FD

@filedescriptor

@0xReconless

Hong Kong

innerht.ml

เข้าร่วมเมื่อ กุมภาพันธ์ 2014

996โพสต์ 17พันผู้ติดตาม 34กําลังติดตาม

คุณอาจชื่นชอบ

@fransrosen

@albinowax

@disclosedh1

@bbuerhaus

@BRuteLogic

@garethheyes

@emgeekboy

@Th3G3nt3lman

@orange_8361

@Agarri_FR

@codecancare

@Yassineaboukir

@0xteknogeek

@MrTuxracer

@itscachemoney

FD รีโพสต์แล้ว

PortSwigger Research

@PortSwiggerRes

19 ก.พ. 2024

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2023! portswigger.net/research/top-1…

Top 10 web hacking techniques of 2023

แหล่งที่มา: portswigger.net

FD

@filedescriptor

22 ก.ย. 2023

Google(Chromium) suddenly decided to pay me for a UI Spoofing bug reported 3 years that had been idle, and from reward potential to no potential to potential. Ok thanks?

filedescriptor's tweet image. Google(Chromium) suddenly decided to pay me for a UI Spoofing bug reported 3 years that had been idle, and from reward potential to no potential to potential. Ok thanks?

FD รีโพสต์แล้ว

PortSwigger Research

@PortSwiggerRes

8 ก.พ. 2023

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2022! portswigger.net/research/top-1…

Top 10 web hacking techniques of 2022

แหล่งที่มา: portswigger.net

FD รีโพสต์แล้ว

This #privacy audit looks like the first LeaveHomeSafe #pentest ever, way below commercial apps: Broken SSL validation, SD Card Leaks, 2FA Logic bypass, Screenshot leaks, several Face Recognition artifacts, etc. 7asecurity.com/blog/2022/07/l…

Open Technology Fund

@OpenTechFund

27 ก.ค. 2022

Serious vulnerabilities have been found in the Hong Kong government's LeaveHomeSafe COVID-19 app. @7aSecurity recently conducted a security audit that discovered numerous flaws that allow interception of the LeaveHomeSafe app and its backend servers. opentech.fund/news/7asecurit…

7ASecurity, OTF Red Team Lab partner, completes Blackbox Pentest and Privacy Audit of LeaveHomeSafe...

แหล่งที่มา: opentech.fund

FD รีโพสต์แล้ว

VXCON

@vxresearch

17 มิ.ย. 2022

We are organising VXCON on 27 August. Please feel free to submit CFP. vxcon.hk

FD รีโพสต์แล้ว

Trend Zero Day Initiative

@thezdi

18 พ.ค. 2022

Confirmed! Masato Kinugawa demonstrated a 3-bug chain of injection, misconfiguration and sandbox escape on Microsoft Teams to earn $150K and 15 Master of Pwn points.

thezdi's tweet image. Confirmed! Masato Kinugawa demonstrated a 3-bug chain of injection, misconfiguration and sandbox escape on Microsoft Teams to earn $150K and 15 Master of Pwn points.

FD รีโพสต์แล้ว

‌Renwa

@RenwaX23

10 พ.ค. 2022

New writing about the story of 3 bug bounty reports in which I chain low severity bugs together for higher impact and less known browser tricks. Includes CSS injection, Self-XSS, Drag-Drop XSS, Cookie Bomb, Login-Logout-CSRF, and more... medium.com/@renwa/the-und…

RenwaX23's tweet card. Story of 3 bug bounty writeups which I use low bugs and chain them together for higher impact.

The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF…

แหล่งที่มา: medium.com

FD รีโพสต์แล้ว

Ed

@EdOverflow

27 เม.ย. 2022

After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: rfc-editor.org/rfc/rfc9116. I would like to use this opportunity to thank those who made this possible. Thank you. ❤️

EdOverflow's tweet image. After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: rfc-editor.org/rfc/rfc9116.

I would like to use this opportunity to thank those who made this possible. Thank you. ❤️

FD รีโพสต์แล้ว

HACxyk.

