Re [4️⃣] Brute XSS by @brutelogic It isn't easy to talk about XSS without referring to Brutelogic's blog. His resources are incredible! 👇

Re [3️⃣] XSS mindmap by @JackMasa Now that you know the basics of XSS, let's see how expansive this vulnerability really is by looking at this massi...

Re [2️⃣] Cross-Site Scripting (XSS) Explained by @PwnFunction This remains one of our all-time favorite videos explaining XSS! If you're a visual le...

Re [1️⃣] Cross-site scripting by @PortSwigger If you want to be able to find XSS vulnerabilities, you will NEED to know exactly what an XSS actually...

If you want to master XSS, open this thread! Cross-site scripting vulnerabilities are injection attacks that allow attackers to execute malicious Java...

之前每周分享里面，说过一期开源项目敏感信息泄露的案例和相关预防/防范方法🧐 没想到最近Github开发了一款新的代码搜索引擎GitHub Code Search，又引发了一场...

CVE-2022-4202 A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_t...

Re @rempahrz Hi. Could you drop us an email at support@portswigger.net with an example of your use case, please?

Re @intigriti If you really want to know what payload to use and when, along with several advanced tricks you can't find anywhere, you should consider...

重点关注第四条的三到八。最好把七、八、九、十条也看看。《互联网跟帖评论服务管理规定》：www.gov.cn/xinwen/2022-11/16/content_5727349.htm

全球数字安全挑战升级，最大的问题就是“看不见攻击“。近期国外一个勒索案例就挺典型。加拿大魁北克小城Westmount遭遇网络攻击，致使市政服务中断。事发后，该市IT主管无奈地表示，虽然知道服务器被加密了，但是谁发动了攻击完全不知道。直到有勒索软件团伙认领并要求付赎金，大家才知晓幕后黑手。 ...全文

这大风吹的，下楼溜达一圈感觉没穿衣服一样。

Re @infoshrek I got one today saying it will be disabled in 1 week 😄

RT Beau Bullock: Just made a minor update to MFASweep to cover the other conditional access device options and also added in a concise results summary...

Re @GulCalikli @ERC_Research @didemunat @umutsimsekli @thorsten_berger Thanks Gül! Any insights and resources would be much appreciated.

Re 👇 mandatory reading. Any others?

Been preparing for an @ERC_Research Grant application. Any tips or resources?

RT Antoine Kaufmann: We are also hiring for multiple positions at the Max Planck Institute for Software Systems (@mpi_sws_) and the other MPIs in CS. ...

subzuf – a smart DNS response-guided subdomain fuzzer

Unrestricted File Upload: A Common Bug With A High Potential Revenue On HackerOne! — StackZero

Irish Regulator Fines Facebook $277 Million for Leak of Half a Billion Users' Data

RT kmkz: Enter "Sandbreak" - Vulnerability In vm2 Sandbox Module Enables Remote Code Execution (CVE-2022-36067)

RT esjay: My two pre-auth RCEs against Pandorafms got patched. Blog post incoming in a few weeks. Until then, patch your appliances ;)

Dan's Uber thread on yesterday for those that can't watch

Re @SimonLevermann Fair, but if government tax receipts are down... I'm going to find me some MD5 passwords seems like a sound strategy going forward....

RT Lukasz Olejnik @LukaszOlejnik@Mastodon.Social: The €20.000.000 #GDPR QUESTION is of course whether all the other companies that still use MD5, or ...

This is pretty massive... ... The stalking horse of MD5 hashes sitting inside organisations and the threat of GDPR fines ...

Re @UK_Daniel_Card Thanks Dan!

Re @glennzw Be kind to the 👀 - enable dark mode

The Art of Bypassing Kerberoast Detections with Orpheus

A flaw in some Acer laptops can be used to bypass security features

N1CTF 2022 Solana Challenges Writeups

Re FAQ 📜 - Is the admin the same as a normal user The admin user is the same, besides the formatting of the admin's avatar filename - How does the ...

Re @ricardo_iramar Thanks for the feedback! We'll discuss changes to this behavior with the team and raise an appropriate ticket.

哎 我等p民 还是积极点的当个p民吧  你们都是不想当p民的 才想着各种闹腾 所以说白了你们老说是p民 是假的 是唯心的 其实你们想当领导 我是看透你们了～～

根据网友反馈，更新「Win11如何启动IE」，新增了另外两种办法hxxp://scz.617.cn:8/windows/202211241540.txtA: 冬青 2022-11-26搜索"Internet选项"，打开"Internet属性"，点击右上角的问号(?)，可以打开IE。control.exe->Internet选项->点击右上角的问号(?)inetcpl.cpl->点击右上角的问号(?) ...全文

Anyone else get the e-mail about domain fronting today?

Re @corg_e @HackingLZ @Laughing_Mantis Thank you, Corgi =D

Re @rez0__ Haha I love that you keep coming back to this thread haha

Meanwhile somewhere in palakkad, Kerala 🪷

Octosuite: Advanced Github OSINT Framework

Blockchain couldn't stop TXT spam in India, regulator now trying AI

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

Acer fixes UEFI bugs that can be used to disable Secure Boot

RT Security Response: Reminder: The BlueHat 2023 Call for Papers is still open but will close Dec 8 2022. If you're thinking about submitting a paper....

Re @eliomen @wbm312 just correcting an error in today's theme announcement. we now return you to your regularly scheduled punk rocking. :)

#DEFCON31 style guide update: the purple color in the DC31 palette is 7668 C, not 7688 C. Thank you to the sharp-eyed EvilMoFo for pointing it out. St...

Re @_TimMcMahon Thanks for reaching out - for bounty related questions please contact bounty@microsoft.com. Our bounty team can confirm that for you.

CVE-2022-45329 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to...

CVE-2022-41568 LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.