Twitter | Search | |
Orange Tsai  🍊
This is 🍊
546
Tweets
394
Following
14,287
Followers
Tweets
Orange Tsai  🍊 15h
HITCON CTF 2019 website and page is up, and our HITCON CTF Final finally back this year. See you soon in Taiwan, Taipei :P
Reply Retweet Like
Orange Tsai  🍊 Aug 17
Replying to @Alyssa_Herrera_
Sure!
Reply Retweet Like
Orange Tsai 🍊 retweeted
Alyssa Herrera Aug 15
Honestly it's very surprising that no one has done research into webvpn software like Pulse secure, FortiGate, etc until now. Pulse secure and Fortigate both have internal files that contain clear text credentials which make it insanely easy for an attacker to compromise networks
Reply Retweet Like
Orange Tsai 🍊 retweeted
James Kettle Aug 14
Backslash Powered Scanner can now detect proxy subfolder escapes using 's path normalization research from last year - just enable 'experimental folder attacks'.
Reply Retweet Like
Orange Tsai 🍊 retweeted
Alyssa Herrera Aug 13
Well the results of exploiting & reporting CVE-2019-11510 has resulted in roughly 5+ critical reports and few more pending/ tracking down companies with BB programs. It won't be a good day for the companies that haven't pushed patches and a public exploit is published.
Reply Retweet Like
Orange Tsai 🍊 retweeted
Keith aka RogueAsian Aug 13
Tools to exploit CVE-2018-13382 and CVE-2018-13379 (unauthenticated Fortinet vulns) presented by Orange Tsai at Blackhat and
Reply Retweet Like
Orange Tsai  🍊 Aug 13
Replying to @fei3363
εΌ·γ„Ÿ
Reply Retweet Like
Orange Tsai  🍊 Aug 12
Replying to @XMPPwocky
Buy me an orange juice, thanks :D
Reply Retweet Like
Orange Tsai 🍊 retweeted
Nicolas GrΓ©goire Aug 11
I’m suprised that CVE-2018-13382 (a trivial « backdoorΒ Β» in Fortigate SSL VPN) didn’t get much attention, even after Β΄s talks in Vegas...
Reply Retweet Like
Orange Tsai 🍊 retweeted
DEF CON Aug 11
Reply Retweet Like
Orange Tsai  🍊 Aug 11
Replying to @obilodeau @Agarri_FR
Yes, we didn’t made any logo, website and didn’t reach out the media :P
Reply Retweet Like
Orange Tsai  🍊 Aug 11
About 40USD
Reply Retweet Like
Orange Tsai  🍊 Aug 10
Replying to @HossamSec @h1_kenan
Please check my latest tweet and the slides
Reply Retweet Like
Orange Tsai 🍊 retweeted
publiclyDisclosed Aug 10
Twitter disclosed a bug submitted by orange: - Bounty: $20,160
Reply Retweet Like
Orange Tsai  🍊 Aug 10
We plan to release the Pulse Secure part in the next month.
Reply Retweet Like
Orange Tsai  🍊 Aug 9
Replying to @0x4148
Yes, with the parameter name "magic=...hardcoded-string..." in POST data XDD
Reply Retweet Like
Orange Tsai  🍊 Aug 9
The link of slides should be up now!
Reply Retweet Like
Orange Tsai  🍊 Aug 9
Congratulations. You got the wrong flag!
Reply Retweet Like
Orange Tsai 🍊 retweeted
dc5551 Aug 9
Reply Retweet Like
Orange Tsai  🍊 Aug 9
Just drop the RCEs, slides( will fix soon) and blog of and me's and talk - Infiltrating Corporate Intranet Like NSA: Pre-auth RCE on Leading SSL VPNs! Please check that and let us know if you have any questions!
Reply Retweet Like