Nightsky
@kunalme44401.bsky.social
Reposted by Nightsky
If you like bounties, I highly recommend this presentation from Martin Doyhenard on novel web cache deception techniques. It comes with Web Security Academy labs too!
www.youtube.com/watch?v=70yy...
www.youtube.com/watch?v=70yy...
DEF CON 32 - Gotta Cache ‘em all bending the rules of web cache exploitation - Martin Doyhenard
YouTube video by DEFCONConference
www.youtube.com
November 26, 2024 at 2:33 PM
If you like bounties, I highly recommend this presentation from Martin Doyhenard on novel web cache deception techniques. It comes with Web Security Academy labs too!
www.youtube.com/watch?v=70yy...
www.youtube.com/watch?v=70yy...
Reposted by Nightsky
I have created a Blue Sky starter pack for @OWASP associated people here. Let me know if you are an #OWASP chapter leader, project leader, committee member, staff member, volunteer, etc and you want to be added, DM me or respond here.
go.bsky.app/Ks4c9Va
go.bsky.app/Ks4c9Va
OWASP Starter Pack
Join the conversation
go.bsky.app
November 20, 2024 at 6:30 AM
I have created a Blue Sky starter pack for @OWASP associated people here. Let me know if you are an #OWASP chapter leader, project leader, committee member, staff member, volunteer, etc and you want to be added, DM me or respond here.
go.bsky.app/Ks4c9Va
go.bsky.app/Ks4c9Va
Reposted by Nightsky
Yesterday my first PHP CVE was published: CVE-2024-11234. In some specific configurations, this vulnerability could allow for CRLF injection when using stream contexts.
sec.leonardini.dev/blog/cve-202...
Many thanks to @minimalblue.bsky.social for reviewing my original report
sec.leonardini.dev/blog/cve-202...
Many thanks to @minimalblue.bsky.social for reviewing my original report
CVE-2024-11234: Configuring a proxy in a PHP stream context might allow for CRLF injection in URIs 🐘
A vulnerability in PHP might allow an attacker to perform SSRF attacks when unsanitized user-controlled data is used in stream functions if a proxy is used.
sec.leonardini.dev
November 22, 2024 at 11:04 PM
Yesterday my first PHP CVE was published: CVE-2024-11234. In some specific configurations, this vulnerability could allow for CRLF injection when using stream contexts.
sec.leonardini.dev/blog/cve-202...
Many thanks to @minimalblue.bsky.social for reviewing my original report
sec.leonardini.dev/blog/cve-202...
Many thanks to @minimalblue.bsky.social for reviewing my original report
Reposted by Nightsky
[Mario Kart 8 Deluxe]
Here's more info on the security vulnerability that was fixed in version 3.0.3. (The bug was responsibly disclosed to Nintendo and the researchers are now allowed to talk about their findings.)
A full write-up is available here: 🔗 github.com
🐦 original post
Here's more info on the security vulnerability that was fixed in version 3.0.3. (The bug was responsibly disclosed to Nintendo and the researchers are now allowed to talk about their findings.)
A full write-up is available here: 🔗 github.com
🐦 original post
September 30, 2024 at 1:51 AM
[Mario Kart 8 Deluxe]
Here's more info on the security vulnerability that was fixed in version 3.0.3. (The bug was responsibly disclosed to Nintendo and the researchers are now allowed to talk about their findings.)
A full write-up is available here: 🔗 github.com
🐦 original post
Here's more info on the security vulnerability that was fixed in version 3.0.3. (The bug was responsibly disclosed to Nintendo and the researchers are now allowed to talk about their findings.)
A full write-up is available here: 🔗 github.com
🐦 original post
Reposted by Nightsky
Does anyone want to spend Friday having lots of fun? Here's your chance - ctf.patchstack.com, #CTF challenge organized by @patchstack.com, but all challenges are made by the Patchstack Alliance community of #ethical #hackers, #security #researchers, and #developers 🤩 Of course, there are prizes! 🤑
Patchstack CTF
ctf.patchstack.com
November 22, 2024 at 8:26 AM
Does anyone want to spend Friday having lots of fun? Here's your chance - ctf.patchstack.com, #CTF challenge organized by @patchstack.com, but all challenges are made by the Patchstack Alliance community of #ethical #hackers, #security #researchers, and #developers 🤩 Of course, there are prizes! 🤑