Ivan Chalykin @igc_iv - Twitter Profile

Ivan Chalykin @igc_iv

over 3 years ago

@w34kp455 only realtime demo, only hardcore!

0

2

0

igc_iv retweeted

Sachin Thakuri @sachinnthakuri

over 4 years ago

A blog by me & @1lastBr3ath discussing our findings we presented in Black Hat Europe #BHEU talk titled “Exploiting CSP in Webkit to break Authentication/Authorization”. Find out how we made more than $100k in bug bounties with a bug ignored by Apple. https://t.co/vN2b5v7k5s

4

370

173

114

0

Ivan Chalykin @igc_iv

over 5 years ago

@hackerscrolls Also there is an article about it from @antyurin https://t.co/TESuKtuZsh

0

5

1

3

0

igc_iv retweeted

Hack3rScr0lls @hackerscrolls

over 5 years ago

Found a hidden HTTP param? Look deeper, maybe there is a mass assignment/autobinding vulnerability. Sometimes changes in objects are hidden too and you need to closely explore the app. Source: https://t.co/9lURrqkxVh #CyberSecurity #BugBountyTip #BugBounty

hackerscrolls's tweet photo. Found a hidden HTTP param? Look deeper, maybe there is a mass assignment/autobinding vulnerability.

Sometimes changes in objects are hidden too and you need to closely explore the app.

Source:
https://t.co/9lURrqkxVh

#CyberSecurity #BugBountyTip #BugBounty https://t.co/jFxd4OvW3J

2

269

83

81

0

Who to follow

Omar "Beched" Ganiev

@theBeched

Security research, mathematics, programming | Co-Founder @DecurityHQ

Raz0r

@theRaz0r

CTO & Co-founder @DecurityHQ

Vahagn Vardanian

@vah_13

CTO at @redraysio

Ivan Chalykin @igc_iv

over 5 years ago

@kannthu1 Yes, but only two months :)

1

0

igc_iv retweeted

Hack3rScr0lls @hackerscrolls

over 5 years ago

We often get confused how Samesite affects cookies in different attacks in modern browsers. So, we have made a memo and now share it with you. #CyberSecurity #BugBountyTip #BugBounty

hackerscrolls's tweet photo. We often get confused how Samesite affects cookies in different attacks in modern browsers. So, we have made a memo and now share it with you.

#CyberSecurity #BugBountyTip #BugBounty https://t.co/n6HsV6W9PQ

6

384

155

89

0

igc_iv retweeted

Hack3rScr0lls @hackerscrolls

over 5 years ago

We have combined all the tricks we know about SSRF into a single mindmap. If we missed something, write about it in the comments! High resolution: https://t.co/Gub9KUoiGY XMind source: https://t.co/pAtT0WVFAY #CyberSecurity #BugBountyTip #BugBounty

hackerscrolls's tweet photo. We have combined all the tricks we know about SSRF into a single mindmap.

If we missed something, write about it in the comments!

High resolution: https://t.co/Gub9KUoiGY
XMind source: https://t.co/pAtT0WVFAY

#CyberSecurity #BugBountyTip #BugBounty https://t.co/VA0k0gT8gp

4

1K

533

421

0

igc_iv retweeted

МимоКрокодил @m1mo_croc

over 5 years ago

Вышел выпуск подкаста №4. Наконец cобрались обсудить давно интересующу нас тему: менджмент и бизнес - особенности данных веток таланов для пентестера. Есть ли вобще другие? Уже разлит по площадкам https://t.co/llifUd6Smx https://t.co/gIafCnjCoP https://t.co/lYt7882Skq

0

5

0

igc_iv retweeted

Sergey Toshin @_bagipro

over 5 years ago

#bugbountytips One more way to increase the impact of opening arbitrary URLs in a built-in WebView is Universal XSS. They are widespread on #android! Steps:

1

126

39

50

0

igc_iv retweeted

Hack3rScr0lls @hackerscrolls

over 5 years ago

Have you ever wonder about fast and easy-to-use SOCKS proxy over DNS? Here it is https://t.co/2eVTTRvbtw from @fbk_cs You don't even need to compile it! #CyberSecurity #RedTeam #Pentest

hackerscrolls's tweet photo. Have you ever wonder about fast and easy-to-use SOCKS proxy over DNS?

Here it is
https://t.co/2eVTTRvbtw from @fbk_cs

You don't even need to compile it!

#CyberSecurity #RedTeam #Pentest https://t.co/hmtBl9c8yZ

1

182

56

35

0

igc_iv retweeted

Hack3rScr0lls @hackerscrolls

over 5 years ago

CSRF in 120 seconds! As you remember Cookies without SameSite are treated as SameSite=LAX in Chrome. But there is one exception that can be used as a temporary policy bypass. More detailed examples: https://t.co/zQoCeQrGfF by @RenwaX23 #CyberSecurity #BugBountyTip #BugBounty

hackerscrolls's tweet photo. CSRF in 120 seconds!

