22sh @0x22sh
jack of all trade master of none ・OSEP・BJJ blue belt ・@hexagonctf /home/bordeaux Joined May 2016-
Tweets489
-
Followers822
-
Following968
-
Likes18K
🧵[1/9] Time to publish the solution to this challenge! x.com/pilvar222/stat… The goal of this challenge was to find an XSS while avoiding it being blocked by the CSP sent by the PHP header() function. Let's dive into it!
🧵[1/9] Time to publish the solution to this challenge! x.com/pilvar222/stat… The goal of this challenge was to find an XSS while avoiding it being blocked by the CSP sent by the PHP header() function. Let's dive into it!
I've finally finished my writeups for #FCSC2024, which covered: - Nginx X-Accel-Redirect file read - Werkzeug error-based request smuggling - HTTP/1.1 and HTTP/0.9 browser confusion - Connection: close bypass via Expect: 100-continue - ... Link 👇 mizu.re/tag/FCSC2024 1/2
DOMPurify 3.1.1 & 2.5.1 have been released. Both are security releases & should be upgraded to asap. Note: More releases might follow, the mitigated attack is novel. Eternal gratitude goes to @IcesFont for finding, reporting & helping with fixes 🙇 github.com/cure53/DOMPuri…
🤯
🤯 https://t.co/y2bsOBvTOJ
Nice #KASLR break by @p1k4l4 for x86_64 kernels with Xen support (Debian and Ubuntu by default). Xen symbols are included in the kernel ELF .notes section and exposed world readable via SysFS (/sys/kernel/notes) since 2007 (pre-KASLR). Added to KASLD: github.com/bcoles/kasld/c…
Nice #KASLR break by @p1k4l4 for x86_64 kernels with Xen support (Debian and Ubuntu by default). Xen symbols are included in the kernel ELF .notes section and exposed world readable via SysFS (/sys/kernel/notes) since 2007 (pre-KASLR). Added to KASLD: github.com/bcoles/kasld/c…
Just finished 3rd place, out of 9186 players on this last HackTheBox season. Falling just behind @xct_de and @snowscan. Thank you very much for the competition @hackthebox_eu! Keeping this pace going was not very healthy suffice to say 🤪
wild stuff re: xz/liblzma backdoor news.ycombinator.com/item?id=398658…
Whats the bet this would never happen in an application when using the PostgreSQL lib. Not only does it need to be in extended mode, it needs 2 controlled args, the 1st being an int AND the int needs a - char just before the replace position. Good luck! cyberatlas.co/l/sql-injectio…
Just published a writeup of a Buffer Overflow in TP-Link's TDDP programs causing memory structure destruction resulting in a denial of service affecting at least 26 models 🤠 this bug was exploited and discovered using Shambles 🔥 boschko.ca/tp-link-tddp-b…
@fl0ct0 it's life on ez mode. just being a little bit curious and hard working can give huge returns. my non CS/sec friends work way harder for less (although they still enjoy their work). it's also nice that you can do it "anywhere/anytime". And you're constantly learning, more valuable
We can relay back to the same machine using Kerberos relay instead of NTLM relay. I discovered this attack vector more than a year ago. I will describe it in detail in upcoming Black Hat Asia 2024 blackhat.com/asia-24/briefi… and introduce more interesting attacks.
We can relay back to the same machine using Kerberos relay instead of NTLM relay. I discovered this attack vector more than a year ago. I will describe it in detail in upcoming Black Hat Asia 2024 blackhat.com/asia-24/briefi… and introduce more interesting attacks. https://t.co/T54yHWXFSt
I've just completed this lab, and I can only recommend it! This might be the best lab I've ever played, covering aspects from Azure AD shenanigans to EDR/WDAC bypass. Go play - you won't regret it.
I've just completed this lab, and I can only recommend it! This might be the best lab I've ever played, covering aspects from Azure AD shenanigans to EDR/WDAC bypass. Go play - you won't regret it.
A brief #OSINT investigation into the potential Chinese hacker exposed in the iSoon/Anxun leak. We have pulled together information from some of the great threads that other OSINT investigators have published including @NathanPatin, @S0ufi4n3, @fs0c131y.
Did a little writeup of the CSP bypass I reported to PortSwigger. It might be interesting to anyone who saw the disclosed report and wonders if CSP bypasses are the new ripe low-hanging fruit! joaxcar.com/blog/2024/02/1…
Also, I'd also like to do a commentary session on last year's LiveCTF, not sure when that will happen, but it's on my to-do list. Lately, I've realized how difficult it is to allocate free time during workdays... I'm recovering from a bit of burnout rn.
