nikhil(niks)
@niksthehacker
Founder @BSidesAhmedabad | Speaker @Blackhatmea @defcon | Board of Advisor @riskprofilerio | Legend @synackredteam
คุณอาจชื่นชอบ
The blog.mantrainfosec.com/blog/18/prepar… post by @xoreipeip shows how prepared statements can be exploited in NodeJS using mysql and mysql2 packages leading to SQLi! 🪄 So use of prepared statement might not be the ultimate solution here 🥵 as a side note, @xoreipeip later found this…
A penetration tester got root access to our Kubernetes cluster in 15 minutes. Here's what they exploited. The attack chain: - Found exposed Kubernetes dashboard (our bad) - Dashboard had view-only service account (we thought this was safe) - Service account could list secrets…
The security vulnerability we found in Perplexity’s Comet browser this summer is not an isolated issue. Indirect prompt injections are a systemic problem facing Comet and other AI-powered browsers. Today we’re publishing details on more security vulnerabilities we uncovered.
We just launched a $4.5m bug bounty live hacking event competition targeting the most popular cloud & ai open source software 🧵
The watchTowr Labs team is back, providing our full analysis of the Oracle E-Business Suite Pre-Auth RCE exploit chain (CVE-2025-61882). Enjoy with us (or cry, your choice..) labs.watchtowr.com/well-well-well…
The team at @OpenAI just fixed a critical account takeover vulnerability I reported few hours ago affecting #ChatGPT. It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing it. Breakdown below 👇
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…
The @ReconVillage at @DEFCON 33 explored the digital terrain with Live Recon, GE(O)SINT, CTFs & labs. 🗺️ 🔍 Shoutout to @NahamSec @Jhaddix @DanielMiessler @InfosecVandana @niksthehacker @jeff_foley @anantshri & others! All #DEFCON33 villages 👇🏽 infosecmap.com/event/def-con-… #InfoSec
Had an amazing time at my first #BSidesAhmedabad 🎉 Great discussions, diverse connections & of course the mandatory MSRC team pic + group selfies 📸
No doubt, the fieriest panel of all🔥🔥
I will be at @bsidesahmedabad this year to talk about bug bounty and security with John Deere CISO Carl Kubalsky on 12th and 13th in an open Panel. If you are around please come say high :)
When the hunters of threats join the battlefield, you know the game changes. ⚔️🛡️ We’re beyond thrilled to announce @CrowdStrike as the Cyber Security Partner at BSides Ahmedabad 0x06 — bringing the power of Falcon intelligence to the most awaited cyber security gathering of the…
Sept 12–13: BSides Ahmedabad 🇮🇳 — Positive Technologies Offensive Team from @ptswarm with talks, networking & fresh research. Sept 13: Standoff Hacks finale — top bug hunters, private bounty scope & party. @amoshkov has the secret code for the grand party, DM him to crash it 👀
🇮🇳 Independence = Incredible Savings! This Independence Day, BSides Ahmedabad is celebrating with you! Grab your passes now and enjoy a patriotic 15% discount because liberty deserves a great learning party!🎉 Use coupon code “FREEDOM” & get 15% Off on Delegate & Professional…
🟥🟦 CTF teams, take note — Standoff Cyberbattle 16, October 6–8, online. 💰 $17,500 prize pool. 30 hours of pure Attack–Defence. 1500+ real-world systems, PLC/SCADA included, 30 hours of epic battle. Apply by Sept 1 → 16.standoff365.com/en/
The @SLCyberSec research team is releasing our final research post for our Christmas in July efforts, two RCEs and one XXE (all pre-auth) in Adobe Experience Manager Forms. One of the RCEs and the XXE still do not have official patches: slcyber.io/assetnote-secu…
🚨 Only 45 Days to Go! 🚨 BSides Ahmedabad 0x06 is almost here! 🎟️ Grab your pass NOW to witness the finest in cybersecurity — where cyber brilliance meets real-world defense➡️🔗konfhub.com/security-bside… Don’t just hear about it — be there. #BSidesAhmedabad #CyberSecurity…
I have launched YSoNet (ysonet.net) and added #SharePoint CVE-2025-49704 payload generator to it as the first thing. Here is how this can work: Running command: ``` ysonet.exe -p sharepoint --cve=CVE-2025-49704 -var 1 -c "calc" ``` Running C# code: ``` ysonet.exe…
Blog for ToolShell Disclaimer: The content of this blog is provided for educational and informational purposes only. blog.viettelcybersecurity.com/sharepoint-too… #SharePoint #ToolShell
United States เทรนด์
- 1. Good Thursday 30.7K posts
- 2. #thursdayvibes 1,946 posts
- 3. Merry Christmas 68.5K posts
- 4. #JASPER_TouchMV 247K posts
- 5. Happy Friday Eve N/A
- 6. DataHaven 11.7K posts
- 7. #NationalCookieDay N/A
- 8. JASPER COMEBACK TOUCH 162K posts
- 9. #ThursdayThoughts 1,463 posts
- 10. Hilux 8,707 posts
- 11. #thursdaymotivation 2,368 posts
- 12. Toyota 29K posts
- 13. Earl Campbell 2,472 posts
- 14. Omar 189K posts
- 15. Colbert 4,536 posts
- 16. The Grinch 10.8K posts
- 17. Prince Harry 9,484 posts
- 18. Happy Birthday Dan 1,766 posts
- 19. Halle Berry 4,318 posts
- 20. Steve Cropper 8,919 posts
คุณอาจชื่นชอบ
-
Frans Rosén
@fransrosen -
Geekboy
@emgeekboy -
mohammed eldeeb
@malcolmx0x -
Yassine Aboukir 🐐
@Yassineaboukir -
Tanner
@itscachemoney -
Th3g3nt3lman
@Th3G3nt3lman -
Rahul Maini
@iamnoooob -
André Baptista
@0xacb -
todayisnew
@codecancare -
Joel Margolis (teknogeek)
@0xteknogeek -
Patrik Fehrenbach
@ITSecurityguard -
pwnmachine 👾
@princechaddha -
Parth Malhotra
@Parth_Malhotra -
Inti De Ceukelaire
@securinti -
Bhavuk Jain
@bhavukjain1
Something went wrong.
Something went wrong.