FD

@filedescriptor

@0xReconless

Hong Kong

innerht.ml

2월 2014에 가입

996게시물 17K팔로워 34팔로우 중

내가 좋아할 만한 콘텐츠

@fransrosen

@albinowax

@disclosedh1

@bbuerhaus

@BRuteLogic

@garethheyes

@emgeekboy

@Th3G3nt3lman

@orange_8361

@Agarri_FR

@codecancare

@Yassineaboukir

@0xteknogeek

@MrTuxracer

@itscachemoney

FD 님이 재게시함

PortSwigger Research

@PortSwiggerRes

2024. 2. 19.

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2023! portswigger.net/research/top-1…

Top 10 web hacking techniques of 2023

출처: portswigger.net

FD

@filedescriptor

2023. 9. 22.

Google(Chromium) suddenly decided to pay me for a UI Spoofing bug reported 3 years that had been idle, and from reward potential to no potential to potential. Ok thanks?

filedescriptor's tweet image. Google(Chromium) suddenly decided to pay me for a UI Spoofing bug reported 3 years that had been idle, and from reward potential to no potential to potential. Ok thanks?

FD 님이 재게시함

PortSwigger Research

@PortSwiggerRes

2023. 2. 8.

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2022! portswigger.net/research/top-1…

Top 10 web hacking techniques of 2022

출처: portswigger.net

FD 님이 재게시함

This #privacy audit looks like the first LeaveHomeSafe #pentest ever, way below commercial apps: Broken SSL validation, SD Card Leaks, 2FA Logic bypass, Screenshot leaks, several Face Recognition artifacts, etc. 7asecurity.com/blog/2022/07/l…

Open Technology Fund

@OpenTechFund

2022. 7. 27.

Serious vulnerabilities have been found in the Hong Kong government's LeaveHomeSafe COVID-19 app. @7aSecurity recently conducted a security audit that discovered numerous flaws that allow interception of the LeaveHomeSafe app and its backend servers. opentech.fund/news/7asecurit…

7ASecurity, OTF Red Team Lab partner, completes Blackbox Pentest and Privacy Audit of LeaveHomeSafe...

출처: opentech.fund

FD 님이 재게시함

VXCON

@vxresearch

2022. 6. 17.

We are organising VXCON on 27 August. Please feel free to submit CFP. vxcon.hk

FD 님이 재게시함

Trend Zero Day Initiative

@thezdi

2022. 5. 18.

Confirmed! Masato Kinugawa demonstrated a 3-bug chain of injection, misconfiguration and sandbox escape on Microsoft Teams to earn $150K and 15 Master of Pwn points.

thezdi's tweet image. Confirmed! Masato Kinugawa demonstrated a 3-bug chain of injection, misconfiguration and sandbox escape on Microsoft Teams to earn $150K and 15 Master of Pwn points.

FD 님이 재게시함

Renwa

@RenwaX23

2022. 5. 10.

New writing about the story of 3 bug bounty reports in which I chain low severity bugs together for higher impact and less known browser tricks. Includes CSS injection, Self-XSS, Drag-Drop XSS, Cookie Bomb, Login-Logout-CSRF, and more... medium.com/@renwa/the-und…

RenwaX23's tweet card. Story of 3 bug bounty writeups which I use low bugs and chain them together for higher impact.

The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF…

출처: medium.com

FD 님이 재게시함

Ed

@EdOverflow

2022. 4. 27.

After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: rfc-editor.org/rfc/rfc9116. I would like to use this opportunity to thank those who made this possible. Thank you. ❤️

EdOverflow's tweet image. After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: rfc-editor.org/rfc/rfc9116.

I would like to use this opportunity to thank those who made this possible. Thank you. ❤️

FD 님이 재게시함

HACxyk.

@Hacxyk

2022. 4. 16.

We found a way to spoof ENS domains and were awarded a $15k bug bounty by @ensdomains 👇Check out the write-up medium.com/@hacxyk/how-we…

Hacxyk's tweet card. TL;DR: We found a flaw that allowed us to spoof Ethereum domain names and received a $15k bounty.

How we spoofed ENS domains for $15k

출처: medium.com

FD 님이 재게시함

PortSwigger Research

@PortSwiggerRes

2022. 2. 9.

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2021! portswigger.net/research/top-1…

PortSwiggerRes's tweet card. Welcome to the Top 10 (new) Web Hacking Techniques of 2021, the latest iteration of our annual community-powered effort to identify the most significant web security research released in the last year

Top 10 web hacking techniques of 2021

출처: portswigger.net

FD 님이 재게시함

Ed

@EdOverflow

2022. 2. 5.

New blog post: "What Bypassing Razer's DOM-based XSS Patch Can Teach Us" — edoverflow.com/2022/bypassing….

FD

@filedescriptor

2022. 1. 20.

Why do we need NFT on social media??

FD 님이 재게시함

FD

@filedescriptor

2021. 8. 11.

Also function solve(obj, property){ if(typeof obj != 'function') { obj(property).innerHTML = '<img src=1 onerror="alert(`You win`)">'; } else { alert('You must try harder than that.'); } }

FD 님이 재게시함

Luan Herrera

@lbherrera_

2021. 5. 31.

I've been meaning to create a blog for some time now, and I finally did it! For its first post I wrote about a vulnerability that allowed an attacker to leak the full URL of cross-origin redirects on Google Chrome, check it out! blog.lbherrera.me/posts/appcache…

lbherrera_'s tweet card. Leveraging AppCache's network section to leak the complete URL of cross-origin redirects.

AppCache's forgotten tales

출처: blog.lbherrera.me

FD 님이 재게시함

The Daily Swig

@DailySwig

2021. 5. 21.

