pk_sec

python3 -m http.server 8080 # Start a simple webserver using python3 on external port 8080 and use the current directory you are in as the document root. Be careful with what you expose to the world. Use --bind 127.0.0.1 if you want to make it local only.

i've written a working exploit for sudo vulnerability CVE-2019-18634. if you have "Defaults pwfeedback" (apparently the default in Linux Mint and derivatives), any user can become root without any password, even if they're not in /etc/sudoers https://nvd.nist.gov/vuln/detail/CVE-2019-18634 …

When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past. #bugbountytip #bugbountytip #bugbounty

If you want to understand what happened with Shadow and the failure of the Iowa Caucus app you have to understand how electoral campaign tech work is done and funded. Let me tell you a story to make sense of it.

When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018) #bugbountytip #bugbounty

A couple of people asked for my 'XSS for 2020' cheatsheet in PDF format, so I went ahead and made it today. Enjoy. :) https://netsec.expert/public/serve/xss_2020.pdf … #bugbountytips

Tuesday Technical Tweet Thread Time! Let's go on the roller coaster of what happens at a low level when a DNS server sends an 4,000 byte EDNS0 response to a client whose MTU is 1200 bytes. Confused already? don't worry, we'll break it down. I promise it's super interesting.

We've determined that an authentication certificate has expired causing, users to have issues using the service. We're developing a fix to apply a new certificate to the service which will remediate impact. Further updates can be found under TM202916 in the admin center.