initstring
@init_string
AT&F&C1&D2&K3%C0 http://initblog.com | http://github.com/initstring | @[email protected]
Vous pourriez aimer
Drive-By Attack in Ollama Desktop v0.10.0 Found a bug in Ollama desktop GUI (not the core API) where malicious websites could hijack all private chats. Ollama crew patched it within hours. Make sure to update! Tech details, video, IoCs, and PoC here: gitlab-com.gitlab.io/gl-security/se…
A lot has happened in a year! I’ve refreshed the dynamic data sources for passphrase-wordlist and generated a new file. If you’re into cracking complex passwords, this may be for you. Enjoy! github.com/initstring/pas…
I'm not very active on here, and probably won't be on the next one either. But just in case, here's the new Mastodon profile I set up: @initstring@infosec.exchange
Spent some time recently formalizing our Red Team workflow at GitLab. The process is open-source, and we're sharing our issue templates to track logistics, goals, TTPs, reports, etc. about.gitlab.com/blog/2022/05/1…
I discovered a drive-by #RCE in the @gitlab Development Kit (it's now fixed). This took chaining multiple vulnerabilities and would have allowed me to remotely compromise developer machines. Details and tips to protect yourself from similar exploits here: about.gitlab.com/blog/2021/09/0…
about.gitlab.com
Why are developers so vulnerable to drive-by attacks?
The complexity of developer working environments make them more likely to be vulnerable to a drive-by attack. We talk about why and walk you through a real-life example from a recent disclosure here...
Stealing Bitcoin w/ CSRF via Ride The Lightning + Umbrel. Thanks to the RTL devs for pushing a quick fix! Here's my write-up: initblog.com/2021/rtl-drive…
Great finding by @Sambal0x - and a good example of why e2e encryption is important in messaging apps. :)
Be careful of which messenger apps you use.. trustwave.com/en-us/resource…
Thanks to the @attackndefense team at @mozilla for inviting me on their blog! This is a more personal overview on the Firefox Android bug I disclosed recently.
Read our latest guest blog post from @init_string: blog.mozilla.org/attack-and-def…
Sharing my talk on Hacking Android Apps with Frida youtube.com/watch?v=iMNs8Y…
youtube.com
YouTube
Hacking Android Apps with Frida
This is so cool, thanks @dafthack for the nomination!
Cloud_enum will be giving $1577.7 to Doctors Without Borders @MSF_USA. Thanks @init_string! github.com/initstring/clo…
I found a few privilege escalation bugs in Google Cloud's OS Login. They've all been patched now. gitlab.com/gitlab-com/gl-…
The 4/25 training session for my Breaching the Cloud Perimeter course has reached max capacity but don't worry... I'm teaching it again on 5/28 for FREE. New registration link is here: attendee.gotowebinar.com/register/43640…
On April 25th I'll be giving a FREE 4-hour training course (w/ labs) that I've built called Breaching the Cloud Perimeter. Space will be limited so get registered now: attendee.gotowebinar.com/register/12646… @BHinfoSecurity
I've found a nice bug in @gitlab and blogged about the details: about.gitlab.com/blog/2020/03/3… #langsec #parserdifferentials
about.gitlab.com
How to exploit parser differentials
Your guide to abusing 'language barriers' between web components.
United States Tendances
- 1. Ukraine 489K posts
- 2. Putin 163K posts
- 3. #FursuitFriday 13.1K posts
- 4. #pilotstwtselfieday N/A
- 5. #FanCashDropPromotion 3,684 posts
- 6. Le Cowboy N/A
- 7. Chris DeMarco N/A
- 8. #TrumpCrushesYourDreams 5,120 posts
- 9. #FridayVibes 6,990 posts
- 10. Zelensky 99.6K posts
- 11. UNLAWFUL 153K posts
- 12. Kenyon 1,926 posts
- 13. Abbott Elementary N/A
- 14. Start Cade N/A
- 15. Dave Aranda N/A
- 16. John Wall N/A
- 17. Sam LaPorta 1,289 posts
- 18. NATO 64.3K posts
- 19. Mark Kelly 79.6K posts
- 20. Happy Thanksgiving 3,503 posts
Vous pourriez aimer
-
Google VRP (Google Bug Hunters)
@GoogleVRP -
XSS Payloads
@XssPayloads -
Nicolas Grégoire
@Agarri_FR -
[email protected]
@0xdea -
Lee Chagolla-Christensen
@tifkin_ -
Niemand
@niemand_sec -
spaceraccoon | Eugene Lim
@spaceraccoonsec -
terjanq
@terjanq -
Rahul Maini
@iamnoooob -
Gynvael Coldwind
@gynvael -
Spiros Fraganastasis
@m3g9tr0n -
Alvaro Muñoz
@pwntester -
Mikhail Klyuchnikov
@m1ke_n1 -
Eduardo Vela
@sirdarckcat -
Fisher
@Regala_
Something went wrong.
Something went wrong.