‘Soft skills are the most under-researched area of the bug bounty industry’ – ‘Reconless’ YouTubers (@0xReconless ) on filling a gap in infosec education portswigger.net/daily-swig/sof…

portswigger.net

Web Application Security, Testing, & Scanning - PortSwigger

PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.

출처: portswigger.net

FD 님이 재게시함

Suraj

@PwnFunction

2021. 4. 23.

New Video! Binary Exploitation 0x02 Why you should Close Your Files youtu.be/6SA6S9Ca5-U

FD 님이 재게시함

PortSwigger Research

@PortSwiggerRes

2021. 2. 24.

The top 10 web hacking techniques of 2020, by @albinowax with help from @filedescriptor, @irsdl, @Agarri_FR and the entire community portswigger.net/research/top-1…

PortSwiggerRes's tweet card. Welcome to the Top 10 (novel) Web Hacking Techniques of 2020, our annual community-powered effort to identify the must-read web security research released in the previous year. Over the past few weeks

Top 10 web hacking techniques of 2020

출처: portswigger.net

FD

@filedescriptor

2021. 1. 19.

Untrusted Types just got a new UI with better filtering options and features thanks to @ThomasOrlita! Check it out! github.com/filedescriptor…

filedescriptor's tweet image. Untrusted Types just got a new UI with better filtering options and features thanks to @ThomasOrlita! Check it out!

github.com/filedescriptor…

FD 님이 재게시함

Ron Chan

@ngalongc

2021. 1. 19.

I have made a video to demonstrate how we can automate permission checks using my GitLab project "OpenAPI Security Scanner". Check it out! youtu.be/K65e5QRQ1tc Video editor: @wacms666

ngalongc's tweet card. Automating Permission Checks Using OpenAPI Security Scanner?

youtube.com

YouTube

Automating Permission Checks Using OpenAPI Security Scanner?

출처: youtube.com

Intigriti

@intigriti

Sam Curry

@samwcyo

Ben Sadeghipour

@NahamSec

JS0N Haddix

@Jhaddix

Gareth Heyes \u2028

@garethheyes

LiveOverflow 🔴

@LiveOverflow

Julien | MrTuxracer 🇪🇺

@MrTuxracer

shubs

@infosec_au

Luke Stephens (hakluke)

@hakluke

bugcrowd

@Bugcrowd

STÖK ✌️

@stokfredrik

H4x0r.DZ 🇰🇵

@h4x0r_dz

Yassine Aboukir 🐐

@Yassineaboukir

James Kettle

@albinowax

Harsh Bothra

@harshbothra_

InfoSec Community

@InfoSecComm

Farah Hawa

@Farah_Hawaa

Bug Bounty Reports Explained

@gregxsunday

HackerOne

@Hacker0x01

Suraj

@PwnFunction

🤟🏻

@tryToForgetNow

Mohamed Nabil

@Mohamed13970637

Victor Sullivan

@VictorSulliv

patrick wheeler

@wheeler_pa60735

Vaheedashraf Qureshi

@Spartanx001

Anas ELKomy

@ShadowDrifterX

A Velez

@andresvelezhax

mahesh ravulapalli

@maheshravu29249

rand0mhead

@rand0mhead

Adil Burak

@adilburaksen

🐲

@l3aaax

Lerno Craig

@LernoC25061

Minty Fresh Racc

@ClovisMint

AgapeDork

@agapedork

friend8482

@22131usadl

(Mr.DY)

@MrDy_ZeroZ1

HighIronWolf

@HighIronWolf

Max

@0xb4dg0d

dutafi

@Dutafi

Andres

@7h3andres

Amir Noreen

@AmirNoreen55111

karim

@0X1kr0X1ks0X1

nella17tw

@nella17tw

Nbsbbs

@Scscscsk

Ahmed Ibrahim

@BigFish2086

Chirag Vaishnav

@Chirag8Vaishnav

`

@anes4sec

Taha Biyikli

@tahabiyikli

Vishal Tesla

@TeslaVishal

Aditya Karwa

@AdityaKarw46107

pad1ryoshi

@pad1ryoshi

Fallon Galloway

@FallonGall48997

AlexOnCrypto

@mis4nthr0pic

xhkdddrv

@OF3tr2Wg1lGL8k0

spoder

@spoderx555

miao he

@miaohe585882

Al2

@altugkale

Ma7m0ud

@r00t_m7

Cmrs73

@Cmrs73

Mario Ashraf

@habashymario01

Johnny

@Luckyrocky2028

Giddymoon

@Giddymoon

Modin

@promoien

Sweet Troll

@sw33tr0l1

00xtrkh

@00xtrkh

Laughingx86

@Laughingx86

arshiya

@ALLPHAAA7

Hamzah Abdlmotalb Abdullah

@HAbdullah55817

miloin matheu

@khan70056

Hieu Programer

@HieuProgramer

Gareth Heyes \u2028

@garethheyes

LiveOverflow 🔴

@LiveOverflow

James Kettle

@albinowax

Orange Tsai 🍊

@orange_8361

@[email protected]

@SecurityMB

Soroush Dalili

@irsdl

$S1r1u5_'s profile picture. aham nityaṃ śiṣyaḥ, jagat mama guruḥ. {~hacker~} {founder @ElectrovoltSec, @HacktronAI}$

s1r1us (mohan)

@S1r1u5_

$cffsmith's profile picture. Security @Google; @FluxFingers/@Sauercl0ud; previously V8 Security, Intern {Project Zero, @XI_Research}. Personal account. https://t.co/w9zosKSHdh on Bluesky.$