出来た。CSSでJSを動かす技術、expression()をWin11で体験する方法: 1. localhostで次のHTMLをホスト <meta http-equiv=x-ua-compatible content=IE=5><p style=x:expression(alert(1))> 2. Edgeでhttp://localhostでアクセス(ホストにドットがないURLが肝) 3. IEモードで再読込(無限alertが出ます)
出来た。CSSでJSを動かす技術、expression()をWin11で体験する方法: 1. localhostで次のHTMLをホスト <meta http-equiv=x-ua-compatible content=IE=5><p style=x:expression(alert(1))> 2. Edgeでhttp://localhostでアクセス(ホストにドットがないURLが肝) 3. IEモードで再読込(無限alertが出ます)
Hip, hip, hooray! It's been 10 years of AppSec Ezine! Big shoutout to all who have been supportive along the journey and to the security community that made this project possible. Cheers 🥂 520th Edition: pathonproject.com/zb/?6ba3505270… Repo: github.com/Simpsonpt/AppS… #AppSec #Security
OOPArtDB from #HackTheBox was recently retired, an insane #WEB challenge by @Strellic_ - learned some amazing attack techniques. Going to present the exploitation path soon. My slides for the upcoming presentation can now be found online: romanh.de/files/Advanced…
Worty @_Worty
2K Followers 514 Following Organizer of @HeroCTF || @FlatNetworkOrg || TeamFR 2021 & 2022 🇫🇷 || 🥷 @Synacktiv
Kévin - Mizu @kevin_mizu
3K Followers 650 Following Vulnerability researcher 🐛 | CTF with @HexagonCTF, @rhackgondins 🦦 | Team FR 2023 🇫🇷 | https://t.co/sEBb6VnMrm
Nishacid @Nishacid
1K Followers 235 Following Cybersecurity enthusiast | Bug Hunter 🪲| Staff @RootMe_org | @GrehackConf 🏔️ | CTF @RMUBYGG 🇫🇷
voydstack @voydstack
1K Followers 771 Following 🥷 @Synacktiv | CTF with @RMUBYGG, @Hexagonctf, @ECSC_TeamFrance 20/21/22/23
Mayfly @M4yFly
5K Followers 754 Following Former Dev and DevOps| Pentester and red teamer at orange cyberdefense | OSCE³| Tweet are my own| discord: m4yfly
mxrch @mxrchreborn
2K Followers 403 Following HideAndSec 🐈⬛ https://t.co/6S8IYIrzHd a̶͇̫̋a̴̢̛̯͋̎ä̶̰́̊a̸̩̬̝̽̇̇
Aurélien Chalot @Defte_
2K Followers 416 Following Hacker, sysadmin and security researcher @OrangeCyberdef 💻 Calisthenic enthousiast 💪 and wannabe philosopher 📖 🔥 Hide&Sec 🔥
Rayan Bouyaiche @rayanlecat
1K Followers 681 Following Active Directory & Cloud hacking enthusiast, CTF @phreaks2600 and pentester @secnumcloud
0xStarlight @Bhaskarpal__
3K Followers 575 Following CSE Major | eJPT | CRTP | CRTE | CRTO | CRTL | HackTheBox Hall Of Fame Top 50 and Top 2 in India | Programmer and Play CTF with @ActivateWind0ws
aaSSfxxx @aaSSfxxx
1K Followers 585 Following https://t.co/5Lu2BqwhX3 | Ergo Proxy | Baby Sibyl System | Camion-benne de la connerie humaine
Euz | Matthieu 🐙 @_Euzebius
2K Followers 2K Following Gamer, hacker. Purple teamer at 💜. Infosec swiss army knife. Love pentest, threat hunting, IR. HTB 🇫🇷 ambassador : euz. I didn't choose InfoSec, it chose me.
