Tweets
- Tweets
- Tweets & replies
- Media
@yappare is blocked
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @yappare.
-
Pinned Tweet
Drag Drop XSS in Google ;) http://c0rni3sm.blogspot.com/2016/04/drag-drop-xss-in-google.html …
#bugbounty -
Ahaha this thread where noobs talking about
@unrestcon is the best https://www.reddit.com/r/melbourne/comments/4q8i7i/hacker_conference_this_fridaysaturday_in_melbourne/ … "STOP HIDING UR IDENTITY, HACKERS" -
after 4 hours late joined the bounty, 15 minutes later, the program is closed. urghh..
-
Foxit Reader ConvertToPDF TIFF SamplesPerPixel Parsing Heap Buffer Overflow Remote Code Execution Vulnerability http://srcincite.io/advisories/src-2016-23/ …
-
New blogpost: "MS16-039 – “Windows 10” 64 bits Integer Overflow exploitation by using.." --> https://blog.coresecurity.com/2016/06/28/ms16-039-windows-10-64-bits-integer-overflow-exploitation-by-using-gdi-objects/ …pic.twitter.com/iKELBYq1hH
-
no UI
#XSS vector, inspired by@BenHayak vector :D <div style=writing-mode:tb;overflow:scroll onscroll=alert(1)> https://jsfiddle.net/a7p7okzv/ -
-
WordPress Stream plugin stored XSS -> RCE demo. Uber rewarded $5k, disclosure pending.
#exploit#infosec#0dayhttps://www.youtube.com/watch?v=EdRG1-4jmR4 … -
New blog post on the Symantec vulnerabilities we're releasing today, including wormable remote code execution bugs. http://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html …
-
Reflections on trusting CSP http://blog.kotowicz.net/2016/06/reflections-on-trusting-csp.html …
-
Auditing CSP headers with Burp and ZAP http://blog.gosecure.ca/2016/06/28/auditing-csp-headers-with-burp-and-zap/ …
-
SSRF bible updated a little. Redis tricks with SLAVEOF and MIGRATE added https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM …
-
"Any pentesters wanna change things up, work from home with a fun rising company?" -> If so, ping
@failOpen for more details. -
This is a solid exampe of chaining bugs / pivoting on a webapp (stored XSS on a site with no user input):https://hackerone.com/reports/131450
-
No UI
#XSS vector Edge, MSIE10-11 <div style="-ms-scroll-limit:1px;overflow:scroll;width:1px" onscroll=alert('xss')>pic.twitter.com/ZHvLVK37qC
-
This amazing hack unlocks hundreds of secret 'Super Mario Bros.' levels hidden on the cartridgehttp://buff.ly/297qCuj
-
A new vuln related to JNDI, a Java API that allows clients to find data & objects by name. By
@pwntester at#BHUSA http://ow.ly/uPVD301AhrY -
This is a BRILLIANT IDEA ... all you
#infosec travellers, conference goers and IR Teams. Take a minute http://fox59.com/2016/06/23/snapping-a-picture-of-your-hotel-room-could-help-stop-human-trafficking/ … and do this -
Utilizing Multi-byte Characters To Nullify SQL Injection Sanitizing http://howto.hackallthethings.com/2016/06/using-multi-byte-characters-to-nullify.html …
-
Penetration Testing Tools Cheat Sheet https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
yappare
ß23
Source Incite
Nicolas Economou
Masato Kinugawa
g0t mi1k
Klikki Oy
Tavis Ormandy
kkotowicz
Nicolas Krassas
Wallarm
Steve Ragan
James Kettle
Ben Hayak
๒ɼٱคก ƈคɼρﻉกՇﻉɼ
Black Hat
Robin Jackson
netbiosX