@Hacxyk

16 เม.ย. 2022

We found a way to spoof ENS domains and were awarded a $15k bug bounty by @ensdomains 👇Check out the write-up medium.com/@hacxyk/how-we…

Hacxyk's tweet card. TL;DR: We found a flaw that allowed us to spoof Ethereum domain names and received a $15k bounty.

How we spoofed ENS domains for $15k

แหล่งที่มา: medium.com

FD รีโพสต์แล้ว

PortSwigger Research

@PortSwiggerRes

9 ก.พ. 2022

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2021! portswigger.net/research/top-1…

PortSwiggerRes's tweet card. Welcome to the Top 10 (new) Web Hacking Techniques of 2021, the latest iteration of our annual community-powered effort to identify the most significant web security research released in the last year

Top 10 web hacking techniques of 2021

แหล่งที่มา: portswigger.net

FD รีโพสต์แล้ว

Ed

@EdOverflow

5 ก.พ. 2022

New blog post: "What Bypassing Razer's DOM-based XSS Patch Can Teach Us" — edoverflow.com/2022/bypassing….

FD

@filedescriptor

20 ม.ค. 2022

Why do we need NFT on social media??

FD รีโพสต์แล้ว

FD

@filedescriptor

11 ส.ค. 2021

Also function solve(obj, property){ if(typeof obj != 'function') { obj(property).innerHTML = '<img src=1 onerror="alert(`You win`)">'; } else { alert('You must try harder than that.'); } }

FD รีโพสต์แล้ว

Luan Herrera

@lbherrera_

31 พ.ค. 2021

I've been meaning to create a blog for some time now, and I finally did it! For its first post I wrote about a vulnerability that allowed an attacker to leak the full URL of cross-origin redirects on Google Chrome, check it out! blog.lbherrera.me/posts/appcache…

lbherrera_'s tweet card. Leveraging AppCache's network section to leak the complete URL of cross-origin redirects.

AppCache's forgotten tales

แหล่งที่มา: blog.lbherrera.me

FD รีโพสต์แล้ว

The Daily Swig

@DailySwig

21 พ.ค. 2021

‘Soft skills are the most under-researched area of the bug bounty industry’ – ‘Reconless’ YouTubers (@0xReconless ) on filling a gap in infosec education portswigger.net/daily-swig/sof…

DailySwig's tweet card. One year after the launch of their ethical hacking video channel, Ron Chan, ‘FileDescriptor’, and ‘EdOverflow’ tell The Daily Swig about their approach towards inspiring and educating the hacker...

‘Soft skills are the most under-researched area of the bug bounty industry’ – ‘Reconless’ YouTubers...

แหล่งที่มา: portswigger.net

FD รีโพสต์แล้ว

Suraj

@PwnFunction

23 เม.ย. 2021

New Video! Binary Exploitation 0x02 Why you should Close Your Files youtu.be/6SA6S9Ca5-U

FD รีโพสต์แล้ว

PortSwigger Research

@PortSwiggerRes

24 ก.พ. 2021

The top 10 web hacking techniques of 2020, by @albinowax with help from @filedescriptor, @irsdl, @Agarri_FR and the entire community portswigger.net/research/top-1…

PortSwiggerRes's tweet card. Welcome to the Top 10 (novel) Web Hacking Techniques of 2020, our annual community-powered effort to identify the must-read web security research released in the previous year. Over the past few weeks

Top 10 web hacking techniques of 2020

แหล่งที่มา: portswigger.net

FD

@filedescriptor

19 ม.ค. 2021

Untrusted Types just got a new UI with better filtering options and features thanks to @ThomasOrlita! Check it out! github.com/filedescriptor…

filedescriptor's tweet image. Untrusted Types just got a new UI with better filtering options and features thanks to @ThomasOrlita! Check it out!

github.com/filedescriptor…

FD รีโพสต์แล้ว

Ron Chan

@ngalongc

19 ม.ค. 2021

I have made a video to demonstrate how we can automate permission checks using my GitLab project "OpenAPI Security Scanner". Check it out! youtu.be/K65e5QRQ1tc Video editor: @wacms666

ngalongc's tweet card. Automating Permission Checks Using OpenAPI Security Scanner?

youtube.com

YouTube

Automating Permission Checks Using OpenAPI Security Scanner?