BlackWasp @BlWasp_
2K Followers 237 Following Pentester and Red Team technical leader at Advens | Microsoft MVP
Kavishka Gihan @_kavigihan
908 Followers 128 Following 18 | Security researcher | Machine author @hackthebox_eu
crazyman_army @CrazymanArmy
6K Followers 3K Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities opinions are own not group
Shashwat Shah 🇮�.. @0xEr3bus
557 Followers 87 Following CRTL | CRTO | Ejpt | CRTE | HackTheBox Player | RastaLabs | Zephyr lab | APT Lab | Windows Exploitation | Wannabe Red Teamer
Boschko 🇨🇦 @olivier_boschko
4K Followers 2K Following just a french canadien | adversary emulation (red team) @ RBC | CISSP BSCP CRTL CRTO OSCP eWPTX eCPPT | goofing off @ https://t.co/aWC0YYEp9x
European Cyber Cup @EuCyberCup
2K Followers 811 Following European Cyber Cup 🏆 | 1ère compétition d'eSport dédiée au hacking éthique, pendant le Forum International de la Cybersécurité @FIC_eu. | 📅 27 & 28 mars 2024
xanhacks @xanhacks
1K Followers 619 Following 🎯 Web & Malware 🩸CTF with @Arn_Hack @HexagonCTF @GCC_ENSIBS 💾 Staff member of @HeroCTF @Hack2g2 @Flag4jobs
Amanuel Hailegiyorgis @AHaileG
13 Followers 91 Following CS student | CTF advocate | the things I say target nothing but the subjects I love.
S Artist @security_artist
30 Followers 175 Following
Mo0n Sha𝄞ow @null001__
45 Followers 2K Following
vtim @vtim9907
16 Followers 669 Following
Luke Jahnke @lukejahnke
2K Followers 5K Following
To tor @Totor25232932
1 Followers 80 Following
bushidosan @bushidosann
13 Followers 156 Following Interested in maldev and windows internals with a sprinkle of reversing | Developing on a pace slower then a snail
Josuke @Jotar056
0 Followers 1K Following
Zodial @Z0dial
126 Followers 1K Following
K1nz @viet_kien16450
97 Followers 2K Following
Clips @clipsecio
173 Followers 602 Following Infosec enthusiast // Soon™ HtB Guru // Elon Musk idolizer // Future Tesla Owner // Gamer // Memer
Ashutosh Barot @ashu_barot
1K Followers 1K Following Looking for a new role | Security Researcher 💻 | Featured in @techcrunch @thehackersnews | MTech🎓 #NFSU| 12x CVEs | #2 Coinbase, H1| Securing web2,3
crazyman @crazyman823886
340 Followers 649 Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities pre account @CrazymanArmy
Frozenk @CyberFrozenk
37 Followers 206 Following HackTheBox : https://t.co/q9cOdS8hvN Youtube : https://t.co/vBBAKzuBVJ GitHub : https://t.co/jwlMVAcTrW
celesian @c3l3si4n
3K Followers 366 Following
Bridget 🤪 @Bridget__L9236
2 Followers 254 Following Voluрtuоus enсhаntrеss cаptivаtеd bу limitless sеnsаtiоns
VALKY @VALKY_ow
33 Followers 72 Following
sol.D.ace @solDace_
9 Followers 17 Following
Talace @Talace_
16 Followers 147 Following
Prox @OsintTheWorld
45 Followers 189 Following OSINT & CTF player. Interested in Infosec & Red teaming.
Kib @_kibov
24 Followers 180 Following
carnifex17 @carnifex1717
15 Followers 39 Following
purplestormctf @purplestormctf
75 Followers 103 Following Official Twitter account of the purplestorm ctf team.
Melissa Wright @Melissa32458861
62 Followers 97 Following I am a strong believer in the tyranny, the dictatorship, the absolute authority of the writer.
DoubleTake @LeDoubleTake
212 Followers 388 Following Pentester | DigitalFence Co-Founder | eWPTx, Dante | Offshore in progress 👨🏻🍳
Zélétix @Zeletixx
7 Followers 30 Following
Lexter @lxt33r
276 Followers 525 Following Reverse Engineer @fuzzinglabs , CTF Player for @thehackerscrew1 and @MadeinFranceCTF
ValekoZ @valekoz_
184 Followers 382 Following CTF player at @phreaks2600, student at @ecole2600 and ninja at @Synacktiv
Hackviser @hackviserr
2K Followers 3K Following Tailored cybersecurity #upskilling platform for all levels, catering to beginners and pros | Best way to boost your #cybersecurity skills
jason @jason41244
29 Followers 189 Following
Martin Mielke @xct_de
5K Followers 821 Following Windows Exploitation • OSCE3/OSEE • Labs @vulnlab_eu • Principal Red Teamer @MantodeaSec
vx-underground @vxunderground
291K Followers 211 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
cts🌸 @gf_256
52K Followers 624 Following Co-founder @zellic_io & @pb_ctf | YT: https://t.co/nlNai6iQCn Prev: Vector35, Grayshift, Two Sigma, Dfsec | 23yo hacker femboy
Hack The Box @hackthebox_eu
190K Followers 226 Following #1 Cyber Performance Center, providing a human-first platform to create and maintain high-performing cybersecurity individuals and organizations.
