Securitum

@securitum_com

We are a pen test company from Poland. If you’re interested in an assignment, DM us or write to securitum@securitum.com

Kraków, Polska
Vrijeme pridruživanja: kolovoz 2019.

Tweetovi

Blokirali ste korisnika/cu @securitum_com

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @securitum_com

  1. proslijedio/la je Tweet
    14. sij

    Wow, four blog posts of mine are included in the list! - XSS in GMail's AMP4Email via DOM Clobbering - DOMPurify 2.0.0 bypass using mXSS - Exploiting prototype pollution - Security analysis of <portal> element If you like them (or other techniques), please vote!

    Poništi
  2. 14. pro 2019.

    If you wish to speak to us today, we have a stand on . You can meet and . Come talk to us!

    Poništi
  3. 10. pro 2019.

    In today’s Chrome release, two security issues reported by our team are fixed. Good job and ! Writeups coming soon! Details:

    Poništi
  4. 3. pro 2019.

    We've just released "web application security" book. ~800 pages, printed in full color, 7k+ paper copies sold in 2-months preorder:) Lots of inside, preface by , a couple of offensive chapters by . Currently only in Polish. EN edition coming in 2020.

    Poništi
  5. proslijedio/la je Tweet
    21. stu 2019.
    Poništi
  6. proslijedio/la je Tweet

    Bug of the Week! XSS in GMail’s implementation via DOM Clobbering by :

    Poništi
  7. 18. stu 2019.

    Another write up of a bug found by in Google VRP! An XSS via Dom Clobbering in AMP4Email

    Poništi
  8. 8. stu 2019.

    Why a camera used by governments worldwide (Ganz Security) has netcat installed by default? All runs as root of course. And there is an additional auth bypass in this URL (not shown on the screen :P). We sent the info to Ganz, should be fixed (?) by now.

    Poništi
  9. 7. stu 2019.

    CSRF + nice play with HTTP verbs + OAuth = cool bug in GitHub ($25 000 bug bounty).

    Poništi
  10. 7. stu 2019.

    Our past research concerning a Bosch CCTV camera. /sdram_tiff_dump.bin URL is unauthenticated and dumps you specific parts of memory (!). At offset ~0xCDE548C2 -> admin password in plaintext.

    Poništi
  11. 30. lis 2019.

    We’ve just published a new blogpost about our journey with exploiting prototype pollution in Kibana to RCE (CVE-2019-7609)

    Poništi
  12. 24. lis 2019.

    We’ve just published a new article about typical security issues in JSON Web Tokens (JWT). Learn about the eleven thorns right here:

    Poništi
  13. 16. lis 2019.

    Our guy, , had a presentation at OWASP Poland Day about exploiting prototype pollution to RCE on the example of Kibana, by abusing environmental variables in node. The slides are here: We will also release a writeup soon so stay in touch!

    Poništi
  14. proslijedio/la je Tweet
    4. lis 2019.
    Poništi
  15. 23. ruj 2019.

    We have published a writeup of latest DOMPurify bypass with mutation XSS

    Poništi
  16. 17. ruj 2019.

    New blog post about our journey with Pebble templating engine and Server-Side Template Injection in it!

    Poništi
  17. 5. ruj 2019.

    We’re kicking off with our company’s research blog with ’s analysis of <portal> element. A few interesting bugs and quirks inside!

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·