Similar User
@vah_13
@theRaz0r
@d3vc0r3
@gelim
@w34kp455
@tincho_508
@webpentest
@lmkalg
Keyhacks - A Repository Which Shows Quick Ways In Which API Keys Leaked By A Bug Bounty Program Can Be Checked To See If They'Re Valid feedproxy.google.com/~r/PentestTool…
OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises #infosec #pentest #redteam github.com/Aetsu/Offensiv…
If you have Symantec SEP installed you can use the "Symantec.SSHelper" COM object to launch processes and download arbitrary files. The "User-Agent: Symantec Agent" can be used to identify requests made by the "HIDownloadURLFile"
OSEP - Offensive Security Experienced Penetration Tester video review and discussion! I share some insights into my note-taking process, how I write the exam report, thoughts on the exam and answer some of your questions. 3:30 PM ET! youtube.com/watch?v=iUPyiJ…
I really don't like how pentesters' team work is organized these days. It's just chat+unstructured project data in txt files. Zero true teammate collaboration. So, I've spent the last few months solving the problem. Check it out:Hive - self-hosted pentest collaborative platform!
#CVE-2021-2109 Weblogic Remote Code Execution involving HTTP protocol and JNDI injection gadget. Here is the writeup mp.weixin.qq.com/s/wX9TMXl1KVWw…
RCE PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager) github.com/chipik/SAP_EEM…
here I have shown an admin session generation vulnerability (𝐂𝐕𝐄-𝟐𝟎𝟏𝟗-𝟐𝟕𝟔𝟖) in Oracle BI. An attacker using this vulnerability can access the system if he knows a username (default system or weblogic) and system ID. github.com/vah13/Oracle-B… //cc @NewFranny
XSS in <a> tag without user interaction example[.]com/index.php?xss=<a href=x onfocus=alert(23) name=jj>#jj
A few bullets for SAP pentests. SAP Gateway RCE exploit (+bypass of default GW ACL) github.com/chipik/SAP_GW_…
Realized it is possible to fingerprint WebLogic T3 through a protocol smuggle. For example, `curl "gopher://[IP]:7001/_t3%2012.1.2%0AAS:2048%0AHL:19%0A%0A"`
Who wants to create new machine learning algorithms to detect real #malware traffic and attacks in the network? It is happening at #TR19 ! troopers.de/troopers19/tra… @eldracote @verovaleros
I have found an interesting thing with content-disposition in file downloading time. medium.com/@vvvaagn/game-…
Command line Hex Viewer with colored highlighting ❤️ GIthub: github.com/sharkdp/hexyl
Buffer Overflow Practical Examples , metasploit , gdb and objdump ! 0xrick.github.io/binary-exploit…
A new way to exploit JNDI injections in Java. Works even after jdk8u191 and does not rely on remote class loading. veracode.com/blog/research/… via @Veracode
One week passed as we started with @NewFranny our research of Oracle BI system. As a semi-result: 5 anon XXE; 2 Dir traversals; 1 upload, leading to RCE; 1 information disclosure; 1 weak admin session creation, leading to admin access. Whoops :D #Oracle #SecurityResearch
Write-ups on three recent WebLogic #javadeser RCEs (translated from chinese): translate.google.com/translate?sl=a… translate.google.com/translate?hl=e…
Good job!
hey @WEareTROOPERS, TokenChpoken_2.0 is coming soon special for #tr19! Submitted to Oracle, waiting for a patch 🥳🥳🥳
Red Teaming and Pentesting Tips - really worth a look 😉 #infosec #pentest #redteam synack.blog/posts/red-team…
United States Trends
- 1. #Bitcoin 431 B posts
- 2. Hawk Tuah 46,4 B posts
- 3. #YEONJUNatGQNIGHT 11,6 B posts
- 4. YEONJUN MEN OF THE YEAR 11,7 B posts
- 5. Lakers 46,1 B posts
- 6. #CreatureComandos N/A
- 7. Duke 41,3 B posts
- 8. DreTL 3.265 posts
- 9. Clippers 6.970 posts
- 10. #Survivor47 10,4 B posts
- 11. #InfinityNikki 4.452 posts
- 12. Isaiah Evans 5.196 posts
- 13. Hailey 13,1 B posts
- 14. Obamacare 13,4 B posts
- 15. Snape 13,5 B posts
- 16. CEOs 47,5 B posts
- 17. Coffeezilla 1.530 posts
- 18. Jay Taj 2.108 posts
- 19. Creighton 7.062 posts
- 20. Cooper Flagg 2.885 posts
Something went wrong.
Something went wrong.