Charlie Bromberg « .. @_nwodtuhs
13K Followers 648 Following Trying to hack the way we hack things 🏴☠️
Worty @_Worty
2K Followers 514 Following Organizer of @HeroCTF || @FlatNetworkOrg || TeamFR 2021 & 2022 🇫🇷 || 🥷 @Synacktiv
Kévin - Mizu @kevin_mizu
3K Followers 650 Following Vulnerability researcher 🐛 | CTF with @HexagonCTF, @rhackgondins 🦦 | Team FR 2023 🇫🇷 | https://t.co/sEBb6VnMrm
Synacktiv @Synacktiv
17K Followers 277 Following Offensive security company. Dojo of many ninjas. Red teaming, reverse engineering, vuln research, dev of security tools and incident response.
Nishacid @Nishacid
1K Followers 235 Following Cybersecurity enthusiast | Bug Hunter 🪲| Staff @RootMe_org | @GrehackConf 🏔️ | CTF @RMUBYGG 🇫🇷
voydstack @voydstack
1K Followers 771 Following 🥷 @Synacktiv | CTF with @RMUBYGG, @Hexagonctf, @ECSC_TeamFrance 20/21/22/23
Mayfly @M4yFly
5K Followers 754 Following Former Dev and DevOps| Pentester and red teamer at orange cyberdefense | OSCE³| Tweet are my own| discord: m4yfly
John Hammond @_JohnHammond
240K Followers 2K Following Hacker. Cybersecurity Researcher @HuntressLabs || https://t.co/qUeDM3lSCl
LiveOverflow 🔴 @LiveOverflow
142K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
sahuang @sahuang97
3K Followers 682 Following Founder @ProjectSekaiCTF | Software Engineer @MicrosoftVan | Mococo: @_YaNnhui_ | Trading alt: @sahuang_alt | Chunithm & osu! enjoyer
mxrch @mxrchreborn
2K Followers 403 Following HideAndSec 🐈⬛ https://t.co/6S8IYIrzHd a̶͇̫̋a̴̢̛̯͋̎ä̶̰́̊a̸̩̬̝̽̇̇
Aurélien Chalot @Defte_
2K Followers 416 Following Hacker, sysadmin and security researcher @OrangeCyberdef 💻 Calisthenic enthousiast 💪 and wannabe philosopher 📖 🔥 Hide&Sec 🔥
PortSwigger Research @PortSwiggerRes
88K Followers 7 Following Web security research from the team at @PortSwigger
PwnFunction @PwnFunction
38K Followers 981 Following I make animated computer science videos • product & ai @pdiscoveryio • blog at https://t.co/RLiSNOVQ0W
Mathis Hammel @MathisHammel
61K Followers 559 Following Formateur IA, dev, cybersécurité • Entraîneur WorldSkills pour l'équipe de France cyber • GDE, MVP • Parrain de @Guardia_School
Clips @clipsecio
173 Followers 602 Following Infosec enthusiast // Soon™ HtB Guru // Elon Musk idolizer // Future Tesla Owner // Gamer // Memer
crazyman @crazyman823886
340 Followers 649 Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities pre account @CrazymanArmy
Balti @toujoursbalti
57K Followers 840 Following
MrMidnight @MrMidnight53
1K Followers 406 Following We do a lil hacking!™ | eJPT | CTF Creator & Player | Developer | Game-dev | Vinyl Enjoyer | YouTuber: https://t.co/MnWJZ9Zl7p
c0m0r1 @c0m0r1
2K Followers 252 Following KAIST CS & EE 18 + EE M.S. Student 23 / KAIST GoN 18 / pwn, rev / newbie forever / 음악듣는 코모리 @DC0m0r1
kolokokop @kolokokop
143 Followers 271 Following
The Impartial Truth @IImpartialTruth
15K Followers 35 Following 🎞️ History Uncensored | Rare Archives ↙️
Manfred Paul @_manfp
5K Followers 279 Following Maths and cyber and stuff. Playing CTFs with @redrocket_ctf (and @Sauercl0ud). Pwn2Own Vancouver 2020..=2022, 2024. @[email protected]
Jason Lang @curi0usJack
15K Followers 195 Following @TrustedSec Red Team | Hi-Fidelity trolling | Privacy Enthusiast | Putting the "no" in nano | Avatar: https://t.co/3XHmKR8VrS
n00py @n00py1
13K Followers 955 Following Retweeter of InfoSec/Offsec/Pentest/Red Team. Occasional blogger/Independent security research. [email protected] on Mastodoge
