Twitter | Search | |
Ivan Wallarm
CEO
8,408
Tweets
231
Following
4,650
Followers
Tweets
Ivan Wallarm 12h
Replying to @vladimir_metnew
For sure! What else? We are doing well with fuzzing there, but I wanna explore more
Reply Retweet Like
Ivan Wallarm 12h
Nice verb tampering to bypass enterprise auth
Reply Retweet Like
Ivan Wallarm 24h
Who’s securing , how?
Reply Retweet Like
Ivan Wallarm retweeted
Kostya Serebryany Nov 12
Fuzzing Bay Area #2 Thursday, December 12, 2019
Reply Retweet Like
Ivan Wallarm retweeted
Max Moroz Nov 12
Reminder: if you love fuzzing and will be in the Bay Area on Dec 12th, come to our meetup! CFP is open until Nov 17th, send your talk proposals to fuzzing-bay-area@googlegroups.com. RSVP at
Reply Retweet Like
Ivan Wallarm Nov 11
That's we we love web attacks! Slack keylogger based on CSS injection. It's not for styles only anymore :)
Reply Retweet Like
Ivan Wallarm retweeted
Dave Ferguson Nov 10
What’s the Difference Between a URI and a URL?
Reply Retweet Like
Ivan Wallarm retweeted
Max Moroz Nov 6
Fuzzing Bay Area meetup #2: Join us Dec 12th at Facebook's office in Menlo Park. Send your talk proposals to fuzzing-bay-area@googlegroups.com until Nov 17th. Format: 3 talks (20 mins each) + Q&A + networking. See you there!
Reply Retweet Like
Ivan Wallarm Nov 6
Reply Retweet Like
Ivan Wallarm Nov 6
Reply Retweet Like
Ivan Wallarm retweeted
brooke motta Nov 4
Security Teams aren't always aware when GraphQL is being used (It's in Wordpress; it's in Gitlab; it's in dozens of other systems.) Find out about how to protect vulnerable GraphQL API's with Cloud-native WAF.
Reply Retweet Like
Ivan Wallarm retweeted
CNCF Sep 6
KubeCon + CloudNativeCon is FAST approaching — snag your pass before it sells out (again) 🎟️
Reply Retweet Like
Ivan Wallarm retweeted
spidersec Nov 4
Bypass Fix of OB XXE Using Different encoding and get 2x bounty 😁 1. Encode Payload to UTF-7 2. Encode Payload to UTF-16 3. Encode Payload to UTF-16BE - Try with other encodings as well, if accepted by the XML parser.
Reply Retweet Like
Ivan Wallarm retweeted
Alexander Popov Nov 2
I just did the full disclosure of the exploitable bugs in the 'vivid' driver of the Linux kernel:
Reply Retweet Like
Ivan Wallarm retweeted
/r/netsec Nov 2
JWT (in)security write-up
Reply Retweet Like
Ivan Wallarm Nov 3
Replying to @k3mlol @Bugcrowd
Exactly. We need to clarify all this mess if we wanna claim it
Reply Retweet Like
Ivan Wallarm Nov 2
Replying to @d0znpp
Next time they will count IDORs as brute force ;)
Reply Retweet Like
Ivan Wallarm Nov 2
I've submitted a 2FA bypass by iterating all the 10^6 possibilities and the vendor said, that brute force is out of the scope of bug bounty program. Dear community, what do you think about this? Should we count this ”2FA” as 2FA and this ”brute force” as a brute force?
Reply Retweet Like
Ivan Wallarm retweeted
Mikhail Egorov Nov 2
HTTP smuggling via fake WebSocket connection
Reply Retweet Like
Ivan Wallarm retweeted
Nicolas Grégoire Nov 2
Exploitation details for my old MSXML6 bug, by @elisaesage
Reply Retweet Like