Sam Curry (zlz)

@samwcyo

Full time bug bounty hunter. Run a blog to better explain web application security. Somewhere between high school and pretending to be an adult.

Vrijeme pridruživanja: siječanj 2017.

Tweetovi

Blokirali ste korisnika/cu @samwcyo

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @samwcyo

  1. proslijedio/la je Tweet
    prije 22 sata

    Today’s Chrome release not only makes SameSite cookies default but also kills mutation XSS found by and fixes another issue (worth $10k) about which more details will be released in a few months. Stay tuned!

    Poništi
  2. proslijedio/la je Tweet
    3. velj

    Hey bug hunters! Want a look at some of the top vulnerabilities ever found on ? They just released the last blog post I wrote before leaving. Enjoy!

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    1. velj

    I was tired of outdated XSS cheat sheets that don't touch on frameworks, html5, filter bypasses and other important stuff, so I made my own. I hope you find it as useful as I do. :)

    Poništi
  4. proslijedio/la je Tweet
    2. velj

    This month I learnt how to analyse the JavaScript of a React Native application while bounty hunting. I wanted to share what I found out with everyone else.

    Poništi
  5. 1. velj

    Is it still good advice to tell people who are breaking into security to maintain a blog? In what cases is this bad advice?

    Poništi
  6. proslijedio/la je Tweet
    31. sij

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    Poništi
  7. 29. sij

    What if... what if I don't want to automate my bug hunting? What if I enjoy the process? How can I get by with all these tools being suggested to me... 😪

    Poništi
  8. proslijedio/la je Tweet
    28. sij
    Poništi
  9. proslijedio/la je Tweet
    27. sij
    Poništi
  10. proslijedio/la je Tweet
    24. sij

    Twitter disclosed a bug submitted by zlz: - Bounty: $560

    Poništi
  11. proslijedio/la je Tweet
    23. sij

    Introduction to Triaging Fuzzer-Generated Crashes by Josiah Pierce

    Poništi
  12. 21. sij

    When GET /dev/viewtablestest.php has a load time of 30 seconds and errors out with a max memory allocation message

    Poništi
  13. proslijedio/la je Tweet
    21. sij

    The web framework Django used to use this flawed CSRF defence, which once exposed to attack. Check out this lab on our Web Security Academy to learn how:

    Poništi
  14. 19. sij

    How many days a year do you think you spend more than 3 hours on a computer/laptop (doesn’t include cell phone)?

    Poništi
  15. proslijedio/la je Tweet
    14. sij

    Voting is now open for the top 10 new web hacking techniques of 2019:

    Poništi
  16. proslijedio/la je Tweet
    14. sij

    New blog post about my favorite challenges from this year's . I had fun playing! (skip the read if you are coming to tonight, as this is my topic)

    Poništi
  17. 10. sij

    I have seen a few posts about gaining access to application portals via a user agent with the string “admin” (or similar) but never understood how those bugs got there in the first place? In what context were developers sending crafted user agents to access things?

    Poništi
  18. proslijedio/la je Tweet
    9. sij

    This one is one of my favorite bugs I've ever found, because and I were running around NYC for 's until we go finally got a working POC. We also presented this at 27 and will be a part of my deck! Enjoy!

    Poništi
  19. 6. sij

    It gives me a weird feeling seeing a burp request go though and calculator popping... 😬

    Poništi
  20. proslijedio/la je Tweet
    3. sij

    To start the new year I'm releasing another write-up where I explain the process of detecting and exploiting a chained HTTP request smuggling vulnerability which led me to an account takeover.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·