gujjuboy10x00
@vis_hacker
Vishal Panchani security Engineer | hall of fame from Google ,paypal , brickftp and many more. keep calm and hack the planet. Top 10 in hackerone alltime
Вам может понравиться
Another milestone 😍, Its 2.5 years with h1 family and Finally Completed 20k reputation @Hacker0x01 . 2nd indian after @emgeekboy who just joined 20k club Next: more focus on signal #20kclub #togetherwehitharder #bugbounty
Facts. Skills, mindset, and consistency.
You do not need Courses and Certificates to make your first 100k in InfoSec.
Do not sign any crypto transactions right now — a major NPM supply chain attack is redirecting approvals & transfers to attacker wallets.
I would strongly recommend not signing any crypto transactions right now. There is a huge supply chain attack on popular NPM packages that may have compromised various crypto websites (frontend, not the actual contracts). It changes the destination address of transactions and…
Is the left really just a giant kleptocracy? The evidence increasingly suggests it is.
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵
my daily ritual starts with this youtube.com/watch?v=1S1fIS…
youtube.com
YouTube
Write in C
How can this be called a “continuing resolution” if it includes a 40% pay increase for Congress?
There are two provisions buried in the CR that Congress is trying to slip by. A pay increase for members of Congress from $174,000 to $243,000 per year. Also, members of Congress are receiving an opt out from being required to use Obamacare
Mario Draghi’s critique is accurate. A thorough review of EU regulations to eliminate unnecessary rules and streamline activity in Europe would revitalize growth and strengthen competitiveness. Things should be default legal, rather than default illegal.
Dear Mario Draghi, a year ago, I asked you to prepare a report on the future of Europe’s competitiveness. No one was better placed than you to take up this challenge. Now, we are eager to listen to your views ↓
Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code…
When researching request smuggling, I decided that TE.0 would never be exploitable because it requires the back-end server to accept a HTTP request starting with a number + newline.... and no server would be that crazy 🤦♂️ Awesome work! Never under-estimate the crazy.
This is one of the most widespread and impactful bugs I've ever found in my career. Great collab with @bsysop and @_medusa_1_ Smugglings are still out there—stay vigilant! #bugbounty @Bugcrowd bugcrowd.com/blog/unveiling…
Our security researcher @hash_kitten found one of the most critical exploit chains in the history of @assetnote. Affecting 40k+ instances of ServiceNow, we could execute arbitrary code, access all data without authentication. You can read our blog here: assetnote.io/resources/rese…
🎉 Big congrats to @rootxharsh & @iamnoooob for their incredible research on hacking into @Apple using a 0-day in Lucee CMS! 🍎🔥 Check out their detailed blog post to learn more about their findings and methodology: blog.projectdiscovery.io/hello-lucee-le… #AppleHack #Lucee #0Day…
projectdiscovery.io
Hello Lucee! Let us hack Apple again? — ProjectDiscovery Blog
Last year we conducted an in-depth analysis of multiple vulnerabilities within Adobe ColdFusion, we derived valuable insights, one of which revolved around CFM and CFC handling, parsing and executi...
My first blog post! It's about CVE-2023-4369, a $10,000 bug I found in ChromeOS in July. The bug used a chrome:// URL XSS to allow Chrome extensions to execute privileged code and read/edit downloaded files without user interaction. 👀 0x44.xyz/blog/cve-2023-…
I just published a write-up about an account takeover where I abused reverse proxy to hijack the OAuth Code. blog.voorivex.team/hijacking-oaut…
I have finally done my first proper bug write-up! This one is about a SOP bypass in Chrome (escalated to ATO) using the Navigation API. Hope someone finds it interesting. Feel free to leave me any comments; I want to improve on this! joaxcar.com/blog/2023/10/0…
New writeup on some interesting web app tech. Enjoy! #bugbounty bountyplz.xyz/bugbounty/2023…
The impact achieved here is neat: labs.hakaioffsec.com/nginx-alias-tr… - I remember first reading about this from @fransrosen - blog.detectify.com/2020/11/10/com…
Chrome has just unleashed popovers: modal dialogs without JS! Of course you can abuse them for XSS filter evasion: portswigger.net/web-security/c…
For a few months, @samwcyo, @bbuerhaus, @rhyselsmore and I focused on hacking EPP servers / ccTLD zones. We're disclosing our work today on the hackcompute blog: hackcompute.com/hacking-epp-se… Our efforts in this space led to the ability to control the DNS zones of the following…
Last year, @Jhaddix, @bscarvell, @seanyeoh and I found a pre-auth RCE in Oracle Opera - CVE-2023-21932. This product holds the PII of every guest (including credit cards 😱). It's used by almost all of the big hotel/resort chains around the world. blog.assetnote.io/2023/04/30/rce… - 1/4
Some AppSeccy thoughts on the rule writing experience for CodeQL vs Semgrep spaceraccoon.dev/comparing-rule…
United States Тренды
- 1. #KonamiWorldSeriesSweepstakes 1,767 posts
- 2. Mitch McConnell 30.1K posts
- 3. Term 194K posts
- 4. #2025MAMAVOTE 1.65M posts
- 5. Andrade 10.8K posts
- 6. AJ Green N/A
- 7. Carter Hart 3,603 posts
- 8. Tyla 31.9K posts
- 9. Budapest 22.8K posts
- 10. Dairy Bird N/A
- 11. HARD LAUNCH 5,715 posts
- 12. No Kings 156K posts
- 13. Ace Frehley N/A
- 14. Anya 17K posts
- 15. Big L 11.3K posts
- 16. Nissan 5,079 posts
- 17. ACEATTORNEY 2,950 posts
- 18. Somalia 33K posts
- 19. Nick Khan N/A
- 20. Chanel 31.5K posts
Вам может понравиться
-
mohammed eldeeb
@malcolmx0x -
Geekboy
@emgeekboy -
Tanner
@itscachemoney -
streaak
@streaak -
Jenish Sojitra
@_jensec -
Joel Margolis (teknogeek)
@0xteknogeek -
Th3g3nt3lman
@Th3G3nt3lman -
Paresh
@Paresh_parmar1 -
Armaan Pathan
@armaancrockroax -
Jasmin Landry
@JR0ch17 -
Jon Bottarini
@jon_bottarini -
Samuel
@saamux -
pwnmachine 👾
@princechaddha -
Harsh Jaiswal
@rootxharsh -
Avanish Pathak
@avanish46
Something went wrong.
Something went wrong.