Pinned
André Baptista
1,656 posts
André Baptista
@0xacb
Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm. Co-founder @ethiack
- DMARC can reveal more domains associated with a target. dmarc.live/info/<target-domain> allows you to find domains using the same DMARC record. Check it out 👇 There's also a python tool: github.com/Tedixx/dmarc-s…
00:00 - Found an XSS but got blocked by the CSP? cspbypass.com has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇
00:00 - Just released viewgen, a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys or web.config files. All algorithms supported. TL;DR: Got a web.config file or LFI on ASP.NET? Pop a shell! github.com/0xACB/viewgen
- We did it 🔥 RCE on Steam Client! We’ll publish a writeup if we have permissionGot a nice bufferoverflow on steam, but unable to exploit due all the added null bytes :’(
- Have you used @rez0__'s ffufai yet? It's like ffuf but ffufai it automatically suggests file extensions for fuzzing based on the target URL and its headers! It's awesome 🔥
- I'm back with a new tool. Happy to release REcollapse! Simple bypasses can result in impactful bugs in hardened targets. Wanna understand how? Check out my blog post and slides from @Bsideslisbon 2022: 0xacb.com/2022/11/21/rec… github.com/0xacb/recollap…
- This email domain confusion technique from @garethheyes is so cool! Some really weird behavior can be found between different mail agents and the right characters/symbols 🤔
- Hidden or disabled fields are commonly overlooked, but they can still open the door to some cool bugs. Try creating a bookmarklet to instantly reveal these fields. Here are some quick examples you can copy and paste: 🔖 Enable all disabled or readonly fields:
00:00 - This @bishopfox tool is next level! 🚀 Eyeballer uses AI to analyze screenshots and sorts them into categories based on appearance, including: 👀 Old-looking pages, 👀 Login pages, 👀 404 responses 👀 Web apps 👀 Parked domains Get your eyeballs around this👇
00:00 - Nginx normalizes paths (/../, %2e, etc.) before applying access rules like: location = /admin { deny all; } But backends like Node.js or PHP handle decoding again, and differently. Requesting /;admin or /admin%2f..%2f might bypass Nginx’s block, but get normalized to /admin by
- RFC 2047 "encoded-word" is crazy! It lets you smuggle encoded payloads into email addresses and the craziest thing is that some parsers decode it before validation 👇 Shout out to @garethheyes for this 🔥
00:00 - GitHub Desktop RCE (OSX) Bug Bounty writeup: pwning.re/2018/12/04/git… Thank you @GitHubSecurity for the bounty!
- When testing GraphQL APIs make sure to run graphw00f (github.com/dolevf/graphw0…) to fingerprint the specific GraphQL implementation the application is running. Then you can review the Threat Matrix to get likely attack vectors.
00:00
