sandh0t

@sandh0t

Ethical Hacker / Bug Bounty Hunter, At HackerOne, Synack Red Team, and BugCrowd. Certified OSCP. Acknowledge By Facebook, Microsoft, Yahoo, ...

Vrijeme pridruživanja: lipanj 2017.

Tweetovi

Blokirali ste korisnika/cu @sandh0t

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @sandh0t

  1. Prikvačeni tweet
    14. svi 2019.

    I'm proud to share my first write-up, hope you enjoy it Think Outside the Scope: Advanced CORS Exploitation Techniques

    Poništi
  2. proslijedio/la je Tweet
    2. velj

    This month I learnt how to analyse the JavaScript of a React Native application while bounty hunting. I wanted to share what I found out with everyone else.

    Poništi
  3. proslijedio/la je Tweet
    30. srp 2019.

    Ever had chewing up memory and CPU usage? A possible reason could be the DOM XSS scanner! This is how you can disable it! Go to Dashboard > Live audit from Proxy > Settings > Scan Config > Edit > Issues Reported > Disable JavaScript Analysis Sweet and simple!

    Poništi
  4. proslijedio/la je Tweet
    26. stu 2019.

    Quick and dirty way to find parameters vulnerable to LFI & Path Traversal & SSRF & Open Redirect: Burp Search > Regex \?.*=(\/\/?\w+|\w+\/|\w+(%3A|:)(\/|%2F)|%2F|[\.\w]+\.\w{2,4}[^\w]) Suggestions are welcome.

    Prikaži ovu nit
    Poništi
  5. 29. stu 2019.

    How I find Blind XSS Vulnerability in by newp_th

    Poništi
  6. 22. stu 2019.

    The Top 8 Burp Suite Extensions That I Use to Hack Web Sites

    Poništi
  7. 3. ruj 2019.

    Yay, I was awarded a $7,200 bounty on !

    Poništi
  8. 7. kol 2019.

    My dream come true 😁 Finding an on main domain @GoogleVRPA

    Poništi
  9. 1. kol 2019.

    Chaining Cache Poisoning To Stored XSS by

    Poništi
  10. proslijedio/la je Tweet
    23. srp 2019.

    I used this trick with not too long ago where we saw a reference to a Jira subdomain in the data we collected from a certificate. We were able to see the Jira instance and exploit an SSRF to get access to the company's internal network.

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    13. srp 2019.

    -2019-11580 Atlassian Crowd and Crowd Data Center RCE

    Poništi
  12. proslijedio/la je Tweet
    14. srp 2019.

    New blog post: Analysis of an Atlassian Crowd RCE - CVE-2019-11580

    Poništi
  13. 2. srp 2019.
    Poništi
  14. 1. srp 2019.

    Successfully passed the exam, Thanks for this awesome experience . Next step is

    Poništi
  15. proslijedio/la je Tweet
    5. svi 2019.

    Cool way to pull down tools on an internal engagement when you lack wget, curl, etc on a Linux system using Bash net redirections. Pretty slick.

    Poništi
  16. proslijedio/la je Tweet
    28. ožu 2019.

    cat urls.txt | while read url; do gobuster -u https://"$url" -q -e -k -w content_discovery_all.txt; done > sub_url.txt; cat sub_url.txt| cut -d ' ' -f 1 > /opt/parameth/params.txt;cd /opt/parameth;cat params.txt | while read url; do python -u "$url"; done

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    26. ožu 2019.

    Introducing Shodan Monitor: a new website to help you setup network alerts and keep track of what's connected to the Internet - and it's available at no additional cost to members:

    Poništi
  18. proslijedio/la je Tweet
    15. ožu 2019.

    RCE on Steam Client via buffer overflow in Server Info by and vinnievan. Full report here: ($18,000 bounty)

    Poništi
  19. 13. ožu 2019.

    awesome tool! Just copy a bug bounty program's scope from their page, paste it to a .txt file, and convert it to Burp scope using one command.

    Poništi
  20. proslijedio/la je Tweet
    11. ožu 2019.

    Turns out the first bug bounty payment was made in 1836, when a sewerman discovered a hidden entrance to the Bank of England - “For his honesty, the Bank rewarded him with a gift of £800”

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·