Root viper

21/05/2020

Learn the basic concepts of Regular Expression Injection.

16/05/2020

https://www.slideshare.net/NSCONCLAVE/js-debugging https://youtu.be/mXbrAQs20G0 https://youtu.be/2u5mkySaAmY https://youtu.be/3qIsIu0-de4 https://youtu.be/V_...

28/11/2019

19/09/2019

just learned with horror that deleting any of the "family" emojis in google slides does not remove the emoji, but rather kills off each individual family member one by one, starting with the children

“just learned with horror that deleting any of the "family" emojis in google slides does not remove the emoji, but rather kills off each individual family member one by one, starting with the children https://t.co/0v2s8Bx91n”

19/09/2019

So people were infecting iPhone users for years undetected. I am not really surprised. I am always saying that the reason we have this illusion of iOS security is because the devices are not inspectable and there is little chance you will ever know you are infected.

19/09/2019

There are multiple legitimate, free tunneling services that are routinely used by attackers to evade defenses:

ngrok[.](com|io)
portmap[.](com|io)
serveo[.]net
localtunnel[.]me
pagekite[.]net

Hunt for these domains. Also hunt for long-running TCP connections with dstport>10000.

19/09/2019

The Zerodium CEO said "the zero-day market is so flooded by iOS exploits" that they are now refusing them

Also, check out this statement regarding iOS security.

Many security researchers have asked Apple to remove iMessage. Now, even exploit brokers are making fun of iMessage

18/09/2019

Reverse Engineer: Awesome, I found the address I was looking for!

Zoom out a few times

Reverse Engineer: *sad face*

“Reverse Engineer: Awesome, I found the address I was looking for! Zoom out a few times Reverse Engineer: *sad face* https://t.co/51FNlrtJHJ”

18/09/2019

Please enable Network Level Authentication (NLA) for a layer of pre-auth before a connection is established.
This not only reduces the terrifying & RDP attack surface, it's also a top ransomware protection recommendation from
https://www.fireeye.com/blog/threat-research/2019/09/ransomware-protection-and-containment-strategies.html

https://twitter.com/itsreallynick/status/1171477943777759234?s=21

“Please enable Network Level Authentication (NLA) for a layer of pre-auth before a connection is established. This not only reduces the terrifying & RDP attack surface, it's also a top ransomware protection recommendation from : https://t.co/n48PaHZxLk”

18/09/2019

Local File Inclusion in peering.google.com

1. "peering.google.com/static/images/…".

3. Add one of this value at the end of the link: ("../../../../../../../etc/passwd" OR /proc/self/cmdline OR /proc/self/stat)

4. In this way: "peering.google.com/static/images/…".

https://www.updatelap.com/2019/05/local-file-inclusion-in-peeringgooglecom.html

https://twitter.com/wugeej/status/1171586640130662400?s=21

“Local File Inclusion in https://t.co/vbSJLQbSYt 1. "https://t.co/tWiEWOpzUf". 3. Add one of this value at the end of the link: ("../../../../../../../etc/passwd" OR /proc/self/cmdline OR /proc/self/stat) 4. In this way: "https://t.co/qiJAZwIG5j". https://t.co/6sClhqqFWZ https://t.co/gSudslkX0I”