purplestormctf @purplestormctf
75 Followers 103 Following Official Twitter account of the purplestorm ctf team.
CvxFous @Cvxfous
81 Followers 172 Following I coded Monster Logic, buy now on steam: https://t.co/acbVwZKVqd…
Ian Beer @i41nbeer
49K Followers 144 Following
Soheil @Soheil__K
273 Followers 412 Following Researcher @CISPA, Web Security & Privacy, Program Analysis | Engineer | #BugBounty Hunter; Past @IMDEA_Software.
Lexter @lxt33r
276 Followers 525 Following Reverse Engineer @fuzzinglabs , CTF Player for @thehackerscrew1 and @MadeinFranceCTF
sakura @eternalsakura13
6K Followers 156 Following Security Researcher of 360. 2021/2022/2023 Top 10 Chrome VRP Researcher. 2023 Top2 Facebook whitehat. BlackHat Asia/BlackHat USA/Zer0Con speaker.
Dlive @D1iv3
2K Followers 1K Following Security Researcher. 2022 MSRC MVR. Windows Active Directory Security / Cloud Security / Web Security. Tweets are my own.
ValekoZ @valekoz_
184 Followers 382 Following CTF player at @phreaks2600, student at @ecole2600 and ninja at @Synacktiv
Pwned Labs @PwnedLabs
787 Followers 47 Following Pwned Labs delivers fun and immersive cybersecurity training experiences for individuals and businesses. Join the community: https://t.co/kyG413GZDa
@[email protected] @r3tr074
760 Followers 498 Following Security research | https://t.co/0JQ2SjUVJZ founder | CTF pwn/rev @eltctfbr + @r3kapig | yes, I'm the browser guy
Kavishka Gihan @_kavigihan
908 Followers 128 Following 18 | Security researcher | Machine author @hackthebox_eu
r0BIT @0xr0BIT
481 Followers 285 Following OSCP | CRTO | Sr. Pentester @ProsecNetworks | Content exclusive @vulnlab_eu
cvc5 Solver @cvc5_solver
84 Followers 19 Following cvc5 is an efficient open-source automatic theorem prover for Satisfiability Modulo Theories (SMT) problems.
D3STY @d3sty_
199 Followers 605 Following 🎓CNVP | CLNP | CSIS 🧠 Neurodiversity 💻 CyberSec Research 🚩 Player @purplestormctf
DitzyFlama @DitzyFlama
126K Followers 700 Following @glitch_prod @memesbycowbelly @NeverthinkTV | Alt: @DitzysAlt @osakefuru | Business Inquiries: https://t.co/Bn43fOhSbB
jeremy scahill @jeremyscahill
393K Followers 4K Following co-founder of the intercept. wrote blackwater & dirty wars. contact: [email protected] DM for signal. Join my email list at https://t.co/aSxp03XtEb
Joel Eriksson @OwariDa
5K Followers 4K Following Offensive security researcher and entrepreneur -Kernels, browsers and all that jazz- Also: - AI/ML/DL - AR/VR/XR - CTFs (pwn/re/crypto) + Cicada 3301, Boxen etc
Paul Bolton (m0noc) @overtsecrecy
915 Followers 948 Following Also @[email protected] #ActuallyAutistic he/him
Dirk-jan @_dirkjan
25K Followers 173 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Xah Lee @xah_lee
4K Followers 516 Following Math and Programing Nerd. Author of JavaScript in Depth, Practical Emacs Lisp, WolframLang Tutorial. I post mostly nerd stuff.
Brian Pak @brian_pak
2K Followers 187 Following CEO @ Theori | CMU CS '11 | Plaid Parliament of Pwning
Chocapikk 🇨🇵 @Chocapikk_
1K Followers 736 Following Pentesting Enthusiast, Hunter/Moderator at @leak_ix, Student at @OteriaCS, x18 CVEs - https://t.co/Ezbt3w1g3v Views are my own
SeanWu @seanwupi
263 Followers 70 Following
default itsec guy @bongoalex
522 Followers 523 Following just the average next door security janitor
@lecomptoirakons @AlertesInfos Rien a voir avec les musulmans je connais des mecs qui parlent comme ça et qui sont pas croyants c'est juste une mode de débiles adolescents pas encores finis
@PercheTetu @AlertesInfos Ouais, on appelle ça "les squatteurs de l'islam". ça se limite à pas manger de porc mais ça n'a jamais ouvert un coran et serait incapable de citer une seule parole de leur prophète.
👀
As expected, two variations of the so far known mXSS attacks have been spotted and new DOMPurify releases are ready to fix those. github.com/cure53/DOMPuri… github.com/cure53/DOMPuri… Many thanks to @kevin_mizu and @hash_kitten for spotting and reporting those 🙇
Le jjb est-il une arme pour tuer ? On en parlera dans le numéro spécial de 7 à 8 en présence d'Harry Roselmack Adel Cherifi c'est fort, je vous en avais parlé y a un moment.
@Haeya_chae Ok mais tu as fais tout ça pendant combien de temps ? 1h 1 jour 1 semaine ? Car pour pas perdre de poids à 1k calories par jours plus 70km par semaine c’est du domaine de la science fiction pour moi
@terjanq 🧵[6/9] This means that if we have, for example, a request containing more than 1000 GET parameters, a warning will be sent, and the CSP header won't! Trying this solution (gist.github.com/pilvar222/300c…) on remote, we can pop an alert!
@terjanq 🧵[7/9] This solution is only one among many. From the different solutions I've seen, some also used the maximum length of the parameters or files, and I wouldn't be surprised if many others are still unexplored ways to have warnings! In any case, big props to the solvers!
@terjanq @hash_kitten @haqpl @SecurityMB @arkark_ @satoki00 @Satoooon1024 @c3l3si4n @rootaux @ankursundara @Strellic_ @IcesFont @sushicomabacate @darinmao_ @blueminimal @realansgar @BrunoModificato @taramtrampam @SasukeOurad @0x22sh @frevadiscor89 @ixSly @kolokokop @damned_me_ 🧵[9/9] I hope you enjoyed the challenge! If you did, you might want to check out the talk where I presented it along with other techniques, I will post the link on my twitter as soon as the recording is published!
🧵[1/9] Time to publish the solution to this challenge! x.com/pilvar222/stat… The goal of this challenge was to find an XSS while avoiding it being blocked by the CSP sent by the PHP header() function. Let's dive into it!
This Friday, I'm presenting a novel technique as part of my talk "Secret web hacking knowledge - CTF authors hate these simple tricks". I've made a challenge about it, will you be able to pop an alert on pilv.ar ? The whole source code is in the screens below :)
Suite à la vidéo, certes impulsive, que j’ai réalisée après m’être fait voler, les choses se sont améliorées dans le quartier concerné. Moralité de l’histoire soyez toujours optimiste, voyez le bon coté des choses. Maiiis ne reproduisez pas ce que j’ai fait si vs voulez pas de pb
Released a new authenticated RCE for GLPI, specially it's plugin "order" (installed on many systems), which unserialize()'d a $_POST parameter, making RCE possible with a monolog gadget.
pluginsglpi/order disclosed a bug reported by @c3l3si4n - Patch: github.com/pluginsglpi/or… huntr.dev/bounties/dcacc… #hunter #infosec #opensource
Students in my security class joked they should just hack the server to change their grade to 100%, so I handed them my CSRF token for the gradebook and told them to have at it
@albinowax I'm sure you would be interested in this one: mizu.re/post/twisty-py… 😁
I've finally finished my writeups for #FCSC2024, which covered: - Nginx X-Accel-Redirect file read - Werkzeug error-based request smuggling - HTTP/1.1 and HTTP/0.9 browser confusion - Connection: close bypass via Expect: 100-continue - ... Link 👇 mizu.re/tag/FCSC2024 1/2
CTF is over! In the end, it was a very close call. Congrats to 🥇 @0rganizers, 🥈 @ECSC_TeamFrance & 🥉 @leetmore! Thanks everyone for participating Insomni'hack CTF 2024, #INSO24, #CTF Here's the final scoreboard.
We manage to finish at the second place at @1ns0mn1h4ck CTF finals ! Congratz to all the players and my team mates @JouetR @_Noiche @adam_le_bon @cy_nics @Vozec1 @MathisHammel & mouthon ! Again thanks a lot to the SCRT crew for the challenges ! See you next year !
DOMPurify 3.1.1 & 2.5.1 have been released. Both are security releases & should be upgraded to asap. Note: More releases might follow, the mitigated attack is novel. Eternal gratitude goes to @IcesFont for finding, reporting & helping with fixes 🙇 github.com/cure53/DOMPuri…
Enfaite js juste triste pcq il me cours pas après wallah
Trends for United States
You might like
