Nguyen The Duc

@ducnt_

Just another web warrior ⚔️ | Security Researcher | Sr. Security Engineer | CTF player && | Bug bounty hunter

Hồ Chí Minh, Việt Nam  
ducnt.net
Participa desde fevereiro de 2017
17 Fotos e vídeos Fotos e vídeos

Tweets

Você bloqueou @ducnt_

Tem certeza de que deseja ver estes Tweets? Visualizar os Tweets não desbloqueará @ducnt_

  1. Tweet Fixado
    31 de mar.

    I really happy to share an article that bypass Akamai web application firewall and exploit a SQL Injection vulnerability. Hope this article will help someone in the same situation :).

    8 respostas 60 retweets 154 curtiram
    Mostrar esta sequência
    Mostrar esta sequência
    Desfazer
  2. retweetou
    28 de mai.

    LOL.

    52 respostas 1.734 retweets 5.405 curtiram
    Desfazer
  3. retweetou
    27 de mai.

    Cross origin access with exception object + full exploit (reward: $25633)

    67 retweets 240 curtiram
    Desfazer
  4. retweetou
    25 de mai.

    Last month, I found a DOM XSS that led to RCE in . Here is the write-up: Most of the credit goes to

    14 respostas 239 retweets 639 curtiram
    Mostrar esta sequência
    Mostrar esta sequência
    Desfazer
  5. retweetou
    26 de mai.

    An impossible lab has been solved! Congratulations to who solved the attribute context arbitrary code lab. With the following solution: ?a=`+alert(document.domain);//&x=%22oncut=%22eval(%27`%27%2bURL)' the length limit has now been reduced to 20.

    3 respostas 83 retweets 391 curtiram
    Desfazer
  6. retweetou
    25 de mai.

    Abusing Microsoft Outlook 365 to Capture NTLM

    3 respostas 158 retweets 322 curtiram
    Desfazer
  7. retweetou
    25 de mai.

    SSRF + CRLF + HTTP Pipeline + Docker API = RCE… How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber

    4 respostas 355 retweets 839 curtiram
    Desfazer
  8. retweetou
    22 de mai.

    Thanks Safari :D XSS via hash is back!!

    1 resposta 40 retweets 117 curtiram
    Desfazer
  9. retweetou
    22 de mai.

    WinRAR <3

    84 respostas 2.172 retweets 9.773 curtiram
    Desfazer
  10. retweetou
    22 de mai.

    CVE-2020-9484 Tomcat RCE漏洞分析

    1 retweet 9 curtiram
    Desfazer
  11. retweetou
    21 de mai.

    Here is a write-up of a very interesting RCE bug I found on Google Cloud Deployment Manager for the :

    12 respostas 297 retweets 731 curtiram
    Desfazer
  12. retweetou
    20 de mai.

    Aerial ‘smoke screen’ used to protect ships in battle in the 20th century.

    122 respostas 4.418 retweets 19.723 curtiram
    Desfazer
  13. retweetou
    15 de mai.

    I blogged about some interesting behavior which lead to an internal auth bypass. Smuggling HTTP headers through reverse proxies:

    3 respostas 72 retweets 171 curtiram
    Mostrar esta sequência
    Mostrar esta sequência
    Desfazer
  14. retweetou
    19 de mai.

    Increasing disk and memory size make Integer Overflow great again🤣

    The end is near. 2020 does not forgive. "15 years later: Remote Code Execution in qmail (CVE-2005-1513)"
    15 retweets 90 curtiram
    Desfazer
  15. retweetou
    5 de fev.

    Text fragments will soon be available in Chromium land. You can then use `#:~:text=` to highlight certain text. 😲 🔗 Chrome status: 🔗 Spec: Video alt: Usage of text fragments to highlight text on wikipedia

    10 respostas 179 retweets 441 curtiram
    Mostrar esta sequência
    Mostrar esta sequência
    Desfazer
  16. retweetou
    16 de mai.

    😮 Google open sourced their fuzzing dictionaries!

    12 respostas 762 retweets 1.978 curtiram
    Desfazer
  17. retweetou
    18 de mai.

    DEFCON web solution (except grad school)

    4 respostas 24 retweets 59 curtiram
    Mostrar esta sequência
    Mostrar esta sequência
    Desfazer
  18. retweetou
    16 de mai.

    I made a tool to generate Sec/Dictionary files for content discovery by scrapping GitHub for File/Folder Names and GET/POST & HTTP from PHP files. So far its examined 5,256,950 files from 39069 repositories, check the results

    9 respostas 223 retweets 570 curtiram
    Mostrar esta sequência
    Mostrar esta sequência
    Desfazer
  19. retweetou
    12 de mai.

    One more to the pocket : CVE-2020-0901 - TALOS-2020-1015 Microsoft Office Excel s_Schema Code Execution Vulnerability

    27 retweets 62 curtiram
    Desfazer
  20. retweetou
    12 de mai.

    9 respostas 176 retweets 668 curtiram
    Desfazer
  21. 12 de mai.

    I and my teammate really happy to share our latest research / doing bug bounty about WAF exploit / bypass. This is a popular WAF application from a vendor in Vietnam, hope you like it 🥰.

    1 retweet 10 curtiram
    Desfazer

@ducnt_ ainda não tweetou.

O carregamento parece estar demorando.

O Twitter deve estar sobrecarregado ou passando por algum problema momentâneo. Tente novamente ou acesse o Status do Twitterpara obter mais informações.

    Você também pode gostar

    ·