مثبتة

Me and @httpsonly launched perimeter security scanner. We've automated recon, crawling, scanning and more. Talk to us scanfactory.io/en/ to get a free demo for your company


Jeez, I hate reading twitter on 1st April...


This year CCC was cancelled, so we hosted out own! @BushwhackersCTF

c0rv4x's tweet image. This year CCC was cancelled, so we hosted out own!
@BushwhackersCTF

I haven't been watching security scene for the last year, now I want to catch up! Could you guys kindly send me the articles which you find interesting/noteworth in terms of security? 🙏


That's some new side of transparency. Have seen your really great and open work at mail.ru and now in Acronis. Mad respects

Yeah! Now our security advisories could be found here - security-advisory.acronis.com. It’s even possible to filter by @Hacker0x01 username in case if there any related reports// great work @feeltheajf_!



This is bizzare

🙈🙉🙊Citrix has removed the acknowledgement of our researcher Mikhail Klyuchnikov who discovered and reported CVE-2019-19781 - the Citrix ADC RCE! @Citrix we will be pleased to hear your response. Current: support.citrix.com/article/CTX267… Mar 2021: web.archive.org/web/2021032109…

ptswarm's tweet image. 🙈🙉🙊Citrix has removed the acknowledgement of our researcher Mikhail Klyuchnikov who discovered and reported CVE-2019-19781 - the Citrix ADC RCE!

@Citrix we will be pleased to hear your response.

Current: support.citrix.com/article/CTX267…

Mar 2021: web.archive.org/web/2021032109…


The man is a beast! Make sure you do check his latest research and subscribe to his account

Slides from my talk "HTTP Request Smuggling via higher HTTP versions" at #phdays10! Several previously undisclosed flaws in real open-source software are discussed near the end. slideshare.net/neexemil/http-…

emil_lerner's tweet card. HTTP Request Smuggling via higher HTTP versions

slideshare.net

HTTP Request Smuggling via higher HTTP versions



X أعاد

Me and @d0znpp wrote an article on http2smugl (my tool that detects HTTP request smuggling that happens during HTTP2 termination) with detailed usage examples and #bugbountytips lab.wallarm.com/http2smugl-htt…


X أعاد

#Pentest pivoting cheat sheet for #redteam

ptswarm's tweet image. #Pentest pivoting cheat sheet for #redteam

X أعاد

I'm releasing my tool that detects HTTP Request Smuggling opportunities that arise during HTTP/2 -> HTTP/1.1 conversion by the "frontend" servers: github.com/neex/http2smugl. Comments & suggestions much appreciated. @albinowax what do you think about that?


X أعاد

New attack! Our researcher Arseniy Sharoglazov has discovered a method to connect to LDAP via #MSExchange from the Internet and access the whole Active Directory database. Read the research: swarm.ptsecurity.com/attacking-ms-e…

ptswarm's tweet image. New attack! Our researcher Arseniy Sharoglazov has discovered a method to connect to LDAP via #MSExchange from the Internet and access the whole Active Directory database. Read the research: swarm.ptsecurity.com/attacking-ms-e…

X أعاد

New article by Mikhail Klyuchnikov: RCE in F5 Big-IP (CVE-2020-5902) swarm.ptsecurity.com/rce-in-f5-big-…

ptswarm's tweet image. New article by Mikhail Klyuchnikov: RCE in F5 Big-IP (CVE-2020-5902) swarm.ptsecurity.com/rce-in-f5-big-…

PT SWARM is absolutely a fantastic idea! Also Arseniy is one of the best and most humble authors on infosec right now. Be sure to check his blog too: mohemiv.com

Positive Technologies @ptswarm team has started a blog about penetration testing. Articles about a server-side code execution in F5 Big-IP, Oracle WebLogic, MS Exchange and Sophos XG Firewall are about to be published. I hope you'll enjoy it!

_mohemiv's tweet image. Positive Technologies @ptswarm team has started a blog about penetration testing. Articles about a server-side code execution in F5 Big-IP, Oracle WebLogic, MS Exchange and Sophos XG Firewall are about to be published. I hope you'll enjoy it!


Omg, my mind blown during the first 25 seconds!

Have you ever wondered how to use the browser's devtools to find more valid bugs? Here's the latest @0xReconless video that shows you secret DevTools tricks for bug bounty hunting! youtube.com/watch?v=Y1S5s3…

filedescriptor's tweet card. Improve Your Hacking Skills Using Devtools | Bug Bounty Tips

youtube.com

YouTube

Improve Your Hacking Skills Using Devtools | Bug Bounty Tips



I just did `vim ~/.emacs`. Am I a sinner?


X أعاد

Made a context menu launcher for IDA which automatically chooses 32 or 64-bit version based on `file` output run in WSL: gist.github.com/vient/db5af9a8… Usage: right click on file, Open with IDA. Set your IDA_DIR env or change it in ida_launcher.bat


X أعاد

SSRF + CRLF + HTTP Pipeline + Docker API = RCE… How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber link.medium.com/dSWQ6ewPL6


I hate when companies limit bandwidth based on your geo. 1.6Gig from Russia takes 56min or 10min through VPN in Germany


X أعاد

Slides for "Attacking Secondary Contexts in Web Applications" - docs.google.com/presentation/d…


Loading...

Something went wrong.


Something went wrong.