Nguyen The Duc

@ducnt_

Just another web warrior ⚔️ | Security Researcher | Sr. Security Engineer | CTF player && | Bug bounty hunter

Hồ Chí Minh, Việt Nam  
ducnt.net
Gått med februari 2017
15 Foton och videor Foton och videor

Tweets

Du blockerade @ducnt_

Är du säker på att du vill visa dessa Tweets? Visning av Tweets kommer inte att häva blockeringen av @ducnt_

  1. Fastnålad Tweet
    31 mars

    I really happy to share an article that bypass Akamai web application firewall and exploit a SQL Injection vulnerability. Hope this article will help someone in the same situation :).

    8 svar 56 retweets 153 gillanden
    Visa denna tråd
    Visa denna tråd
    Ångra
  2. Retweetade
    för 13 timmar sedan

    6 svar 114 retweets 379 gillanden
    Ångra
  3. för 17 timmar sedan

    I and my teammate really happy to share our latest research / doing bug bounty about WAF exploit / bypass. This is a popular WAF application from a vendor in Vietnam, hope you like it 🥰.

    1 retweet 7 gillanden
    Ångra
  4. Retweetade
    för 20 timmar sedan

    awesome-nodejs-security - Awesome Node.js Security resources curated by

    12 retweets 11 gillanden
    Ångra
  5. Retweetade
    9 maj

    This is such a savage bug to be a dupe 😲🤯

    1 svara 8 retweets 18 gillanden
    Ångra
  6. Retweetade
    9 maj

    <Fastjson Deserialization Vulnerability History> new paper from Longofo@Knownsec 404 Team (English) (Chinese)

    13 retweets 22 gillanden
    Ångra
  7. Retweetade
    7 maj

    Samsung Android multiple interactionless RCEs and other remote access issues in Qmage image codec built into Skia

    35 retweets 124 gillanden
    Ångra
  8. Retweetade
    6 maj

    A few months ago, Synacktiv started a security assessment of the open source project Squid. Here is the writeup of some of the vulnerabilities reported by and

    1 svara 51 retweets 76 gillanden
    Ångra
  9. Retweetade
    5 maj

    Looking at the latest Rails CVE (CVE-2020-8151) Interesting bug found by

    1 svara 18 retweets 78 gillanden
    Ångra
  10. Retweetade
    6 maj

    Today I'm happy to release new research I've been working on for a while: 0-click RCE via MMS in all modern Samsung phones (released 2015+), due to numerous bugs in a little-known custom "Qmage" image codec supported by Skia on Samsung devices. Demo:

    30 svar 818 retweets 1 657 gillanden
    Visa denna tråd
    Visa denna tråd
    Ångra
  11. Retweetade
    27 apr.

    Piercing the Veal: Short Stories to Read with Friends New blog post! I was asked to write about some of the SSRFs I've found in the past so I've done just that! I'm pretty excited about this as it's my longest work yet.

    5 svar 71 retweets 199 gillanden
    Visa denna tråd
    Visa denna tråd
    Ångra
  12. Retweetade
    5 maj

    You monster. Why would you do this to me?

    47 svar 447 retweets 2 129 gillanden
    Ångra
  13. Retweetade
    3 maj

    DOM XSS in Gmail with a little help from Chrome

    3 svar 179 retweets 386 gillanden
    Ångra
  14. Retweetade
    3 maj

    I just rewrote and now released subjs v1.0.0 (). Javascript files can contain an abundance of valuable information when hacking – from undocumented API endpoints to secrets – if you aren't digging through them, you need to!

    5 svar 133 retweets 423 gillanden
    Ångra
  15. Retweetade
    1 maj

    Took more than 2 years, but just released the postMessage-tracker Chrome Extension! Look at the functions receiving postMessages directly in the extension, look at the messages and sender/receiver window locations and track everything using a log-URL.

    27 svar 517 retweets 1 384 gillanden
    Ångra
  16. Retweetade
    3 maj

    As a big Pokemon fan, this is coooooooool

    Researching the MissingNo Glitch from Pokemon Read and Blue. Using "discovery fiction" as a method of learning. We are tracing reads and writes during important actions to find the interesting memory areas.
    Visa denna tråd
    1 svara 10 retweets 76 gillanden
    Ångra
  17. Retweetade
    2 maj

    No Thanks , We need Bounties only 🤣🤣🤣🤣🤣🤣🤣

    8 retweets 48 gillanden
    Ångra
  18. Retweetade
    30 apr.

    The fuzzing team has been developing a new fuzzer to help identify security vulnerabilities in the implementation of WebAPIs in Firefox. This fuzzer, which we’re calling Domino, leverages the WebAPIs’ own WebIDL definitions as a fuzzing grammar.

    3 svar 64 retweets 141 gillanden
    Visa denna tråd
    Visa denna tråd
    Ångra
  19. Retweetade
    29 apr.

    Detailing CVE-2020-0932 - a now patched RCE bug in reported to us by an anonymous researcher. The blog lays out how code exec is possible using TypeConverters and provides video demonstration and PoC. Read the post at

    1 svara 139 retweets 246 gillanden
    Ångra
  20. Retweetade
    27 apr.

    Releasing another side-project: CursedChrome. A Chrome-extension implant that turns victim Chrome browsers into HTTP proxies. Using these proxies you can browse the web authenticated as your victims for all of their websites. Setup takes only 5-10 mins 👍

    22 svar 398 retweets 1 013 gillanden
    Visa denna tråd
    Visa denna tråd
    Ångra

@ducnt_ har inte Tweetat än.

Hämtningen verkar ta ett tag

Twitter kan vara överbelastat eller ha tillfälliga problem. Försök igen eller besök Twitter Status om du vill ha mer information.

    Du kanske också gillar

    ·