แหล่งที่มา: youtube.com

Intigriti

@intigriti

Sam Curry

@samwcyo

Ben Sadeghipour

@NahamSec

JS0N Haddix

@Jhaddix

Gareth Heyes \u2028

@garethheyes

LiveOverflow 🔴

@LiveOverflow

Julien | MrTuxracer 🇪🇺

@MrTuxracer

shubs

@infosec_au

Luke Stephens (hakluke)

@hakluke

bugcrowd

@Bugcrowd

STÖK ✌️

@stokfredrik

H4x0r.DZ 🇰🇵

@h4x0r_dz

Yassine Aboukir 🐐

@Yassineaboukir

James Kettle

@albinowax

Harsh Bothra

@harshbothra_

InfoSec Community

@InfoSecComm

Farah Hawa

@Farah_Hawaa

Bug Bounty Reports Explained

@gregxsunday

HackerOne

@Hacker0x01

Suraj

@PwnFunction

00xtrkh

@00xtrkh

Laughingx86

@Laughingx86

arshiya

@ALLPHAAA7

Hamzah Abdlmotalb Abdullah

@HAbdullah55817

miloin matheu

@khan70056

Hieu Programer

@HieuProgramer

DAli

@TheAliAbdollahi

Swoubfop

@Swoubfop02230

和一

@aishaofuaa

S1ren Head 🇵🇸

@S1renHead_

itsmeashu

@6173687561646d6

Kirolos osama

@ko27182

xploiterr

@_xploiterr

Gabli Mop

@GabliMop60212

maxi

@maxi_rch

Callme_Nafman

@kingladeyoo

sma

@sma_gggg

zzzzzz

@mynameisskool

White dragon

@W199621147

Omar Ahmed

@omarahmad1590

محمود

@ebn_salah

Alireza Nezami

@AlirezaNezami23

Azizullah Zafari

@AzizullahZ7961

Kai to Qiao

@wertikeo

David sharl

@DavidSharl404

777

@VAG33K

Macabely

@Macabely97021

Anupam Jaiswal

@anupamjaiswall

Sēn

@E1_Sec

stealth pointer

@stealthp0inter

Naman Patil

@TheZ3ntinel

saul

@0xCh3ckm4t3

Saumya Agarwal

@SaumyaTechBR

Sen

@senyksia

Gajendra

@gaj3ndra

PandyaMayur

@pandyaMayur11

SOJA

@soja_bang

zayne (zeyu) zhang

@zeyu1337

Shayan

@ShayanAlizadeh_

Isaiah

@Hacker_Ise

Mostafa

@mexic0x00

payIoad

@payioad0x13768

آدَم الفَقِي

@elfaqii

Mokhtar Wael

@mokhtar0x1

Lucy

@lucylovecode

Dark@Joker:~$

@ExploitNest

Omar

@hack3dby0mar

Armia Nessim

@im4x00

Editor4-Affair7

@EAffair752680

Gareth Heyes \u2028

@garethheyes

LiveOverflow 🔴

@LiveOverflow

James Kettle

@albinowax

Orange Tsai 🍊

@orange_8361

@[email protected]

@SecurityMB

Soroush Dalili

@irsdl

$S1r1u5_'s profile picture. aham nityaṃ śiṣyaḥ, jagat mama guruḥ. {~hacker~} {founder @ElectrovoltSec, @HacktronAI}$

s1r1us

@S1r1u5_

$cffsmith's profile picture. Security @Google; @FluxFingers/@Sauercl0ud; previously V8 Security, Intern {Project Zero, @XI_Research}. Personal account. https://t.co/w9zosKSHdh on Bluesky.$