Olivia
Online
Dani Kachakil
@Kachakil
Principal Security Engineer at @Anvil_Secure, CTF player and member of #int3pids, among other things...
Valencia (Spain)
Joined April 2010
291 Following
2.1K Followers
935 Posts
Pinned Tweet
Last year I published 3 high-severity vulnerabilities in Android (https://t.co/CtO33AjDPg)
I did some additional research and reported new similar issues some months ago. These advisories are now public:
https://t.co/bacP0OTRFg
https://t.co/XCbIflUG11
https://t.co/TlGBVJVSmx
🔍 New research: AQL injection in #ArangoDB
Daniel Kachakil provides a definitive guide to #AQL injection and introduces aqlmap, a new open-source exploitation tool.
Read the research: https://t.co/TZUUoiU4Vj
#InfoSec #ApplicationSecurity
In a new blog post, @anvil_secure Principal Security Engineer Daniel Kachakil shares how he found and disclosed multiple XSS vulnerabilities in an open-source set of components, jSuites.
He explains how issues like these can appear even in modern frameworks and what developers can learn from them.
Read here: https://t.co/T5bK4hb5RA
#AppSec #CyberSecurity
Our latest blog is now live courtesy of @Kachakil! After an accidental discovery and no small amount of poking around, Daniel wrote up his experience identifying and reporting vulnerabilities in the Homepage dashboard. Check it out here: https://t.co/IEn1JsTgcG
Who to follow
☠ Román Medina-Heigl Hernández
@roman_soft
CyberSecurity junkie since 1993. Manager, strategist/advisor and engineer. CTF player (#int3pids). Occasional researcher. Ex-Founder #RootedCon. Always learning
Jose Luis Verdeguer
@pepeluxx
Computers engineer. VoIP and security enthusiast. #opensource #kamailio #asterisk #voip #linux #hacking #security #sippts
Juan Garrido
@tr1ana
Trianero de nacimiento
Come join us on a hunt! The worlds of Offensive Security and Gaming collide in our latest blog post from @LautaroFain. Check it out here: https://t.co/E8YtHQ2J0o
Congratulations to Anvil's Tao Sauvage on his presentation today @HITBSecConf in Amsterdam! Check out how Tao was able to find vulnerabilities by reversing the firmware on his Garmin Forerunner 245 Music #Security #ReverseEngineering https://t.co/2CtdJ3MUNe
@WebSecAcademy This lab https://t.co/VEB2xD5ZYH can be solved doing something like this:
POST /my-account/change-address ...
{"sessionId":"xxxx", "isAdmin":true}
I think this unintended solution should be avoided from your side, to force exploiting it via prototype pollution
A little curiosity can go a long way. Check out Anvil's newest blog from our CTO, Vincent Berg - Userland Execution of Binaries Directly from Python #RedTeam #AntiForensics https://t.co/5HsoQKbTfZ
@garethheyes Thanks to @hahwul, @p4fg, @NotSoSecure, @kachakil, @davwwwx, @laytonctf and @ladecruze for all your excellent contributions to the XSS cheat sheet!
HOOT! HOOT! Our owl @TheXC3LL published the write up for our first challenge. Go and check if you were close to solve it!
In the land of PHP you will always be (use-after-)free
https://t.co/wSxfy0nSLT
🚨 New Research! 🚨
Our Principal Security Engineer @Kachakil has put together a fantastic series on breaking AngularJS. Stay tuned for part 2!
https://t.co/Pz1Bx0YKq5
I guess it is not a secret anymore. We changed our name...and our logo....and we have a new website. Still hiring 😍https://t.co/dTHNJIhIqL
You may want to fix that additional XSS, since it's not being exploited in the "official" solution and it doesn't make use of the specific technique described in the learning materials for this lab.
@WebSecAcademy I finally found some time to catch up with the latest labs. Since I don't read the solutions unless I'm stuck, I found a much easier way (unintended?) to solve https://t.co/IEjCPOUDqu in a single step:
GET /login?lang=en?utm_content='/><script>alert(1)</script><a
Wash your hands and sanitize your inputs securely!
Twitterverse, I need your help! We are looking for different roles in CounterCraft. Please have a look to https://t.co/kPHFSUkliz and let me know if you have any questions! If you are in San Sebastián great, but we also accept remote workers. RT please!
@daniel_rome Thanks, Dani! I hope so!
Last Friday was officially my last day with IOActive. I'll always be grateful to the ones who gave me this opportunity, and I'll never forget this experience.
After 4 years and 9 months, I'm off to another exciting adventure starting in the next few days. I'll keep you posted!
@irsdl Maybe monitoring the LastAccess property (using FSW)? It won't differentiate between reads and writes, so it doesn't seem to be a perfect solution. You may need to use other approaches (unmanaged code), like the ones that Sysintenals ProcMon implement... I never did it myself ☹️
@irsdl This approach makes sense to me too. But you're right, since everything has different pros and cons. It's all about optimising the bottlenecks, apply parallelism or distributed computing if possible, or simply assume that it'll take longer than expected 😄
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers