Nguyen The Duc

@ducnt_

Just another web warrior ⚔️ | Security Researcher | Sr. Security Engineer | CTF player && | Bug bounty hunter

Hồ Chí Minh, Việt Nam  
ducnt.net
Sumali noong Pebrero 2017
17 Larawan o video Mga larawan at video

Mga Tweet

Binlock mo si @ducnt_

Sigurado ka bang gusto mong tingnan ang mga Tweet na ito? Hindi maa-unblock ng pagtingin ang mga Tweet ni @ducnt_

  1. Naka-pin na Tweet
    Mar 31

    I really happy to share an article that bypass Akamai web application firewall and exploit a SQL Injection vulnerability. Hope this article will help someone in the same situation :).

    8 sagot 60 retweet 154 (na) gusto
    Ipakita ang thread na ito
    Ipakita ang thread na ito
    I-undo
  2. Ni-retweet ni
    May 28

    LOL.

    52 sagot 1,734 mga retweet 5,405 gusto
    I-undo
  3. Ni-retweet ni
    May 27

    Cross origin access with exception object + full exploit (reward: $25633)

    67 retweet 240 gusto
    I-undo
  4. Ni-retweet ni
    May 25

    Last month, I found a DOM XSS that led to RCE in . Here is the write-up: Most of the credit goes to

    14 mga sagot 239 mga retweet 639 (na) gusto
    Ipakita ang thread na ito
    Ipakita ang thread na ito
    I-undo
  5. Ni-retweet ni
    May 26

    An impossible lab has been solved! Congratulations to who solved the attribute context arbitrary code lab. With the following solution: ?a=`+alert(document.domain);//&x=%22oncut=%22eval(%27`%27%2bURL)' the length limit has now been reduced to 20.

    3 sagot 83 retweet 391 gusto
    I-undo
  6. Ni-retweet ni
    May 25

    Abusing Microsoft Outlook 365 to Capture NTLM

    3 sagot 158 retweet 322 gusto
    I-undo
  7. Ni-retweet ni
    May 25

    SSRF + CRLF + HTTP Pipeline + Docker API = RCE… How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber

    4 mga sagot 355 retweet 839 (na) gusto
    I-undo
  8. Ni-retweet ni
    May 22

    Thanks Safari :D XSS via hash is back!!

    1 sagot 40 retweet 117 gusto
    I-undo
  9. Ni-retweet ni
    May 22

    WinRAR <3

    84 mga sagot 2,172 retweet 9,773 gusto
    I-undo
  10. Ni-retweet ni
    May 22

    CVE-2020-9484 Tomcat RCE漏洞分析

    1 retweet 9 (na) gusto
    I-undo
  11. Ni-retweet ni
    May 21

    Here is a write-up of a very interesting RCE bug I found on Google Cloud Deployment Manager for the :

    12 sagot 297 retweet 731 gusto
    I-undo
  12. Ni-retweet ni
    May 20

    Aerial ‘smoke screen’ used to protect ships in battle in the 20th century.

    122 sagot 4,418 retweet 19,723 gusto
    I-undo
  13. Ni-retweet ni
    May 15

    I blogged about some interesting behavior which lead to an internal auth bypass. Smuggling HTTP headers through reverse proxies:

    3 sagot 72 retweet 171 gusto
    Ipakita ang thread na ito
    Ipakita ang thread na ito
    I-undo
  14. Ni-retweet ni
    May 19

    Increasing disk and memory size make Integer Overflow great again🤣

    The end is near. 2020 does not forgive. "15 years later: Remote Code Execution in qmail (CVE-2005-1513)"
    15 retweet 90 gusto
    I-undo
  15. Ni-retweet ni
    Peb 5

    Text fragments will soon be available in Chromium land. You can then use `#:~:text=` to highlight certain text. 😲 🔗 Chrome status: 🔗 Spec: Video alt: Usage of text fragments to highlight text on wikipedia

    10 sagot 179 mga retweet 441 gusto
    Ipakita ang thread na ito
    Ipakita ang thread na ito
    I-undo
  16. Ni-retweet ni
    May 16

    😮 Google open sourced their fuzzing dictionaries!

    12 sagot 762 retweet 1,978 gusto
    I-undo
  17. Ni-retweet ni
    May 18

    DEFCON web solution (except grad school)

    4 mga sagot 24 mga retweet 59 (na) gusto
    Ipakita ang thread na ito
    Ipakita ang thread na ito
    I-undo
  18. Ni-retweet ni
    May 16

    I made a tool to generate Sec/Dictionary files for content discovery by scrapping GitHub for File/Folder Names and GET/POST & HTTP from PHP files. So far its examined 5,256,950 files from 39069 repositories, check the results

    9 mga sagot 223 retweet 570 gusto
    Ipakita ang thread na ito
    Ipakita ang thread na ito
    I-undo
  19. Ni-retweet ni
    May 12

    One more to the pocket : CVE-2020-0901 - TALOS-2020-1015 Microsoft Office Excel s_Schema Code Execution Vulnerability

    27 retweet 62 gusto
    I-undo
  20. Ni-retweet ni
    May 12

    9 mga sagot 176 mga retweet 668 gusto
    I-undo
  21. May 12

    I and my teammate really happy to share our latest research / doing bug bounty about WAF exploit / bypass. This is a popular WAF application from a vendor in Vietnam, hope you like it 🥰.

    1 retweet 10 gusto
    I-undo

Hindi pa nagtu-Tweet si:@ducnt_.

Ang paglo-load ay mukhang natatagalan.

Maaaring lumagpas na sa kapasidad ang Twitter o nakakaranas ng panandaliang problema. Subukan muli o bisitahin ang Twitter Status para sa karagdagang impormasyon.

    Maaari mo ring magustuhan

    ·