Twitter | Search | |
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡
Follows you
12,051
Tweets
81
Following
2,125
Followers
Tweets
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
David Vieira-Kurz 13h
2007: Passionate hackers have sacrificed their free time to identify vulnerabilities in Tools, to code a patch, and to share the details in a blog post. 2020: So-called "security researchers" posts "I have received Bounty" without sharing their knowledge. Sad development.
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
Abdullah Hussam May 25
Last month, I found a DOM XSS that led to RCE in . Here is the write-up: Most of the credit goes to
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
Soroush Dalili ๐Ÿค– May 25
URI schemas and their format can be what you need to bypass certain restrictions in Apps like Outlook or in exploiting vulns like SSRF or XXE - I had included more than 800 of known schemas + useful references here in `Schemes-List.xlsx`:
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
cts May 23
The year is 20XX. Web apps are built in C++ and Rust with WebAssembly, and desktop apps are built in JavaScript with Electron.
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
blackorbird May 22
GhostDNS Source Code Leaked Free internet scanner: BRUT Attacking routers,Phishing server and web pages A lot of certificate.
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
Kate McNamara May 11
I think my BBQ just offered to be my default browser?
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
PortSwigger Research May 22
Documenting the impossible: Unexploitable XSS labs
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
Masato Kinugawa May 22
Thanks Safari :D XSS via hash is back!!
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
Henry Chen Apr 21
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
Matthieu Napoli May 21
Why developers hate PHP: A good piece. "Developers hate PHP because itโ€™s cool to hate PHP." TL/DR: PHP *today* is faster than Python and Ruby. It can be completely typed. Static analysis like TypeScript. Extremely mature frameworks. And PHP 8 will be ๐Ÿ”ฅ
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
n a f f y | supreme thought leader May 21
If you ever see any file / endpoint at *.company.com that is returning your HTTP headers when you hit it you can try and chain this with limited/intentional SSRFs to leak the associated request headers to grab Bearers / Tokens.
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ May 21
WordPress website attack using JavaScript and XSS
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
Eusebiu Blindu May 20
Looking for full time/part time opportunities
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ May 20
Why is This Website Port Scanning me?
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
XSS Payloads May 19
Hieroglyph-based payload by ! ๐“…‚='',๐“‚€=!๐“…‚+๐“…‚,๐“„=!๐“‚€+๐“…‚,๐“ŠŽ=๐“…‚+{},๐“†ฃ=๐“‚€ [๐“…‚++],๐“Š=๐“‚€[๐“‡Ž=๐“…‚],๐“ข=++๐“‡Ž+๐“…‚,๐“†—=๐“ŠŽ[๐“‡Ž+๐“ข ],๐“‚€[๐“†—+=๐“ŠŽ[๐“…‚]+(๐“‚€.๐“„+๐“ŠŽ)[๐“…‚]+๐“„[๐“ข]+๐“†ฃ+ ๐“Š+๐“‚€[๐“‡Ž]+๐“†—+๐“†ฃ+๐“ŠŽ[๐“…‚]+๐“Š][๐“†—](๐“„[๐“…‚]+๐“„[ ๐“‡Ž]+๐“‚€[๐“ข]+๐“Š+๐“†ฃ+'`๐“…‚ ๐“ข ๐“‚€ ๐“„ ๐“†ฃ ๐“Š ๐“‡Ž`')``
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
David Vieira-Kurz May 19
I love it when Research based on older Research finally leads from theoretical to practical exploitaition.
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ May 19
CVE-2020-11022/CVE-2020-11023: jQuery 3.5.0 Security Fix details
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
jovica May 19
TL;DR EasyJet hacked, email address and travel details of approximately 9 million customers were compromised. Apparently, a very small subset of customers (2,208), credit card details were accessed. You might wanna change your password.
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
Henry Huang May 18
I discovered QNAP pre-auth root RCE affecting ~450K devices on the Internet
Reply Retweet Like
๏ผฐ๐—ฟ๐žโ…†๏ฝ’๐šŠโ“– โ…ญ๐—Ž๐‰๏ฝ๏ฝŽ๐š˜๐•งโ“˜ฤ‡ retweeted
Sal ๊™ฎ May 18
's "Characters that byอฅte" cheatsheet is an excellent resource for driving bypasses using Unicode. Highly recommended!
Reply Retweet Like