Tweets
- Tweets
- Tweets & replies
Waiting for Mortal Kombat X http://www.gamespot.com/mortal-kombat-x/ … #Fatality
Afaik, the biggest #FB payout for a single bug is 33K$ for @reginaldojsf XXE. So maybe I just got the 2nd position with this 20K$ one :-)
Chrome XSS vector by using BASE tag <base href="javascript:\"> <a href="//%0aalert(/@irsdl/);//">works in Chrome</a> http://jsfiddle.net/yj8yt8Lo/
The X-Frame-Options header is going away. https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options …
WebEdition CMS Captcha Gone Wrong or How To Execute PHP Code Through Your Captcha https://www.sektioneins.de/en/blog/14-09-05-webedition-captcha-code-execution-vulnerability.html …
RT @whitehatsec: Large Scale DNS Research http://bit.ly/1lG79TX #video via @RSnake
Check out the Facebook CTF at BruCon!
Two @SpiderLabs members accepted for BlackHat Europe @orenhafif on RFD http://ubm.io/1tqY9Vv & @BenHayak on SOME http://ubm.io/1ug1Uei
I hacked my own iCloud for $200 http://mashable.com/2014/09/04/i-hacked-my-own-icloud-account/?utm_cid=mash-com-Tw-main-link …
I Finished Tomb Raider: Definitive Edition on PS4, Now time to play The Last of Us: Remastered http://www.ign.com/games/the-last-of-us/ps4-20015419 … Amazing Games! #PS4
Same Origin Method Execution (SOME) - Exploiting a Callback for Same Origin Policy Bypass by @BenHayak at #BHEU http://ow.ly/ASsNX
[exclusive]: zANTI2 is free & doesn't require credits ! Download APK before the public release later today https://zantiapp.com/zANTI2.apk #zANTI2
.@Zimperium Updates Its Security Suite To Protect Employees’ iOS Devices From Cyberattacks http://techcrunch.com/2014/08/29/zimperium-updates-its-security-suite-to-protect-employees-ios-devices-from-cyberattacks/?ncid=twittersocialshare … via @techcrunch
Zimperium updates its security suite to protect employees' iOS devices from cyberattacks http://tcrn.ch/1pr2bvv
SOME - "Same Origin Method Execution" https://www.blackhat.com/eu-14/briefings.html#same-origin-method-execution-some-exploiting-a-callback-for-same-origin-policy-bypass … Awesome stuff by @BenHayak
Example of incomplete XXE fix (missing external-parameter-entities=false) in RESTeasy https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83 … // cc @Nirgoldshlager
With new web based attack “RFD” files are downloaded without ever being uploaded - #BHEU Briefing by @orenhafif http://ow.ly/ASrpY
Twitter may be over capacity or experiencing a momentary hiccup.
Visit Twitter Status for more information.