Quick test all the hosts for Adobe Experience Manager (AEM) paths via @pdiscoveryio httpx:-   The Wordlist:-   httpx -l allhosts -paths /root/aem-path...

RT Jesse Clark: 'Cut the crap from Intercept' for those new to Burp

Re @akita_zen @Hacker0x01 Congrats buddy, i hope you all the best.

Re @hahwul Thanks for the clarification.

RT Capture The Packet: A TCP packet walks into a bar and says, “I’d like a beer.” The bartender replies, “You want a beer?” The TCP packet replie...

RT yan: the new search engine we've been working on at @brave is now in public beta!  * we don't track clicks or queries * we don't profile you * for ...

New #BugBytes are here with fresh new hacks!  Learn about @S0md3v's clever new GraphQL attack, how @ConspiracyProof hacks Salesforce Lightning Compone...

Re Okay, that was FAST 🚤 You wanted it, you get it -

Re @cffaedfe At 300 likes, we will release the source code of the WASM file 😎

Re @davwwwx Nice work davwwwx!

Re @smaul_1 Boom! 💥

Re @isira_adithya Whoop whoop 🙌

Re @cffaedfe New day, new tip 💡 Don't forget to have a SIGNED INTEGER insurance in case you once end up having a water OVERFLOW.  Our insurance bro...

CamOver - A Camera Exploitation Tool That Allows To Disclosure Network Camera Admin Password

围观

Re @Teslarati @ResidentSponge ??

Windows: Windows Filtering Platform Token Access Check EoP

今天说的美国司法部关闭了三十多个伊朗网站的事情，估计又要再一次激起“互联网掌握在美国人手里”之类的邪火。绝大多数人，包括从事网络安全工作但实际上并未接触过相关技术的人，如果想理解这个事情，至少应该读一下光明网的这篇 自主创新还是科技投机，业界专家为何齐声批驳IPV9。如果有可能，读一读《从根上治理互联网：互 ...全文

最近有个浪嗖嗖的说法，叫“迪士尼在逃公主”。那我就是微博在逃 PM。

我参考天主教驱魔的经文写了一段拉黑经：我乃遵微博用户协议注册之账号，现要驱逐你！我命令你离开！以来总的力量！来总亲自命令你！来去之间命令你！王高飞命令你！微博 CEO 命令你！微博客户端代码命令你！不洁的杠精，我驱逐你！大家试试以后每次拉黑前念一下，感觉特别好。

近日，安全公司Sophos发表了一份新的研究报告——《“义务劳动”式恶意软件在阻止海盗湾的同时赶走软件盗版者》，报告中详细介绍了一个网络攻击活动：该活动以盗版软件的用户为目标，恶意软件旨在阻止对托管盗版软件的网站的访问。这种恶意软件与其它专注于窃取密码、搞破坏或向计算机所有者勒索赎金 ...全文

前几日获得一个Go语言编写的程序外挂，分析该外挂过程中发现与C、C++编译出来的二进制文件有很大的不同，相比于传统语言编译出来的可执行文件Go程序在参数传递、栈空间管理和函数调用等方面都有自己的特点。Go的二进制逆向在互联网上有一篇很全面的文章《Go二进制文件逆向分析从基础到进阶》（ ...全文

做了这么多年的云WAF，几点深刻的感触：1. 作为流量检测类的产品，和其他检测产品一样，最关注的是还是误报和漏报。2. WAF检测的HTTP/HTTPS协议流量往往没有任何规范和章法可言，虽然有RFC给了规范，但实际上根本没有任何客户端浏览器、Web语言/框架、Web容器去遵守RFC规范里对HTTP协议的定义，很 ...全文

RT Nina Lowe: Playing a remote DJ set for #DEFCONSafeMode was great and all, but... I'm looking forward to seeing y'all @defcon in VEGAS this year! I'...

《利用 fastjson $ref 构造 poc》作者：lxraa网页链接

以前读过一个科幻短篇，其中提到有个城市中心立着一块超高折射率的晶体。由于光穿过这块晶体要几十年，所以人们透过晶体看到的是几十年前的这个城市。//@马少平THU: 不明觉厉

It’s deadline season. If you are hoping to present at a #defcon29 village, make sure you check out the event calendar on the forums for the latest de...

Re @ILFHeroesHockey @AletheDenis 👆 gets it.

