I recently developed and posted about a technique called "First sequence sync", expanding @albinowax's single packet attack.
This technique allowed me to send 10,000 requests in 166ms, which breaks the packet size limitation of the single packet attack.
https://t.co/puM7hZWIlE
@AmazonHelp I have not received any email from the OFM team. I have provided the docs on Amazon itself and I can't reply to your "no-reply" email address. DM me please?
A thread of my journey in web3 security in 2022. From noob to security engineer in 1 year.
1.
Discovered the world of web3 security in January with damn vulnerable defi
https://t.co/agIVVfX5My
⚠️ Zimbra Mail pre-auth RCE via Path Traversal bug in unrar (CVE-2022-30333). This is probably my most impactful bug so far, especially after Zimbra has been the target of a 0day campaign likely conducted by a state actor. More details in this blog post: https://t.co/8v0ujC1Nyl
Very simple POC for Atlassian Confluence Pre-Auth OGNL Injection && RCE (CVE-2022-26134)
Setup a pre-built environment to test it in 5 seconds: https://t.co/oH6GJ1mel1
Why 5 minutes not 10 seconds? Because you should apply a trial license from Atlassian😂#vulhub
reproduced, awesome! from owned (or just freshly created) computer account to domain admin in couple of steps using ADCS by exploiting CVE-2022-26923 reported and documented by @ly4k_. patch DCs ASAP! :)
It's easy to find attack surfaces that others haven't.
You just need to think creatively.
"But Corben, I don't know how!"
That's what I'm here for.
I'll share some simple methodology that works.
(so you can find vulnerabilities...and make money)
A story: