Sysdum @systemdumb - Twitter Profile

3 months ago

WontFix can be an RCE Goldmine SOAPwn by @chudyPB #5 in PortSwigger Web Hacking Techniques of 2025 Microsoft’s refusal to patch HttpWebClientProtocol invalid casting makes any .NET app using ServiceDescriptionImporter permanently vulnerable to arbitrary file write via malicious WSDLs. Blog link 👇 https://t.co/WmTlxocI1x

1

175

51

148

12K

systemDumb retweeted

pyn3rd

@pyn3rd

6 months ago

#CVE-2025-55182: RSC RCE — It functions as an in-memory webshell backdoor, offering a significantly more covert foothold. Please verify this again on your own endpoint.

pyn3rd's tweet photo. #CVE-2025-55182: RSC RCE — It functions as an in-memory webshell backdoor, offering a significantly more covert foothold. Please verify this again on your own endpoint. https://t.co/aOic5sCu94

7

586

71

341

55K

Sysdum @systemDumb

6 months ago

@infosec_au You're a beast dude 😎

0

4

0

2K

systemDumb retweeted

Nicolas Krassas

@Dinosn

6 months ago

Critical strike: China's hacking training grounds (PART 1) https://t.co/28pf5h7cyB

0

29

4

28

6K

Who to follow

NOPResearcher

@NopResearcher

Red Teamer, Security Researcher, Co-Lead for @redteamvillage_, @RedTeamVillage_ CTF creator

Youssef Sammouda (sam0)

@samm0uda

Security Researcher/Hacker 1st in Meta bug bounty program for 6 years Opinions are my own and not my employer's.

m0chan 🏴󠁧󠁢󠁳󠁣󠁴󠁿

@m0chan98

Scotland | Bug Bounty Hunter

systemDumb retweeted

Soroush Dalili

@irsdl

8 months ago

Using @Burp_Suite and a website playing a new trick on you? This happens but no fear (most of the times)! The screenshot here shows a Java TLS limit. Recent JDKs added jdk.tls.maxHandshakeMessageSize (default 32768 bytes) Use "-Djdk.tls.maxHandshakeMessageSize=65536" to solve this. Add this to the end of the ".vmoptions" file if you have it installed. #BurpSuite #BugBountyTip

irsdl's tweet photo. Using @Burp_Suite and a website playing a new trick on you?
This happens but no fear (most of the times)!

The screenshot here shows a Java TLS limit. Recent JDKs added jdk.tls.maxHandshakeMessageSize (default 32768 bytes)

Use "-Djdk.tls.maxHandshakeMessageSize=65536" to solve this. Add this to the end of the ".vmoptions" file if you have it installed.

#BurpSuite #BugBountyTip

0

169

14

143

14K

Sysdum @systemDumb

about 1 year ago

@mcipekci The GOAT himself 👑

0

1

0

320

systemDumb retweeted

Thrones Updates

@ThronesUpdates

almost 2 years ago

Voting for a President in America be like "choose one"

2K

306K

33K

8K

21M

Sysdum @systemDumb

about 2 years ago

@pwnEIP I want a foil version of this card. Also emotional damage OP 😂

0

42

Sysdum @systemDumb

about 2 years ago

@Chrollo_l33t @NinjaParanoid I'm in this tweet and I don't like it

0

13

Sysdum @systemDumb

over 2 years ago

Additionally, I've run into WAFs blocking or blacklisting any more than 1 directory up (e.g ../../). These paths weren't blocked. Another Java-ish payload is the popular Tomcat/nginx normalization bypass /..;/. I see it mostly present in Java apps

0

4

0

130

Sysdum @systemDumb

over 2 years ago

If you think you've found a path traversal, instead of throwing /etc/passwd and similar paths, check if the app is java-based using Wappalyzer. I've scored a few bounties by trying the following: ?file=../WEB-INF/web.xml ?file=../META-INF/MANIFEST.MF #bugbountytips #BugBounty

1

3

0

2

388

Sysdum @systemDumb

over 2 years ago

@ozgur_bbh Great write-up!

0

1

0

167

Sysdum @systemDumb

over 2 years ago

@SSgtRomaine @JackRhysider If you read the article, you would know the author is using it ironically.

0

1

0

21

Sysdum @systemDumb

almost 3 years ago

@intigriti Telerik, it's the gift that keeps on giving

0

1

0

269

Sysdum @systemDumb

almost 3 years ago

@hack1or0 @adrielsec Impact is that the victim is sent a link for a known website and it redirects you to an attacker's site that is mocked up to look like the legitimate site. They can then perform a watering hole attack to ideally obtain the victim's plaintext credentials.

0

2

0

2

56

Sysdum @systemDumb

almost 3 years ago

@NahamSec When nobody is buying MSF pro so you get into the legal business

0

8

0

814

systemDumb retweeted

adragos @adragos_

almost 3 years ago

Finished in 1st place at the Red Team CTF @ #DEFCON 31. @RedTeamVillage_ Started off playing the event solo, but I was joined in the finals by my fellow teammates from Team Europe, @sijsu and @s3np41k1r1t0 to get the win. Thank you ThreatSims and @hackthebox_eu for the event!

adragos_'s tweet photo. Finished in 1st place at the Red Team CTF @ #DEFCON 31. @RedTeamVillage_

Started off playing the event solo, but I was joined in the finals by my fellow teammates from Team Europe, @sijsu and @s3np41k1r1t0 to get the win.

Thank you ThreatSims and @hackthebox_eu for the event! https://t.co/hjlgQ0sPJJ

9

88

7

2

10K

systemDumb retweeted

RedTeamVillage

@RedTeamVillage_

almost 3 years ago

🚨 Attention 🚨 We’re asking everyone that was at the RTV CTF today in Cesar’s Forum to CHECK their swag bags. Unfortunately, someone walked away with one belonging to one of one of our volunteers. It is vital that we locate it as it contains his ID etc. DM us if located! 🙏🏾

1

85

51

2

19K

Sysdum @systemDumb

almost 3 years ago

@S1n1st3rSecuri1 Thanks for bearing with me while I fixed some things! 😅😅

1

0

16

systemDumb retweeted

RedTeamVillage

@RedTeamVillage_

almost 3 years ago

🙌🏼 Thank you to @flipper_net for adding to our epic RTV CTF prizes! #defcon

8

268

94

2

126K

Sysdum

@systemDumb

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users