2021年6月22日，美国司法部关闭了三十多个伊朗相关网站。

从另一个角度看，澳大利亚这也是承认了打着环保旗号来搞政治是完全可能的//@文光围脖1:

在营养摄入效率上，吃素是没办法和吃肉比的。马牛羊鹿这些平常吃素的动物，只要有机会，也都愿意开开荤。洋人想让我们吃素，把食物链顶端的生态位让出来，这是非常卑鄙的。//@老赵: 香 //@园园老巫firstday:转发微博

Rachel Zegler 演白雪公主我觉得挺好。肤色其实也不算太离谱。图 1 是她在《西区故事》里的剧照。滚娘是不合适的，和惊奇队长不合适的原因一样，都不是因为肤色。

我认真地觉得，在网约车行业，司机是有“必须按导航走”的义务的——除非他事先得到乘客允许或乘客要求这么走。之所以网约车应用推出导航路线，就是因为在实际使用中，小处如避免司机绕路，大处如提前预知危险，都说明这个功能有其存在意义。导航路线这个功能本身就是用来增加乘客安全感的，那么违背功 ...全文

Re @ITSecurityguard @Regala_ Hi! We'd love to have a chat about your findings in more detail. Could you drop us an email at support@portswigger.net?

Re @amr00t Hi, there's a ViewState Editor now in the BApp Store -

RT Will:  Re @tifkin_ and I had few misconceptions about the "Any Purpose" and "SubCA" EKU scenarios in the context of the AD CS research (specificall...

Re @markwilsonit And why you should audit principals that those rights get delegated to.  Wouldn't be the first time I've seen AdmPwdRead granted to D...

RT Mark Russinovich: It's here! RDCMan v2.8:

RT Darkoperator: new RDCMan has a new XML Schema, still DPAPI and uses the same ActiveX component

Re @Jean_Maes_1994 Maybe 😛

CFP still open for a few more days.  Get your submissions in.

Re @tifkin_ @_dirkjan @gentilkiwi @harmj0y lol this is the kind of thing that makes me (╯°□°)╯︵ ┻━┻

RT Elad Shamir: I just published my first @SpecterOps post about Shadow Credentials - an alternative technique for taking over user and computer objec...

[BLOG] Updated version of my old (circa 2017) Terraform blog.

〖李雪琴展现性感的一面〗【李雪琴迎合男性凝视！】//@老赵: 可以 //@songluo:男人装咋都插队到王建国前面了

我们家的狗买来的时有犬疥螨，后来严重了，成癞皮狗了。我们家附近的兽医是个废物网页链接，不知道怎么治。最后我花 4 元买了一瓶伊维菌素，自己每天给狗注射，没多久就好了。//@老曾阿牛:

回复@梦半自飘零200809:事实上为了打击毒品，中国要求对缅甸出口酒精和烧碱都需要额外办理许可证：网页链接 //@梦半自飘零200809:去年网飞出了个毒品纪录片，总体挺好，就是介绍缅甸的时候暗示我们提供化学原材料让分裂武装卖

社会对一件事产生认知惯性后，就会形成和惯性相匹配的政治正确。媒体向大众投喂的内容自然就会往这种政治正确上靠拢。

Re @AletheDenis @aprilwright @defcongroups @dc441905 @jaysonstreet @jcpolo1 This image captures our plans perfectly.

RT A.P. Delchi: HDA IS BACK! If you are going to @defcon and are under the umbrella of the ADA check out HACKERS WITH DISABILITIES (HDA) in the DEFCON...

RT #blackgirlshack is now 501c3 certified: Guess what!?!? through the dopeness of the twitter verse and the depths of @LawyerLiz rolodex 🥰 We now h...

RT April C Wright “Dare Mighty Things" she/her: Hey! @defcongroups has moved to the @defcon Forum! Be sure to check out @dc441905's page:

HashCheck - Tool To Assist In The Search For Leaked Passwords

Re @michael_saylor

Re @spaceraccoonsec @offsectraining Well, you knooow, I think we have something you should check out 😜 🔴🐂

Re @pudsec @cffaedfe Only time will tell ⏳

Re @cffaedfe I heard rumours that we will eventually give out the source code of the .wasm file as a tip to come 🤔🥠

We all know that storing recon info can sometimes be a little bit overwhelming 🤯 This is why @honoki has created this wonderful tool for all of us ...

RT The XSS Rat -Stealer of cheese -Voted least sneaky: FREE API HACKING LABS <3 <3  Can you find my secret admin url displaying all the usernames? :) ...

RT IoT Village:  Re @eacmen @evm_sec @reconmtl @woprsummit @BsidesDC @shmoocon the #iotvillage CFP for @defcon is open til June 30! submit here:

OEM了谁的？一打一大片啊

Swift-Attack - Unit Tests For Blue Teams To Aid With Building Detections For Some Common macOS Post Exploitation Methods

让用户当家做主，欢迎加入哪铁宇宙！#人民的哪吒人民创#

Re Found another one on the same plugin. New CVE coming up.  Bit unreal that getting a CVE was a bucket list thing last year. Now I have 6! These will...