As you remember Cookies without SameSite are treated as SameSite=LAX in Chrome.

But there is one exception that can be used as a temporary policy bypass.

More detailed examples: https://t.co/zQoCeQrGfF by @RenwaX23

#CyberSecurity #BugBountyTip #BugBounty https://t.co/yYH2mv8Sbr

0

281

84

78

0

Ivan Chalykin @igc_iv

over 5 years ago

@S1r1u5_ Nice nice! But is it possible to clear history?

0

3

0

igc_iv retweeted

Hack3rScr0lls @hackerscrolls

over 5 years ago

Using other hosts as a gateway, sometimes, you can get access to other VLANs or bypass the firewall. That is a task for gateway-finder! Check the improved version by @whitel1st: https://t.co/xyXxMdYHGA #CyberSecurity #Pentest #RedTeam

hackerscrolls's tweet photo. Using other hosts as a gateway, sometimes, you can get access to other VLANs or bypass the firewall.

That is a task for gateway-finder!

Check the improved version by @whitel1st:
https://t.co/xyXxMdYHGA

#CyberSecurity #Pentest #RedTeam https://t.co/sKmMFQgzsS

2

259

93

50

0

igc_iv retweeted

Hack3rScr0lls @hackerscrolls

over 5 years ago

Were you surprised when your cross-domain attack didn't work? Meet the new reality with SameSite Cookies. Now Chrome and Safari recognize Cookies without the SameSite attribute as SameSite=Lax by default. #CyberSecurity #BugBounty #BugBountyTip

hackerscrolls's tweet photo. Were you surprised when your cross-domain attack didn't work?

Meet the new reality with SameSite Cookies.

Now Chrome and Safari recognize Cookies without the SameSite attribute as SameSite=Lax by default.

#CyberSecurity #BugBounty #BugBountyTip https://t.co/NPxw2g3C8A

2

167

74

33

0

igc_iv retweeted

Ivan at Wallarm / API security solution

@d0znpp

over 5 years ago

Meet JWT heartbreaker! A Burp extension that finds thousands of weak JWT secrets https://t.co/pI2HSJIIyG

0

345

167

102

0

igc_iv retweeted

Hack3rScr0lls @hackerscrolls

over 5 years ago

Got root access to a server? Run 3snake and grab the attention to the server. Wait for admins and grab their ssh passwords! https://t.co/L6yPqunVpy Trick by @cherboff #redteam #cybersecurity #Pentest

hackerscrolls's tweet photo. Got root access to a server? Run 3snake and grab the attention to the server. Wait for admins and grab their ssh passwords!

https://t.co/L6yPqunVpy

Trick by @cherboff

#redteam #cybersecurity #Pentest https://t.co/As6s6AUVjR

0

552

189

122

0

igc_iv retweeted

Hack3rScr0lls @hackerscrolls

over 5 years ago

Yet another trick about CORS! Do not forget to check Origin: null #CyberSecurity #BugBountyTip #BugBounty

0

362

143

98

0

igc_iv retweeted

Hack3rScr0lls @hackerscrolls

almost 6 years ago

Incredible mindmap about hacking iOS applications by @hd_421 Pay attention, we have prepared two versions: 1. Full Security Assessments 2. Shorter BugBounty version XMind source: https://t.co/52We9OSiFI #CyberSecurity #BugBountyTip #BugBounty #iOS

hackerscrolls's tweet photo. Incredible mindmap about hacking iOS applications by @hd_421

Pay attention, we have prepared two versions:
1. Full Security Assessments
2. Shorter BugBounty version

XMind source:
https://t.co/52We9OSiFI

#CyberSecurity #BugBountyTip #BugBounty #iOS https://t.co/f5MFHrU41V

1

691

311

196

0

igc_iv retweeted

Hack3rScr0lls @hackerscrolls

almost 6 years ago

Found a Stored Self-XSS? Chain it with Login/Logout CSRF and increase the impact! Few examples: https://t.co/K3Wo9RObmJ https://t.co/ogj06AysSN https://t.co/Ut8EN9qkcc #BugBounty #CyberSecurity #BugBountyTip #XSS

hackerscrolls's tweet photo. Found a Stored Self-XSS? Chain it with Login/Logout CSRF and increase the impact!

Few examples:
https://t.co/K3Wo9RObmJ
https://t.co/ogj06AysSN
https://t.co/Ut8EN9qkcc

#BugBounty #CyberSecurity #BugBountyTip #XSS https://t.co/3GuiSG5v6q

2

247

107

76

0

Ivan Chalykin

@igc_iv

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users