➠ Reddit "Ask Me Anything"
I did an AMA on Reddit a few days ago. My Reddit AMA from 2013.......
Zur Startseite
Kommentiere zu Reddit "Ask Me Anything"
➤ Ähnliche Beiträge für 'Reddit "Ask Me Anything"'
Running Kafka in Kubernetes With Kraft Mode and SSL
vom 7436.02 Punkte
Learn how to launch an Apache Kafka with the Apache Kafka Raft (KRaft) consensus protocol and SSL encryption. This article is a continuation of my previous article Running Kafka in Kubernetes with KRaft mode.
Prerequisites
An understandi
RedWarden - Flexible CobaltStrike Malleable Redirector
vom 757.3 Punkte
RedWarden - Flexible CobaltStrike Malleable Redirector(previously known as proxy2's malleable_redirector plugin) Let's raise the bar in C2 redirectors IR resiliency, shall we? Red Teaming business has seen several different great ideas on how to combat incident responders and misdirect them while offering resistant C2 redirectors network at the same time. Thi
Kconfig-Hardened-Check - A Tool For Checking The Hardening Options In The Linux Kernel Config
vom 584.86 Punkte
MotivationThere are plenty of Linux kernel hardening config options. A lot of them are not enabled by the major distros. We have to enable these options ourselves to make our systems more secure. But nobody likes checking configs manually. So let the compute
Automattic: [intensedebate.com] SQL Injection Time Based On /js/commentAction/
vom 531.69 Punkte
[intensedebate.com] SQLi Time Based On /js/commentAction/ Summary: Hello, I have found a SQLI Injection Time Based on /js/commentAction/. When a user want to submit/reply to a comment, a JSON payload was send by a GET request. GET /js/commentAction/?data
HackerOne: Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted
vom 497.51 Punkte
Hi team, I don't know your policy about pentesters(about their visibility on the platform), But I couldn't find any other pentesters before. 1) For example: GraphQL has the h1_pentester attribute that would explicitly point us to th
h1-ctf: [H1-2006 2020] "Swiss Cheese" design style leads to helping Mårten Mickos pay poor hackers
vom 379.78 Punkte
Summary: Several vulnerabilities in the bountypay application leads to unauthorised access, information disclosure, SSRF and other fun stuff. Steps To Reproduce: This is how I helped Mårten Mickos pay the poor hackers who had been waiting so long fo
Keybase: SOP bypass using browser cache
vom 356.99 Punkte
Summary An attacker has the ability to extract sensitive information from user's accounts, due to a CORS issue. On a minor note, this also is a cross-site leak as we can fingerprint what exact keybase user has accessed the attacker'
NordVPN: Disclosure of User Information
vom 311.42 Punkte
Hi Team, We can get information about the users registered (such as: id, name, login name, etc.) and employees of NordVPN without authentication on https://www.nordvpn.com Vulnerable URL: https://nordvpn.com/wp-json/wp/v2/users/ Vulnerable URL: https://nordvpn.com/?rest
Apple presents the best of 2018
vom 303.82 Punkte
Apple presents the best of 2018<br/>The Apps, Games, Music, Movies, TV Shows, Podcasts and More That Shaped Entertainment and Culture Around the World This Year<br/>As the year comes to a close there are so many unanswered questions: Who is
Apple presents the best of 2018
vom 303.82 Punkte
Apple presents the best of 2018<br/>The Apps, Games, Music, Movies, TV Shows, Podcasts and More That Shaped Entertainment and Culture Around the World This Year<br/>As the year comes to a close there are so many unanswered questions: Who is
CS Money: ReDoS at wiki.cs.money graphQL endpoint (AND probably a kind of command injection)
vom 296.23 Punkte
Summary: The endpoint /graphql has a vulnerable query operation named "search", that can I send a Regex malformed parameter, in order to trick the original regular expression to a regex bomb expression. Payload with a "com
Agoric: Improper Input Validation allows an attacker to "double spend" or "respend", violating the integrity of the message command history or causing DoS
vom 292.43 Punkte
Summary: Improper Input Validation allows an attacker to "double spend" or "respend", violating the integrity of the message command history or causing DoS Steps To Reproduce: I was curling random integers and found