Ghidra作为一个由美国国家安全局（NSA）开发的免费和开源的逆向工程工具，在去年的RSA正式发布，包含了一整套功能齐全的高级软件分析工具，可以帮助广大研究人员在Windows、macOS和Linux各大常见系统平台上进行源代码分析。想要利用这款功能强大的工具，就得先对其进行深入了解。看雪课程最新上架 ...全文

近日，有黑客在黑客论坛上销售超过500万记录的数据包，其中含有大量用户隐私信息，而且这个数据包的数据类型与大众承认被盗的数据一致。据受害者证实，黑客兜售的这些数据很可能就是几天前美国大众汽车集团所披露泄露的超330万客户数据。2021年3月10日，奥迪和大众接到供应商通知：未经授权的第三方 ...全文

不久前，我一个同事去相亲，这种事情你们懂的，介绍完年龄工作后，就是谈谈兴趣爱好。我同事的相亲对象有些不一样，在聊完工作后，话题居然没有转向兴趣爱好，而是想详细了解下同事的工作到底是做什么。“要不是她真的表现得很小白，差点以为是猎头。”同事说。“我是搞安全的。”  “嗯，网络安全 ...全文

题目出自3w班12月题——对抗字符串混淆。字符串混淆在保护中是很常见的一个手段，熟练使用unicorn能轻松的解决曾经实现起来非常复杂的问题。 AndroidNativeEmu和unidbg都是对unicorn进行了一定程度封装的开源项目，让我们可以很方便的调用jni函数，以及对没有实现的函数进行hook实现处理，并且让我 ...全文

这只蜘蛛向我们传输了什么数据？

Re @spaceraccoonsec @offsectraining Congrats, big achievement 🎉

Re @sec_hawk @terjanq @cffaedfe You will have to wait for a week to find out 🤭 In the meantime, check out our latest tips!

Re @alph4byt3 Let's say it's not the easiest we have seen so far 🙊

Re Time for another tip ⏰ WAT the heck is wrong with Sherlock today or was his name Malloc (I don't really remember)?

Re @cffaedfe We already have a lot of excellent submissions, e.g. from @terjanq @_splitline_ @fh4ntke @insertScript @BitK_ And guess what? I will post...

Love this cool poster @Zwoltopia Made for @intigriti 1337 hacker @iqimpz! Want your own poster? 8 days left to score yourself a top position in our qu...

Re @iqimpz You are welcome! Thanks for all your hard work, you earned it 🎉 And don't forget to keep those "Bug Squashers" rolling in every day 💪

Re @h43z @cffaedfe No, only you clicking on "Generate"!

“帮帮我们！”

Re @JRossNicoll This is an important improvement

Re We have not reached 200 yet, but I wanted to let you know that there is only one Json Bourne 🎯

“经过激烈攻防较量，华顺信安科技有限公司获得一等奖。”  其实每个地市的网络安全也是比较严峻，需要关注，只是大部分的厂商都会核心兵力部署到了大客户那，导致地方的服务跟不上，这也给了本地化的公司创造了机会。

相比较政府，更需要警惕庸众。政府要考虑当世评价，要考虑千秋功过。庸众完全不需要考虑这些。一拥而上，一哄而散。

以前见过一个提问：“为什么很少见到化学方向的民科”？下面有人说：“试图搞化学的民科应该都在骨灰盒里了。”小时候在家鼓捣化学实验被烧过炸过毒过的我点了个赞。

只要开启了“运动”，“运动”就一定会扩大化。无论是半个世纪前的中国还是两个世纪前的法国，都一样。

Good news, everyone! We have re-opened badge sales for virtual attendees! The gods of the supply chain have smiled on our undertaking and blessed us w...

RT SpaceX: View from the droneship of Falcon 9’s landing

RT Tesla Greater China: 5000 kms with 27 Supercharger Stations👉Tesla opens the longest Supercharger route from east to west in China⚡️#TheSilkRou...

破了 查看图片

#燕山大学教授称已推翻爱因斯坦相对论#

Squalr - Squalr Memory Editor - Game Hacking Tool Written In C#

Brave, the privacy-friendly browser that pays its users to surf the web, is extending its payouts to iOS.

Re @WholeMarsBlog Very sorry to hear that. Condolences to JB and his family.

挺好的，你看游戏和电影比要承担的社会责任就多了很多，现在游戏终于比直播资格老，隐隐得到前辈特权！（以上反讽）//@楚云帆:着了下报道，没看懂这个法官的逻辑…是游戏企业不需承担社会责任还是直播服务（打赏就是主要收入模式）就低人一等，为啥会有两种完全不同的处置 查看图片

回复@job545:这不是关于秘密，甚至不是关于隐私，而是关于自由。//@job545:这是有多少见不得人的秘密啊

RT IoT Village: Check this out and the other #iotvillage 2.0 talks on our Youtube page:  & dont forget! 9 days left to submit to our #CFP for @defcon:

Re @pry0cc @hahwul Copy the tweet and go to

Re @pry0cc @hahwul

Find XSS and Blind XSS via dalfox by @hahwul and send every request to burpsuite for more manual testing dalfox file hosts --mining-dom  --deep-domxss...

RT Faizan Nehal: I did a writeup on how you can find SSRF vulnerabilities through HTML Injection, especially if you are a beginner in bug bounty. You ...