Nguyen The Duc

@ducnt_

Just another web warrior ⚔️ | Security Researcher | Sr. Security Engineer | CTF player && | Bug bounty hunter

Hồ Chí Minh, Việt Nam  
ducnt.net
2017年2月加入
17 個相片或影片 圖片與影片

推文

你已封鎖 @ducnt_

你確定要查看這些推文嗎?查看推文並不會將 @ducnt_ 解除封鎖

  1. 釘選的推文
    3月31日

    I really happy to share an article that bypass Akamai web application firewall and exploit a SQL Injection vulnerability. Hope this article will help someone in the same situation :).

    8 replies 60 則轉推 154 個喜歡
    顯示此對話串
    顯示此對話串
    還原
  2. 已轉推
    5月28日

    LOL.

    52 replies 1,734 則轉推 5,405 個喜歡
    還原
  3. 已轉推
    5月27日

    Cross origin access with exception object + full exploit (reward: $25633)

    67 則轉推 240 個喜歡
    還原
  4. 已轉推
    5月25日

    Last month, I found a DOM XSS that led to RCE in . Here is the write-up: Most of the credit goes to

    14 replies 239 則轉推 639 個喜歡
    顯示此對話串
    顯示此對話串
    還原
  5. 已轉推
    5月26日

    An impossible lab has been solved! Congratulations to who solved the attribute context arbitrary code lab. With the following solution: ?a=`+alert(document.domain);//&x=%22oncut=%22eval(%27`%27%2bURL)' the length limit has now been reduced to 20.

    3 replies 83 則轉推 391 個喜歡
    還原
  6. 已轉推
    5月25日

    Abusing Microsoft Outlook 365 to Capture NTLM

    3 replies 158 則轉推 322 個喜歡
    還原
  7. 已轉推
    5月25日

    SSRF + CRLF + HTTP Pipeline + Docker API = RCE… How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber

    4 replies 355 則轉推 839 個喜歡
    還原
  8. 已轉推
    5月22日

    Thanks Safari :D XSS via hash is back!!

    1 replies 40 則轉推 117 個喜歡
    還原
  9. 已轉推
    5月22日

    WinRAR <3

    84 replies 2,172 則轉推 9,773 個喜歡
    還原
  10. 已轉推
    5月22日

    CVE-2020-9484 Tomcat RCE漏洞分析

    1 則轉推 9 個喜歡
    還原
  11. 已轉推
    5月21日

    Here is a write-up of a very interesting RCE bug I found on Google Cloud Deployment Manager for the :

    12 replies 297 則轉推 731 個喜歡
    還原
  12. 已轉推
    5月20日

    Aerial ‘smoke screen’ used to protect ships in battle in the 20th century.

    122 replies 4,418 則轉推 19,723 個喜歡
    還原
  13. 已轉推
    5月15日

    I blogged about some interesting behavior which lead to an internal auth bypass. Smuggling HTTP headers through reverse proxies:

    3 replies 72 則轉推 171 個喜歡
    顯示此對話串
    顯示此對話串
    還原
  14. 已轉推
    5月19日

    Increasing disk and memory size make Integer Overflow great again🤣

    The end is near. 2020 does not forgive. "15 years later: Remote Code Execution in qmail (CVE-2005-1513)"
    15 則轉推 90 個喜歡
    還原
  15. 已轉推
    2月5日

    Text fragments will soon be available in Chromium land. You can then use `#:~:text=` to highlight certain text. 😲 🔗 Chrome status: 🔗 Spec: Video alt: Usage of text fragments to highlight text on wikipedia

    10 replies 179 則轉推 441 個喜歡
    顯示此對話串
    顯示此對話串
    還原
  16. 已轉推
    5月16日

    😮 Google open sourced their fuzzing dictionaries!

    12 replies 762 則轉推 1,978 個喜歡
    還原
  17. 已轉推
    5月18日

    DEFCON web solution (except grad school)

    4 replies 24 則轉推 59 個喜歡
    顯示此對話串
    顯示此對話串
    還原
  18. 已轉推
    5月16日

    I made a tool to generate Sec/Dictionary files for content discovery by scrapping GitHub for File/Folder Names and GET/POST & HTTP from PHP files. So far its examined 5,256,950 files from 39069 repositories, check the results

    9 replies 223 則轉推 570 個喜歡
    顯示此對話串
    顯示此對話串
    還原
  19. 已轉推
    5月12日

    One more to the pocket : CVE-2020-0901 - TALOS-2020-1015 Microsoft Office Excel s_Schema Code Execution Vulnerability

    27 則轉推 62 個喜歡
    還原
  20. 已轉推
    5月12日

    9 replies 176 則轉推 668 個喜歡
    還原
  21. 5月12日

    I and my teammate really happy to share our latest research / doing bug bounty about WAF exploit / bypass. This is a popular WAF application from a vendor in Vietnam, hope you like it 🥰.

    1 則轉推 10 個喜歡
    還原

@ducnt_ 尚未發表任何推文。

看來要一段時間讀取資料。

Twitter 可能已超出負載,或發生暫時性的小問題。請再試一次,或造訪 Twitter 狀態以取得更多資訊。

    你也可能也會喜歡

    ·