/home/toxicat0r
@toxicsolution
OSCE3 | OSED | OSEP | OSWE | OSWA | OSCP | BSCP | CCNA | Bug Bounty Hunter | Security Researcher
Bạn có thể thích
HTTP/2: The Sequel is Always Worse by @albinowax portswigger.net/research/http2
I earned $1800 for my submission on @bugcrowd bugcrowd.com/toxicat0r #ItTakesACrowd API takeover (customer data exposed). Several small bugs resulted in one big final payment :)
I earned $600 for my submission on @bugcrowd bugcrowd.com/toxicat0r #ItTakesACrowd Administrator privileges to their API :)
I earned $450 for my submission on @bugcrowd bugcrowd.com/toxicat0r #ItTakesACrowd IDOR exposed customer data. Changed the HTTP method from PUT to GET, shortened down the URL, and finally changed the user ID :)
I earned $300 for my submission on @bugcrowd bugcrowd.com/toxicat0r #ItTakesACrowd IDOR in a private program ;) Got another $150 for no rate limiting as well 🥳
Shoutout to @evildaemond, Ulas, and Viper at @Bugcrowd. Triaging at the speed of light 💯
Just bought myself a couple of new IoT cameras. Not sure if I should laugh or cry :)
BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech unit42.paloaltonetworks.com/bendybear-shel…
Accessed the computer system of a facility that treats water for about 15,000 people and sought to add a dangerous level of additive to the water supply reuters.com/article/us-usa…
9 exploits published today with my name on them. Super happy about that, but also worrying that some WP plugin developers really don’t care about security. They ignored my requests until I contacted the WP plugin security team directly.
[webapps] WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion dlvr.it/RsFRB4
CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) blog.qualys.com/vulnerabilitie… via @qualys
New campaign targeting security researchers @google blog.google/threat-analysi…
Don't forget to add "Password2021" to your wordlists.
I have report from Microsoft about SolarWinds hack, including IoCs. Excerpts in this thread: "Microsoft security researchers recently discovered a sophisticated attack where an adversary inserted malicious code into a supply chain development process.... 1/
Stumbled across this awesome tool yesterday. Perfect for OSINT, bug bounty hunting, and so on. Search across a half million git repos 💯 grep.app
"Sent torsdag kveld fikk VG inn en rekke tips fra lesere som hadde blitt logget inn på andres profiler når de forsøkte å logge seg inn via ID-porten, en felles innloggingsløsning til offentlige tjenester." direkte.vg.no/nyhetsdognet/n…
United States Xu hướng
- 1. phil 108K posts
- 2. Falcons 20.2K posts
- 3. Falcons 20.2K posts
- 4. Drake London 2,738 posts
- 5. phan 86K posts
- 6. Josh Allen 7,786 posts
- 7. Columbus 245K posts
- 8. Palmer 10K posts
- 9. Bijan 4,734 posts
- 10. Jorge Polanco 7,417 posts
- 11. Tyler Allgeier 1,199 posts
- 12. #BUFvsATL 1,908 posts
- 13. Starship 59K posts
- 14. Mitch Garver N/A
- 15. Penix 2,379 posts
- 16. #RiseUp N/A
- 17. #DirtyBirds 1,613 posts
- 18. Shakir 2,196 posts
- 19. Dawson Knox N/A
- 20. McDermott 1,033 posts
Bạn có thể thích
-
Soumyani1
@reveng007 -
Sm4rty.xyz 𝕏
@Sm4rty_ -
error4o4
@error404sec -
SecHawk
@sec_hawk -
Abhishek Karle
@AbhishekKarle3 -
Fatin Sirat
@fatinsourav1 -
T0t0r0
@T0t0r04 -
Tanmay
@blackk_hawkkk -
SplinterSec
@splint3rsec -
AbdeRaouf 🇵🇸
@abderaoufzx -
Ashiqur Emon
@Ashiqur_Emon78 -
Steffen
@devourer_stf -
0xPratyaksh
@mr_fr3qu3n533 -
pedro bart
@pedrobart01 -
🍀 Fritz Meyer 🐜🎗️🐜🏴💀
@Boomer_1960
Something went wrong.
Something went wrong.