|
@mikko
@
mikko
Finland
|
|
CRO at F-Secure ● Reverse Engineer ● TED Speaker ● Supervillain
|
|
|
47.036
Tweetovi
|
947
Pratim
|
196.857
Osobe koje vas prate
|
| Tweetovi |
|
@mikko
@mikko
|
6 min |
|
Yeah, you are correct.
|
||
|
|
||
|
@mikko
@mikko
|
8 min |
|
Great call, right there.
|
||
|
|
||
|
@mikko
@mikko
|
10 min |
|
A hand patched QR code. Seen on @DeadFlip’s twitter. pic.twitter.com/wEqwdiTa0a
|
||
|
|
||
|
@mikko
@mikko
|
14 min |
|
I like the way you think.
|
||
|
|
||
|
@mikko
@mikko
|
15 min |
|
You’re correct. I could swear I testeded <script> ten minutes ago and it wasn’t blocked, while <body onload was blocked. Now both are. Probably my error.
|
||
|
|
||
|
@mikko
@mikko
|
16 min |
|
It’s a web application firewall. Maybe the one run by Akamai, as that’s where the service is hosted.
|
||
|
|
||
|
@mikko
@mikko
|
18 min |
|
Can’t explain it.
|
||
|
|
||
|
@mikko
@mikko
|
20 min |
|
And:
<body onload
|
||
|
|
||
|
@mikko
@mikko
|
27 min |
|
I just get blocks on:
traceroute
tracert
etc/passwd
|
||
|
|
||
|
@mikko
@mikko
|
28 min |
|
Akamai WAF is a good guess. However, 1=1 and ’ are not blocked for me. Are they blocked for you? Cc: @RenwaX23
|
||
|
|
||
|
@mikko
@mikko
|
33 min |
|
Oh cool. What was running on the domain back then?
|
||
|
|
||
|
@mikko
@mikko
|
34 min |
|
How do you guys find these?
|
||
|
|
||
|
@mikko
@mikko
|
39 min |
|
Tags: usb first try
|
||
|
|
||
|
@mikko
@mikko
|
47 min |
|
Interestingly, you can search for anything on captcha.nsa.gov - except for the word ’traceroute’. This was discovered by @decio_o_o.
|
||
|
|
||
|
@mikko
@mikko
|
51 min |
|
Not a bad theory.
|
||
|
|
||
|
@mikko
@mikko
|
56 min |
|
Did you figure out then why all other words are searchable except ’traceroute’?
|
||
|
|
||
|
@mikko
@mikko
|
1 h |
|
Isnt this pretty new
|
||
|
|
||
|
@mikko
@mikko
|
1 h |
|
Well, good luck!
|
||
|
|
||
|
@mikko
@mikko
|
1 h |
|
That’s a good one indeed.
|
||
|
|
||
|
@mikko
@mikko
|
1 h |
|
Invite me to do a short briefing for them.
|
||
|
|
||