τhé-ÄlchĘm1sτ 

@th3_alchem1st

OSCP - InfoSec dude | Interested in Cyber Security | Web & Mobile Security | Pentest | Red Team | Exploit Dev

England, United Kingdom
Vrijeme pridruživanja: rujan 2014.

Tweetovi

Blokirali ste korisnika/cu @th3_alchem1st

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @th3_alchem1st

  1. proslijedio/la je Tweet
    22. sij

    Here is the link to the SpecterOps Adversary Tactics: PowerShell course material: Enjoy! For information about our current training offerings, information can be found here: (4/4)

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    28. sij
    Poništi
  3. proslijedio/la je Tweet
    27. sij

    looking for some new dirs to bruteforce?

    Poništi
  4. proslijedio/la je Tweet
    19. sij

    Interesting list of 876 bug bounty programs by company: bounty/programs-list.csv at 3bed32ee073a0a673a33da8feb8f3af324aefc75 · yesnet0/bounty · GitHub

    Poništi
  5. proslijedio/la je Tweet
    16. sij

    So you believe UUID's are a sufficient protection against IDOR's? Think again! 🤦 Thanks for the ,

    Poništi
  6. proslijedio/la je Tweet
    14. sij

    COMMENTARY ON CVE-2020-0601: I have been speaking to several players on this on background and there are a few things they want to highlight / clarify based on the public discourse so far.

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    5. sij

    I have 0 CVEs. I've found many many bugs, but I don't need a CVE to prove anything. If you seemingly think a CVE makes you l337, you need to rethink.

    Poništi
  8. proslijedio/la je Tweet
    5. sij

    the newly released OWASP API top 10 actually looks quite relevant and up to date

    Poništi
  9. proslijedio/la je Tweet
    5. sij
    Poništi
  10. Poništi
  11. proslijedio/la je Tweet
    4. sij

    I've recently been fuzzing the PHP interpreter, and took a UaF bug all the way from crashing-sample to weaponized code execution. Here is the first of several blog posts I plan to write about the process.

    Poništi
  12. proslijedio/la je Tweet
    31. pro 2019.

    New year gift 🎉 Set up a free server to exploit blind vulnerabilities! 1. 2. sudo apt-get install apache2 pagekite 3. add "ServerName localhost" to /etc/apache2/apache2.conf 4. 80->8080 in /etc/apache2/ports.conf 5. pagekite 8080

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet

    You can discover the domains of a company using the Kostebek tool's trademark symbol search.

    Poništi
  14. proslijedio/la je Tweet
    5. pro 2019.

    🌟v2 of my free Intro to Android App Reverse Engineering workshop is here! 🌟 I've added 3 new exercises, walk-through videos for all 7 exercises, a new module on obfuscation, & exercises on vuln hunting rather than just malware. I hope it helps!

    Screenshot of the table of contents at maddiestone.github.io/AndroidAppRE
    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet

    oneliner to open a bunch of hosts/urls firefox `cat urls.txt | awk '{if(index($1,"http")){print $1}else{print "http://"$1;print "https://"$1}}' | tr "\n" " "` (tr optional)

    Poništi
  16. proslijedio/la je Tweet
    26. stu 2019.

    Want to do some lazy bug bounty hunting today? Get the ASN of a company by using this (in this case, Tesla): whois -h $(dig +short ) Then use the ASN filter in Shodan to scroll through their IP space.

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    24. stu 2019.

    I just made my "Corsy" public ❤️ It scans for all known misconfigurations in CORS implementations (currently 10+ checks). Github:

    Poništi
  18. proslijedio/la je Tweet
    17. stu 2019.

    DNS rebinding SSRF leading to aws keys leakage

    Poništi
  19. proslijedio/la je Tweet
    17. stu 2019.

    Performing Race Condition tests w/ Burp Suite, coupon redeem example: 1. Use Null Payloads 2. Use same number of threads to requests (x15 here) & 0 throttle 3. Disable the baseline request (it's will be sent first w/ delay invalidating your coupon)

    Poništi
  20. proslijedio/la je Tweet
    23. svi 2019.

    My tool goes public! Having a scope it can help you scan ports, dirsearch and brute creds. Displaying the data in a handy way. A great assistant at a more methodical assessement on bugbounty and pentest

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·