Collision – The VNG Security Response Center was able to execute a 2-bug chain against the QNAP TS-464. However, the exploit they used was previously known. They still earn $5,000 and 1 Master of Pwn point. #Pwn2Own
We're really happy to share our improvements and some experiments for the CookieMonster tool.
Weaponizing Monster for Cookies Attacks: https://t.co/zUlvGEHTkr
Also include burp-extender plugin for burp suite. Hope you guys enjoy it.
~Cheers,
VSRC
Ladies and Gentlemen: The new Dojo opens to welcome black belt Hackers to fight for honor!!! #VSRC
Liferay revisited: A tale of 20k$. https://t.co/Opa58lorMO
Hope you guys enjoy it and stay tuned for more technique writeups / blogs / exploits ... will come.
~Cheers,
VSRC
1/10 - I've been doing offensive security source code review for a long time now, and along the way I've learnt a lot of lessons that can make you more effective. Some of them include:
I've released the first episode of Bug Bounty Redacted today (Exposed Redis & HAProxy):
https://t.co/AA0xlUE1k2
This series walks you through real bug bounty reports that were rewarded, and explains the discovery process, and reporting process in detail.
New episodes Monthly!
Polaris rolled out protection for our customers using our Web Application & API Protection against log4j2 vulnerability (CVE-2021-44228). We have refined the rules to block more advanced WAF bypass payloads.
https://t.co/0mqG7cszAx
Slides for our(@rootxharsh) BSides AMD talk
Felt good sharing on the speakerdeck because I learned a lot of cool stuff from Filedescriptor's and Masato's slides on speakerdeck.
https://t.co/mCAceSj6Qh
Our Pre-Auth RCE exploit for Atlassian Confluence (CVE-2021–26084) was leaked after reporting it to @VMware. They have refused to admit the leak and ignored our emails.
https://t.co/cwainPWv9y