‼️ The axios lead maintainer has gone public on how he was socially engineered into installing the malware behind the npm supply chain attack.
We have example images showing exactly how the attack was staged.
ReconFTW v4 is now available 🚀🚀🚀
Biggest release so far: major refactor + modular pipeline, improved DNS handling, new runtime modes/flags, revamped output, better parallelization, plus tests and CI/CD integration.
https://t.co/2diafFr1wr
Docs: https://t.co/tIDA3VAR0q
🎉Giving away 5x yearly bbradar[.]io Pro subs!
👉Get Live notifications on Discord for new programs and scope changes.
👉Search for assets and find matching programs.
👉View Latest assets/targets/scopes.
To enter:
✅Follow @Kle0z .
✅Like this post.
✅Share this post.
Winners will be announced on the 30th Of January.
this grew a bit more than I expected, so I moved everything into a repo and added @ollama (local) + @GeminiApp backends apart from the existing @OpenAI Codex.
same @Burp_Suite mcp setup, just easier to reuse
Enjoy it!
https://t.co/MMj2lJn7AF
#bugbounty#pentest#burp#hacking
@Advik_Kant Think that any BYPASS that works this way, works because the WAF cannot handle request with this size, while the server can, so first leaves request without inspection. If both buffers are sync, this method probably wont work :)
Fortinet #WAF#bypass for SQLI
-----------------------------------
I recently came to an SQLi blocked by a Fortinet WAF and all my initial attempts to bypass via Encoding was unsuccessful.
I finally was able to bypass simply appending more than 1K of junk.
@sec_jota@corraldev Todo esto me hace ver el curso con malos ojos: Mal timing, título caza-promesas, (desde mi punto de vista) enfoque incorrecto, excesivamente caro... Y todo eso lo hace, para mí, en algo mal enfocado. Y de verdad, ojalá me equivoque y sirva para formar a la gente.
(7-bonus).
@sec_jota@corraldev Voy a responder, y así dejo mas clara mi opinión Creo que nadie os ha tachado de scammers. Es más, creo que de verdad, vosotros estáis aprovechando una oportunidad laboral ,y los ponentes seáis de lo que más valor aportéis. 1/6