Olivia
Online
Suresh Narvaneni
@MrR3boot
Content Engineering Manager | MrR3boot @ HackTheBox
India
Joined August 2013
245 Following
622 Followers
1.8K Posts
The results are in! We're proud to announce the Top ten web hacking techniques of 2024! https://t.co/XHPEeqPQLR
please share some of the most creative vulnerabilities you've read or found.
most bugs aren’t about creativity but just having the right knowledge + mindset, novel not because they were complex, but because no one had the full picture before.
I'm looking for something beyond that. a bug that truly required out-of-the-box thinking.
New writeup from @_specters_ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate.
Full disclosure:
https://t.co/e2EwvUMgqw
I’m super excited for the release. Hope you’ll learn some nice stuff 💚
Damn that was fast.
😏
ai-exploits - A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities
https://t.co/2Qb7ySDuC8
Hidden GitHub Commits and How to Reveal Them https://t.co/62Llybyl5R
That time @samwcyo and @Rhynorater hacked Starbucks and accessed almost 100M customer records via an API path traversal:
If you, like many, think relying just on `cat` command's output is enough to be sure about the integrity of a bash file. Think twice, you could get hacked. Read below 👇
In this article @rez0__ , @Rhynorater and I managed to hack @GoogleVRP AI for 50,000$
Link 👇
https://t.co/zPMJE3WVoP
Enjoy 🤟🔥
Curious about how a $20,000 OAuth bug I discovered at a Live Hacking Event last year looks like? Today you can dive into an exact replica and see for yourself!
I've collaborated with @NahamSec & @hackinghub_io to create walkthrough video + demo lab 🧪
https://t.co/LDtAFc6djX
Some really cool AWS enumeration research was released today by @dagrz that's worth reading and understanding: https://t.co/HSxHyGJ1Jb
EDRSilencer - a tool that uses Windows Filtering Platform (WFP) to block EDR agents from reporting security events to the server https://t.co/WU6mlppP3w #cyber #threathunting #infosec
I'm SO excited to kick off 2024 with the beta launch of our educational platform, @hackinghub_io with @_JohnHammond and @BuildHackSecure! Currently, we have a number of free hubs available and we'll be releasing more in the coming weeks! 👉🏼 https://t.co/l7C0lcZliL
Today I received a $12,000 bounty using the Sandwich Attack ! 🤑
The vulnerability allowed me to enumerate the API Keys of other users 🤯
How did I do that ? Well the API key was a UUIDv1. If you are not familiar with UUIDv1s you need to know that they are constructed in 6 sections:
High, Mid, Low, Clock Sequence, Node ID, and UUID version.
Interestingly, the Node ID corresponds to the MAC address of the system generating the identifier. This means that if two consequent UUIDs are generated on the same device, this part remains the same, similar to the Clock Sequence.
When High, Mid, and Low are combined, they reveal a timestamp represented in hexadecimal value.
Using some basic mathematics it's possible to subtract the offset between the Gregorian Calendar and the Julian Calendar and then divide by 1000 to get an Epoch TimeStamp.
Ok now that we know that they are generated by a timestamp + machine ID, it means that we could generate them back if we know when the API keys were created 🧐
Luckily enough the API Key that I was using was generated in a batch, meaning I could use the Sandwich Attack in order to brute force the API Keys of other users easily 🔥
If you want to know more about how I exploited the Sandwich Attack, go check my video about this on my YouTube channel 🤟
root with a single command: sudo logrotate https://t.co/XJPA3lu5gU
How we made $120k bug bounty in a year with good automation https://t.co/96jSUivMkj
Monitoring JavaScript files for bug hunting - alexvec https://t.co/IByZVnFD4x
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers
✨
⭐
💫