Nguyen The Duc

@ducnt_

Just another web warrior ⚔️ | Security Researcher | Sr. Security Engineer | CTF player && | Bug bounty hunter

Hồ Chí Minh, Việt Nam  
ducnt.net
Bergabung Februari 2017
17 Foto dan video Foto dan video

Tweet

Anda memblokir @ducnt_

Yakin ingin melihat Tweet ini? Melihat Tweet tidak akan membuka blokir @ducnt_

  1. Tweet Sematan
    31 Mar

    I really happy to share an article that bypass Akamai web application firewall and exploit a SQL Injection vulnerability. Hope this article will help someone in the same situation :).

    8 balasan 60 retweet 154 suka
    Tampilkan utas ini
    Tampilkan utas ini
    Batalkan
  2. me-Retweet
    28 Mei

    LOL.

    52 balasan 1.734 retweet 5.405 suka
    Batalkan
  3. me-Retweet
    27 Mei

    Cross origin access with exception object + full exploit (reward: $25633)

    67 retweet 240 suka
    Batalkan
  4. me-Retweet
    25 Mei

    Last month, I found a DOM XSS that led to RCE in . Here is the write-up: Most of the credit goes to

    14 balasan 239 retweet 639 suka
    Tampilkan utas ini
    Tampilkan utas ini
    Batalkan
  5. me-Retweet
    26 Mei

    An impossible lab has been solved! Congratulations to who solved the attribute context arbitrary code lab. With the following solution: ?a=`+alert(document.domain);//&x=%22oncut=%22eval(%27`%27%2bURL)' the length limit has now been reduced to 20.

    3 balasan 83 retweet 391 suka
    Batalkan
  6. me-Retweet
    25 Mei

    Abusing Microsoft Outlook 365 to Capture NTLM

    3 balasan 158 retweet 322 suka
    Batalkan
  7. me-Retweet
    25 Mei

    SSRF + CRLF + HTTP Pipeline + Docker API = RCE… How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber

    4 balasan 355 retweet 839 suka
    Batalkan
  8. me-Retweet
    22 Mei

    Thanks Safari :D XSS via hash is back!!

    1 balasan 40 retweet 117 suka
    Batalkan
  9. me-Retweet
    22 Mei

    WinRAR <3

    84 balasan 2.172 retweet 9.773 suka
    Batalkan
  10. me-Retweet
    22 Mei

    CVE-2020-9484 Tomcat RCE漏洞分析

    1 retweet 9 suka
    Batalkan
  11. me-Retweet
    21 Mei

    Here is a write-up of a very interesting RCE bug I found on Google Cloud Deployment Manager for the :

    12 balasan 297 retweet 731 suka
    Batalkan
  12. me-Retweet
    20 Mei

    Aerial ‘smoke screen’ used to protect ships in battle in the 20th century.

    122 balasan 4.418 retweet 19.723 suka
    Batalkan
  13. me-Retweet
    15 Mei

    I blogged about some interesting behavior which lead to an internal auth bypass. Smuggling HTTP headers through reverse proxies:

    3 balasan 72 retweet 171 suka
    Tampilkan utas ini
    Tampilkan utas ini
    Batalkan
  14. me-Retweet
    19 Mei

    Increasing disk and memory size make Integer Overflow great again🤣

    The end is near. 2020 does not forgive. "15 years later: Remote Code Execution in qmail (CVE-2005-1513)"
    15 retweet 90 suka
    Batalkan
  15. me-Retweet
    5 Feb

    Text fragments will soon be available in Chromium land. You can then use `#:~:text=` to highlight certain text. 😲 🔗 Chrome status: 🔗 Spec: Video alt: Usage of text fragments to highlight text on wikipedia

    10 balasan 179 retweet 441 suka
    Tampilkan utas ini
    Tampilkan utas ini
    Batalkan
  16. me-Retweet
    16 Mei

    😮 Google open sourced their fuzzing dictionaries!

    12 balasan 762 retweet 1.978 suka
    Batalkan
  17. me-Retweet
    18 Mei

    DEFCON web solution (except grad school)

    4 balasan 24 retweet 59 suka
    Tampilkan utas ini
    Tampilkan utas ini
    Batalkan
  18. me-Retweet
    16 Mei

    I made a tool to generate Sec/Dictionary files for content discovery by scrapping GitHub for File/Folder Names and GET/POST & HTTP from PHP files. So far its examined 5,256,950 files from 39069 repositories, check the results

    9 balasan 223 retweet 570 suka
    Tampilkan utas ini
    Tampilkan utas ini
    Batalkan
  19. me-Retweet
    12 Mei

    One more to the pocket : CVE-2020-0901 - TALOS-2020-1015 Microsoft Office Excel s_Schema Code Execution Vulnerability

    27 retweet 62 suka
    Batalkan
  20. me-Retweet
    12 Mei

    9 balasan 176 retweet 668 suka
    Batalkan
  21. 12 Mei

    I and my teammate really happy to share our latest research / doing bug bounty about WAF exploit / bypass. This is a popular WAF application from a vendor in Vietnam, hope you like it 🥰.

    1 retweet 10 suka
    Batalkan

@ducnt_ masih belum menge-Tweet.

Pemuatan tampaknya berlangsung agak lama.

Twitter sedang kelebihan beban atau mengalami sedikit masalah. Coba lagi atau kunjungi Status Twitter untuk informasi lebih lanjut.

    Mungkin Anda juga suka

    ·