Nguyen The Duc

@ducnt_

Just another web warrior ⚔️ | Security Researcher | Sr. Security Engineer | CTF player && | Bug bounty hunter

Hồ Chí Minh, Việt Nam  
ducnt.net
Registrerte seg februar 2017
17 bilder og videoer Bilder og videoer

Tweets

Du har blokkert @ducnt_

Er du sikker på at du vil vise disse tweetene? Dette vil ikke oppheve blokkeringen av @@ducnt_.

  1. Festet tweet
    31. mar.

    I really happy to share an article that bypass Akamai web application firewall and exploit a SQL Injection vulnerability. Hope this article will help someone in the same situation :).

    8 svar 60 retweets 154 liker
    Vis denne tråden
    Vis denne tråden
    Angre
  2. Retweetet
    28. mai

    LOL.

    52 svar 1 734 retweets 5 405 liker
    Angre
  3. Retweetet
    27. mai

    Cross origin access with exception object + full exploit (reward: $25633)

    67 retweets 240 liker
    Angre
  4. Retweetet
    25. mai

    Last month, I found a DOM XSS that led to RCE in . Here is the write-up: Most of the credit goes to

    14 svar 239 retweets 639 liker
    Vis denne tråden
    Vis denne tråden
    Angre
  5. Retweetet
    26. mai

    An impossible lab has been solved! Congratulations to who solved the attribute context arbitrary code lab. With the following solution: ?a=`+alert(document.domain);//&x=%22oncut=%22eval(%27`%27%2bURL)' the length limit has now been reduced to 20.

    3 svar 83 retweets 391 liker
    Angre
  6. Retweetet
    25. mai

    Abusing Microsoft Outlook 365 to Capture NTLM

    3 svar 158 retweets 322 liker
    Angre
  7. Retweetet
    25. mai

    SSRF + CRLF + HTTP Pipeline + Docker API = RCE… How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber

    4 svar 355 retweets 839 liker
    Angre
  8. Retweetet
    22. mai

    Thanks Safari :D XSS via hash is back!!

    1 svar 40 retweets 117 liker
    Angre
  9. Retweetet
    22. mai

    WinRAR <3

    84 svar 2 172 retweets 9 773 liker
    Angre
  10. Retweetet
    22. mai

    CVE-2020-9484 Tomcat RCE漏洞分析

    1 retweet 9 liker
    Angre
  11. Retweetet
    21. mai

    Here is a write-up of a very interesting RCE bug I found on Google Cloud Deployment Manager for the :

    12 svar 297 retweets 731 liker
    Angre
  12. Retweetet
    20. mai

    Aerial ‘smoke screen’ used to protect ships in battle in the 20th century.

    122 svar 4 418 retweets 19 723 liker
    Angre
  13. Retweetet
    15. mai

    I blogged about some interesting behavior which lead to an internal auth bypass. Smuggling HTTP headers through reverse proxies:

    3 svar 72 retweets 171 liker
    Vis denne tråden
    Vis denne tråden
    Angre
  14. Retweetet
    19. mai

    Increasing disk and memory size make Integer Overflow great again🤣

    The end is near. 2020 does not forgive. "15 years later: Remote Code Execution in qmail (CVE-2005-1513)"
    15 retweets 90 liker
    Angre
  15. Retweetet
    5. feb.

    Text fragments will soon be available in Chromium land. You can then use `#:~:text=` to highlight certain text. 😲 🔗 Chrome status: 🔗 Spec: Video alt: Usage of text fragments to highlight text on wikipedia

    10 svar 179 retweets 441 liker
    Vis denne tråden
    Vis denne tråden
    Angre
  16. Retweetet
    16. mai

    😮 Google open sourced their fuzzing dictionaries!

    12 svar 762 retweets 1 978 liker
    Angre
  17. Retweetet
    18. mai

    DEFCON web solution (except grad school)

    4 svar 24 retweets 59 liker
    Vis denne tråden
    Vis denne tråden
    Angre
  18. Retweetet
    16. mai

    I made a tool to generate Sec/Dictionary files for content discovery by scrapping GitHub for File/Folder Names and GET/POST & HTTP from PHP files. So far its examined 5,256,950 files from 39069 repositories, check the results

    9 svar 223 retweets 570 liker
    Vis denne tråden
    Vis denne tråden
    Angre
  19. Retweetet
    12. mai

    One more to the pocket : CVE-2020-0901 - TALOS-2020-1015 Microsoft Office Excel s_Schema Code Execution Vulnerability

    27 retweets 62 liker
    Angre
  20. Retweetet
    12. mai

    9 svar 176 retweets 668 liker
    Angre
  21. 12. mai

    I and my teammate really happy to share our latest research / doing bug bounty about WAF exploit / bypass. This is a popular WAF application from a vendor in Vietnam, hope you like it 🥰.

    1 retweet 10 liker
    Angre

@ducnt_ har ikke Tweetet enda.

Lastingen ser ut til å ta sin tid.

Twitter kan være overbelastet, eller det kan ha oppstått et midlertidig problem. Prøv igjen, eller se Twitters status for mer informasjon.

    Du vil kanskje også like

    ·