Nguyen The Duc

@ducnt_

Just another web warrior | Security Researcher | Sr. Security Engineer | CTF player && | Bug bounty hunter

Hồ Chí Minh, Việt Nam  
ducnt.net
Регистриран през февруари 2017 г.
12 Снимки и видеоклипове Снимки и видеоклипове

Туитове

Блокираш @ducnt_

Наистина ли искаш да видиш тези туитове? Това няма да разблокира @ducnt_

  1. Закачен туит
    8.01

    My first `double kill` at : Kudos to WordPress security team with very quickly and awesome work 🥰

    1 reply 15 харесва
    Отмяна
  2. 27.02

    Filed a duplicate with gr8 bug was found by but can reopen it with a triaged issue. Really a excited moment.

    1 reply 1 ретуит 9 харесва
    Отмяна
  3. ретуитна
    25.02

    New blog post! Here is how you can use MSBuild’s UnregisterAssembly task to execute arbitrary code in a .NET assembly. ⤵️

    1 reply 112 ретуита 211 харесва
    Отмяна
  4. ретуитна
    21.02

    Just wrote a new article about how I found a Remote Command Execution 0-day (CVE-2020-8813) via static analysis in Cacti v1.2.8 the popular infrastructure graphing solution. I also explained how to exploit it without authentication in some cases.

    13 replies 239 ретуита 614 харесва
    Отмяна
  5. ретуитна
    18.02

    Slides from my talk on iMessage exploitation: More technical details in the blog post: Great conference again, thanks team! :)

    2 replies 111 ретуита 305 харесва
    Отмяна
  6. ретуитна
    18.02

    [PoC] CVE-2020-0618 Microsoft SQL Server Reporting Services RCE Vulnerability POST /ReportServer/pages/ReportViewer.aspx HTTP/1.1 Host: target ... ... NavigationCorrector$PageState=NeedsCorrection&NavigationCorrector$ViewState=[PayloadHere]&__VIEWSTATE=

    Тази мултимедия може да съдържа неприличен материал. Научи повече
    4 replies 188 ретуита 351 харесва
    Отмяна
  7. ретуитна
    18.02

    Just published another remote code execution chain I exploited recently. I also wrote about how organizations can stop these attacks at the development stage - the key is convention over configuration.

    17 replies 211 ретуита 650 харесва
    Отмяна
  8. ретуитна
    11.02

    さんとSpectreやXS-LeaksやCross-Origin-*ヘッダーについて話しました! / ep63 Cross Origin Info Leaks

    1 reply 4 ретуита 32 харесва
    Показване на тази нишка
    Показване на тази нишка
    Отмяна
  9. ретуитна
    17.02

    Top 10 new web hacking techniques of 2019

    7 replies 769 ретуита 1 517 харесва
    Отмяна
  10. ретуитна
    13.02

    I've discovered logic privilege escalation bug on AMD User Experience Program Launcher from Radeon Software -2020-8950

    1 reply 84 ретуита 156 харесва
    Отмяна
  11. ретуитна
    11.02

    Blind SSRF exploitation En: Ru: What about port scanning using DNS-requests?

    4 replies 165 ретуита 421 харесва
    Отмяна
  12. ретуитна
    11.02

    A few small proposals for PHP 8 have been accepted: ::class Static return type Variable syntax tweaks

    11 replies 135 ретуита 331 харесва
    Отмяна
  13. ретуитна
    10.07.2018 г.

    Neatly bypassing Content Security Policy. Why 'unsafe-inline' is almost always a full-fledged XSS.

    5 replies 130 ретуита 254 харесва
    Показване на тази нишка
    Показване на тази нишка
    Отмяна
  14. ретуитна
    6.02

    DOM Clobbering strikes back by

    2 replies 90 ретуита 214 харесва
    Отмяна
  15. ретуитна
    6.02

    Thanks to research, new stuff are being released for soon - as for the features, payload minimization, raw cmd command, and auto command encoding within JSON/XML messages are being released after the PR review by

    1 reply 33 ретуита 113 харесва
    Отмяна
  16. ретуитна
    6.02

    Nice by

    13 ретуита 58 харесва
    Отмяна
  17. ретуитна
    5.02

    Checkra1n for Windows first demo!!🔥🔥 Coming Soon!!

    87 replies 306 ретуита 1 682 харесва
    Показване на тази нишка
    Показване на тази нишка
    Отмяна
  18. ретуитна
    3.02

    Here's my write-up for ’s CTF challenge!

    5 replies 29 ретуита 108 харесва
    Отмяна
  19. ретуитна
    3.02

    CVE-2020-7471: SQLI in Django: django.contrib.postgres.aggregates.StringAgg aggregation function was subject to SQL injection, using a suitably crafted delimiter. FIX:

    57 ретуита 132 харесва
    Показване на тази нишка
    Показване на тази нишка
    Отмяна
  20. ретуитна
    31.01

    , , and I are starting a new security blog. In our first write-up, we will discuss the impact of "SameSite by default" and how it affects web app sec. Feel free to request future topics you would like us to cover.

    11 replies 216 ретуита 413 харесва
    Отмяна
  21. ретуитна
    31.01

    Someone dropped a PHP zero-day on GitHub. Talked to the PHP team last night. Bug requires local foothold to exploit, so not usable for remote attacks. Also, this is the second exploit for this "disable_functions bypass" in the last few months.

    5 replies 122 ретуита 190 харесва
    Отмяна

Потребителят @ducnt_ още не е туитвал.

Изглежда зареждането отнема известно време.

Twitter може да е претоварен или да изпитва моментно затруднение. Опитай отново или виж Twitter Status за повече информация.

    Може също да харесаш

    ·