from a "push" to "pull" model makes so much sense. Lots of opportunity to limit attack surface using this model.

    Poništi
  12. 18. pro 2019.
    Poništi
  13. proslijedio/la je Tweet
    17. pro 2019.

    New tool: rubeus2ccache Generates ccache files directly from Rubeus dump output. Major thanks to for basically writing anything hard. Merry Christmas Red Team! 🎄

    Poništi
  14. 16. pro 2019.
    Poništi
  15. proslijedio/la je Tweet
    16. pro 2019.
    Poništi
  16. 14. pro 2019.

    Oh and maybe finally get around to submitting to the CFP. Got some deliciously evil ideas on red teaming DevOps toolchains I think it's time to share ;)

    Prikaži ovu nit
    Poništi
  17. 14. pro 2019.

    Now gonna fire up the and nerd out while the year hopefully comes to a relaxing close :) Happy holidays!

    Prikaži ovu nit
    Poništi
  18. 14. pro 2019.

    And cut a release of the Impacket static binaries to be on par with latest v0.9.20 release. Also updated my Docker image rflathers/impacket to use Python 3 now that it's supported. Great work as always,

    Prikaži ovu nit
    Poništi
  19. 14. pro 2019.

    Pushed an update to the serverless toolkit too. Since I released it, no longer supports arbitrary Docker images, so I reworked them all to be pure functions. Unfortunately can't port them all, but theyre still super helpful!

    Prikaži ovu nit
    Poništi
  20. 14. pro 2019.

    New version of Kerbrute released. Some minor improvements and added a --delay option if you want to slow things down and be stealthier. Big thanks to for the PR!

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·