| Tweetovi |
|
Anatoly
@c0rv4x
|
5. velj |
|
Thanks for the tip!
|
||
|
|
||
|
Anatoly
@c0rv4x
|
4. velj |
|
Gone to read ssrf bible again
|
||
|
|
||
|
Anatoly
@c0rv4x
|
4. velj |
|
I have read your presentation a couple of years ago, but did not pay attention to the trick. I should sometimes come back to such materials, when i am more experienced
|
||
|
|
||
|
Anatoly
@c0rv4x
|
3. velj |
|
Wow! I love how the text format is opposed to the videos content
|
||
|
|
||
|
Anatoly
@c0rv4x
|
31. sij |
|
The whole security for business is done to lose money slower than you earn them. That's why hardening may work for business at least at some point
|
||
|
|
||
|
Anatoly
@c0rv4x
|
30. sij |
|
Based on alpine image
|
||
|
|
||
|
Anatoly
@c0rv4x
|
30. sij |
|
I struggled to find python requests with weak ciphers supported. So I made this Dockerfile gist.github.com/c0rvax/7193fc8…
Supports N-2 bad SSL certificated from badssl.com
|
||
|
|
||
|
Anatoly
@c0rv4x
|
29. sij |
|
More likely the companies just have a general mess in security and noone is responsible for it. Once found a breach, which was ignored. In the following 2 years they were announced to be hacked several times. For me it was an indirect corellation
|
||
|
|
||
|
Anatoly
@c0rv4x
|
27. sij |
|
This is a very good article, thanks for sharing!
|
||
|
|
||
|
Anatoly
@c0rv4x
|
26. sij |
|
Pardon my laziness to watch the whole video, but i guess there is no mention of this article i found pretty interesting a couple of years ago usenix.org/system/files/c…
|
||
|
|
||
|
Anatoly
@c0rv4x
|
26. sij |
|
Is there a ling to the original?
|
||
|
|
||
|
Anatoly
@c0rv4x
|
24. sij |
|
Unpopular option: earn most money after a tax period finishes. Puting that money to a deposit at the start of the tax season would earn you more money
|
||
|
|
||
|
Anatoly
@c0rv4x
|
24. sij |
|
I could inject a very long text into Google’s emails, which however contained the old template after my text. So i ended my text with <script>, which made mailbox filters think there was an xss, sanitizing the tag and the original mail template. Not smtp, but still fun to know
|
||
|
|
||
| Anatoly proslijedio/la je tweet | ||
|
Erkang Zheng
@erkang
|
22. sij |
|
It's a rare oppty to join an early-stage, well-funded startup who cares deeply about security. A journey to automate, empower, & transform the security & compliance experience in the cloud: lifeomic.com/jobs
- Sec automation
- Blue team
- Dev
- Solutions Engr
#infosecjobs
|
||
|
|
||
|
Anatoly
@c0rv4x
|
20. sij |
|
Just for the record: if for some reason anyone needs 100k rate on masscan, digitalocean does not ban for that and the channel is very thick. So i would advise them for droplets things
|
||
|
|
||
|
Anatoly
@c0rv4x
|
20. sij |
|
The problem with masscan is that it tends to give incorrect result. So on small scopes i would still run nmap. On bigger ones there is not much choise
|
||
|
|
||
|
Anatoly
@c0rv4x
|
18. sij |
|
You can try dvcsripper, but usually it is better to use 2-4 different tools. Once i had a case where 3 tools did not work, meanwhile the 4th did work, dumping a huge part of the repo
|
||
|
|
||
|
Anatoly
@c0rv4x
|
16. sij |
|
Looks like a way to not pay for some of the bugs?
|
||
|
|
||
|
Anatoly
@c0rv4x
|
14. sij |
|
I think when exploit is out there, noone no longer cares how many days has passed since the discovery. So should be fine in this case
|
||
|
|
||
|
Anatoly
@c0rv4x
|
10. sij |
|
Yo, are you hacking in Argentina?
|
||
|
|
||