Twitter | Search | |
Mohit Tirkey
Security Enthusiast | Dog Lover | Opinions made are my own and it doesn't reflect the views of my employer | Love cookies |
465
Tweets
318
Following
84
Followers
Tweets
Mohit Tirkey retweeted
Carrie Roberts Jun 5
Phishing with pesky macro popups
Reply Retweet Like
Mohit Tirkey retweeted
김진욱 Jun 17
Hacking thousands of websites via third-party JavaScript libraries Example 1: RCE in datatables. net 1=cat /etc/passwd
Reply Retweet Like
Mohit Tirkey retweeted
NotSoSecure Jun 13
New blog Exploiting .NET application's viewstate for RCE using Machine Key.
Reply Retweet Like
Mohit Tirkey Jun 12
Is there any possibility of SSRF if I receive a DNS pingback through TrueClien-IP in my burp instance?
Reply Retweet Like
Mohit Tirkey retweeted
Suhas Jun 9
This is the sort of stuff legends do. Virat Kohli asking the Indian audience not to boo Steve Smith and instead applaud him. What a gesture by the Indian Captain
Reply Retweet Like
Mohit Tirkey retweeted
Shuaib 20 Mar 18
Tool Release: Sanitizer A python script that filters, checks the validity, generates clickable link(s) of subdomain(s), and reports their status
Reply Retweet Like
Mohit Tirkey retweeted
Joel Margolis Jun 8
man, security is hard. tl;dr <a href="file:\\\Applications\" id="inputzero"></a> document.getElementById('inputzero').click();
Reply Retweet Like
Mohit Tirkey Jun 5
Replying to @nandwaninathu
congrats bro :)
Reply Retweet Like
Mohit Tirkey Jun 4
They made the computer even "grater". 😅!
Reply Retweet Like
Mohit Tirkey retweeted
🕊️ Jun 1
If you use often with Firefox, you probably notice detectportal a lot in your intercepts. This is due to the captive portal configuration in Firefox. Under about:config, set the value of network.captive-portal-service.enabled to false and you won't see it anymore :)
Reply Retweet Like
Mohit Tirkey retweeted
Avinash Jain Jun 2
Here is one of my recent findings - How I was able to access AWS credentials via an unusual redirection in India’s leading fintech company.
Reply Retweet Like
Mohit Tirkey May 27
Replying to @firebounty
Looks like RCE in struts 2
Reply Retweet Like
Mohit Tirkey retweeted
Emad Shanab May 24
“P2-Token Leakage Via Host Header Poisoning (Weak password Reset Implementation)” by
Reply Retweet Like
Mohit Tirkey retweeted
Emad Shanab May 24
“From file upload to email:pass” by fr0stNuLL
Reply Retweet Like
Mohit Tirkey retweeted
pyn3rd May 24
CVE-2019-2725 Weblogic RCE
Reply Retweet Like
Mohit Tirkey retweeted
Emad Shanab May 22
“Account takeover using OAuth Misconfiguration” by
Reply Retweet Like
Mohit Tirkey retweeted
Omar Espino May 21
Google bug bounty: LFI on production servers in – $13,337 USD Short story about why u must always check for dirs in 302 status pages because you will surprise that some directories listing will work
Reply Retweet Like
Mohit Tirkey May 17
Replying to @fs0c131y
I just hope the attacker doesn't get your Aadhar number as a secret token, because if he gets that then your life is screwed :D :D
Reply Retweet Like
Mohit Tirkey retweeted
Avinash Jain May 16
Re-sharing: Bypassing Firewall -> LFI -> Bypassing Web Cache layer -> SSRF -> AWS Credentials Compromise.
Reply Retweet Like
Mohit Tirkey May 15
“Why GraphQL is the future of APIs”
Reply Retweet Like