Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @securitum_com
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @securitum_com
-
Securitum proslijedio/la je Tweet
Wow, four blog posts of mine are included in the list! - XSS in GMail's AMP4Email via DOM Clobbering - DOMPurify 2.0.0 bypass using mXSS - Exploiting prototype pollution - Security analysis of <portal> element If you like them (or other techniques), please vote!https://twitter.com/PortSwiggerRes/status/1217100103548313601 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
If you wish to speak to us today, we have a stand on
@WTHConf. You can meet@SecurityMB and@sajdoor. Come talk to us!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
In today’s Chrome release, two security issues reported by our team are fixed. Good job
@piochu and@SecurityMB! Writeups coming soon! Details:https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
We've just released "web application security" book. ~800 pages, printed in full color, 7k+ paper copies sold in 2-months preorder:) Lots of
@burpsuite inside, preface by@gynvael, a couple of offensive chapters by@SecurityMB. Currently only in Polish. EN edition coming in 2020.pic.twitter.com/E7iqsK8riq
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Securitum proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Securitum proslijedio/la je Tweet
Bug of the Week! XSS in GMail’s
#amp4email implementation via DOM Clobbering by@SecurityMB:https://research.securitum.com/xss-in-amp4email-dom-clobbering/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Another write up of a bug found by
@SecurityMB in Google VRP! An XSS via Dom Clobbering in AMP4Emailhttps://research.securitum.com/xss-in-amp4email-dom-clobbering/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Why a camera used by governments worldwide (Ganz Security) has netcat installed by default? All runs as root of course. And there is an additional auth bypass in this URL (not shown on the screen :P). We sent the info to Ganz, should be fixed (?) by now.pic.twitter.com/0PqUCWNCyQ
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
CSRF + nice play with HTTP verbs + OAuth = cool bug in GitHub ($25 000 bug bounty).https://twitter.com/not_aardvark/status/1191715980189327362 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Our past research concerning a Bosch CCTV camera. /sdram_tiff_dump.bin URL is unauthenticated and dumps you specific parts of memory (!). At offset ~0xCDE548C2 -> admin password in plaintext.pic.twitter.com/odvKce9dqg
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
We’ve just published a new blogpost about our journey with exploiting prototype pollution in Kibana to RCE (CVE-2019-7609)https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
We’ve just published a new article about typical security issues in JSON Web Tokens (JWT). Learn about the eleven thorns right here:https://research.securitum.com/jwt-json-web-token-security/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Our guy,
@SecurityMB, had a presentation at OWASP Poland Day about exploiting prototype pollution to RCE on the example of Kibana, by abusing environmental variables in node. The slides are here: https://slides.com/securitymb/prototype-pollution-in-kibana/#/ … We will also release a writeup soon so stay in touch!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Securitum proslijedio/la je Tweet
TIL someVar.getClass() == (42).TYPE == java.lang.Class, thanks to
@securitum_comhttps://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
We have published a writeup of latest DOMPurify bypass with mutation XSShttps://research.securitum.com/dompurify-bypass-using-mxss/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
New blog post about our journey with Pebble templating engine and Server-Side Template Injection in it!https://research.securitum.com/server-side-template-injection-on-the-example-of-pebble/ …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
We’re kicking off with our company’s research blog with
@SecurityMB’s analysis of <portal> element. A few interesting bugs and quirks inside!https://twitter.com/SecurityMB/status/1169613464182153216 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
