Freelance pentester and bug bounty organic farmer.
Joined February 2018
- Tweets 688
- Following 397
- Followers 254
- Likes 570
4 Photos and videos
Jan 29
Well written and clear read on finding a TCC bypass in Claude Desktop
186
21 Mar 2023
For anyone on mastodon who cares about hacking and good write ups Im curious which of the two summaries was more useful between my last #dailyread and this infosec.exchange/@djislucid/…
109
21 Mar 2023
#dailyread was tij.me/blog/harvesting-activ… an awesome write-up documenting abusing a HTTP Request Smuggling vulnerability in order to MiTM a domain user's Exchange mail sync. As the Exchange server was using Basic Auth they were able to steal credentials, however being a red team
1/
1
2
3
582
21 Mar 2023
engagement they took it a few steps further and hosted a rogue service which would update the user's Exchange server in the account settings. This got me excited about request smuggling all over again. The impact of this goes way beyond stealing cookies or turning a self-XSS
2/
1
79
21 Mar 2023
into a persistent XSS or many of the other known uses of a HRS bug. It's fun to see how this could be useful in both red team engagements and #BugBounty as well. When going the extra mile, don't be afraid to read the RFCs! rfc-editor.org/rfc/rfc7231#s…
57
20 Mar 2023
As a follow up to my last #dailyread tweet here's an article which describes a real attack scenario and some high-level post exploitation methodology being used by APTs thehackernews.com/2023/03/ch…
1
4
109
20 Mar 2023
#dailyread was blog.scrt.ch/2023/03/14/prod… and right off the bat I notice that the author makes a point to mention various small failures they experienced throughout the process. In this case the process was attempting to create a working PoC for an exploit being used by
1/
1
2
165
20 Mar 2023
with understanding of some more advanced concepts. The author's clear and even candid writing style makes it feel like we are there for the entire process making it much easier to understand even if exploit dev and reverse engineering isn't your thing. In the end they were
3/
1
79
20 Mar 2023
successful in building a working PoC, though some further assembly (pun intended) required in order to get it to work in an environment other then the one they were working on. Plenty of additional resources are linked in the article. I really enjoyed this one.
62
Add this shell function to your dotfiles to download any bug bounty program's subdomains, web servers, cloud assets, or URLs from the Inventory dataset 🪄
github.com/trickest/inventor…
1
5
20
3,092
18 Mar 2023
#dailyread - blackhillsinfosec.com/your-b…. To summarize, the researcher was able to find stealer logs working on something unrelated to a red team engagement. They searched the logs and found references to Citrix logins which they used in a credential stuffing attempt against their
/1
1
1
150
18 Mar 2023
target. This did not work, but some of the information (there was 10TB) was related to a username which was valid for their client. This probably isn't news to a lot of people, but the takeaway is that you should think twice before saving sensitive information in your browser
2/
1
47
18 Mar 2023
as this is a common thing attackers look to harvest in the event malware is successfully installed on your computer. These logs are often easily found on public cracking forums. Big thanks to blackhillsinfosec.com/team/c… for this writeup.
36
17 Mar 2023
#dailyread was trickest.com/blog/hundreds-o… from the Trickest team. They identified over 550 AWS servers vulnerable to Host header-based SSRF across the entire range. One thing I enjoy about this article is that they broke down the whole workflow of how they tooled the process
1/
1
4
13
1,207
17 Mar 2023
Keep in mind, that's roughly 13 million total hosts. I'm not sure what I would have guessed the number of servers vulnerable to header-based SSRF would be out of 13m, but I probably would have been surprised no matter what.
1
89
lucid retweeted
11 Mar 2023
POV: You successfully deployed malware to an Iranian nuclear facility
13
73
865
100,413
11 Mar 2023
Started a #mastadon account. Guess I’ll just cross-post for now. Btw, they’re called toots? Did mastodons toot? Is this a scientific term for proboscidean communication mechanisms? Asking for a friend
1
85
11 Mar 2023
Also, the last #dailyread article was originally tweeted by the author here
10 Mar 2023
Hey folks! I wrote about a recent finding of mine - Reflected Xss. It was a very peculiar xss and had to bypass lots weird checks to takeover accounts. I hope you find it interesting:
marvelmaniac.medium.com/b4c8…
75
11 Mar 2023
#dailyread today was marvelmaniac.medium.com/b4c8…. What started as an open redirect eventually turned into a full blown account takeover, going to show you why it's good to not settle when it comes to your bugs. I'll make a quick summary here but you'll miss out on good information
1/
1
1
3
196
11 Mar 2023
directives and snag a cookie in the face of restrictions. Numerous bypasses and encodings were used to get this to work. The main takeaway I have for this is that building impact is like building almost anything else worth building. It starts with one piece and only after
3/
1
1
68
11 Mar 2023
fitting several pieces together can you call it a creation. This is where breaking and building intersect. Be sure to read the whole article and give @maniacmarvel_ a follow and a clap on Medium.
1
1
65