@NotS0Funny Profile picture

Bob

@NotS0Funny

Joined August 2016
Similar User
Vahagn Vardanian photo

@vah_13

Raz0r photo

@theRaz0r

DEVCORE photo

@d3vc0r3

gelim photo

@gelim

Steph photo

@w34kp455

Martin Doyhenard photo

@tincho_508

George Noseevich photo

@webpentest

Pablo Artuso 🗿🇦🇷 photo

@lmkalg

Bob Reposted

Keyhacks - A Repository Which Shows Quick Ways In Which API Keys Leaked By A Bug Bounty Program Can Be Checked To See If They'Re Valid feedproxy.google.com/~r/PentestTool…


Bob Reposted

OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises #infosec #pentest #redteam github.com/Aetsu/Offensiv…

Tweet Image 1

Bob Reposted

If you have Symantec SEP installed you can use the "Symantec.SSHelper" COM object to launch processes and download arbitrary files. The "User-Agent: Symantec Agent" can be used to identify requests made by the "HIDownloadURLFile"

Tweet Image 1
Tweet Image 2

Bob Reposted

OSEP - Offensive Security Experienced Penetration Tester video review and discussion! I share some insights into my note-taking process, how I write the exam report, thoughts on the exam and answer some of your questions. 3:30 PM ET! youtube.com/watch?v=iUPyiJ…


Bob Reposted

I really don't like how pentesters' team work is organized these days. It's just chat+unstructured project data in txt files. Zero true teammate collaboration. So, I've spent the last few months solving the problem. Check it out:Hive - self-hosted pentest collaborative platform!

This post is unavailable.

Bob Reposted

#CVE-2021-2109 Weblogic Remote Code Execution involving HTTP protocol and JNDI injection gadget. Here is the writeup mp.weixin.qq.com/s/wX9TMXl1KVWw…


Bob Reposted

RCE PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager) github.com/chipik/SAP_EEM…


Bob Reposted

here I have shown an admin session generation vulnerability (𝐂𝐕𝐄-𝟐𝟎𝟏𝟗-𝟐𝟕𝟔𝟖) in Oracle BI. An attacker using this vulnerability can access the system if he knows a username (default system or weblogic) and system ID. github.com/vah13/Oracle-B… //cc @NewFranny

Tweet Image 1

Bob Reposted

XSS in <a> tag without user interaction example[.]com/index.php?xss=<a href=x onfocus=alert(23) name=jj>#jj


Bob Reposted

A few bullets for SAP pentests. SAP Gateway RCE exploit (+bypass of default GW ACL) github.com/chipik/SAP_GW_…


Bob Reposted

Realized it is possible to fingerprint WebLogic T3 through a protocol smuggle. For example, `curl "gopher://[IP]:7001/_t3%2012.1.2%0AAS:2048%0AHL:19%0A%0A"`

Tweet Image 1

Bob Reposted

Who wants to create new machine learning algorithms to detect real #malware traffic and attacks in the network? It is happening at #TR19 ! troopers.de/troopers19/tra… @eldracote @verovaleros


Bob Reposted

I have found an interesting thing with content-disposition in file downloading time. medium.com/@vvvaagn/game-…

Tweet Image 1

Bob Reposted

Command line Hex Viewer with colored highlighting ❤️ GIthub: github.com/sharkdp/hexyl

Tweet Image 1

Bob Reposted

Buffer Overflow Practical Examples , metasploit , gdb and objdump ! 0xrick.github.io/binary-exploit…


Bob Reposted

A new way to exploit JNDI injections in Java. Works even after jdk8u191 and does not rely on remote class loading. veracode.com/blog/research/… via @Veracode

Tweet Image 1

Bob Reposted

One week passed as we started with @NewFranny our research of Oracle BI system. As a semi-result: 5 anon XXE; 2 Dir traversals; 1 upload, leading to RCE; 1 information disclosure; 1 weak admin session creation, leading to admin access. Whoops :D #Oracle #SecurityResearch

Tweet Image 1

Bob Reposted

Write-ups on three recent WebLogic #javadeser RCEs (translated from chinese): translate.google.com/translate?sl=a… translate.google.com/translate?hl=e…


Good job!

hey @WEareTROOPERS, TokenChpoken_2.0 is coming soon special for #tr19! Submitted to Oracle, waiting for a patch 🥳🥳🥳



Bob Reposted

Red Teaming and Pentesting Tips - really worth a look 😉 #infosec #pentest #redteam synack.blog/posts/red-team…


Loading...

Something went wrong.


Something went wrong.