Daniel Thatcher

36 posts

Daniel Thatcher

@_danielthatcher

Researcher, and security person at @intruder_io. Hack dumber. He/him

Katılım Haziran 2018

257 Takip Edilen655 Takipçiler

Daniel Thatcher@_danielthatcher·6 Ara

And here’s part 2, presenting new techniques for reliable, split-second DNS rebinding in Chrome and Safari intruder.io/research/split…

Daniel Thatcher@_danielthatcher

Here's part 1, detailing how I hacked my company's own product using DNS rebinding: intruder.io/research/we-ha…

English

1.8K

Daniel Thatcher@_danielthatcher·1 Ara

@sudhanshur705 @strellic This can work at times, and I mention something similar in the next part (coming soon), though in most of the real-world webapps I've seen driving headless browsers there is a timeout enforced by the app which you can't lengthen this way.

English

sudi@sudhanshur705·1 Ara

@_danielthatcher @strellic Also to solve that problem where pages are loaded for a short amount of time ,such slow load images can be used to make sure the attack can be completed without any time issues

English

138

Daniel Thatcher@_danielthatcher·1 Ara

Here's part 1, detailing how I hacked my company's own product using DNS rebinding: intruder.io/research/we-ha…

Daniel Thatcher@_danielthatcher

Excited to be talking about new DNS rebinding techniques at @BlackHatEvents #BHEU next week. The research for this talk will be released in 2 parts on the @intruder_io research blog - keep an eye out for part 1 on Thursday tinyurl.com/bdzxesd3

English

4.3K

Daniel Thatcher@_danielthatcher·1 Ara

Part 2 will be release on Wednesday, when I'm presenting the research at BHEU

English

295

Daniel Thatcher@_danielthatcher·30 Kas

@BlackHatEvents @intruder_io I've been asked to hold off on the release of the first part until tomorrow, so sorry for the false alarm!

English

240

Daniel Thatcher@_danielthatcher·28 Kas

English

3.9K

Daniel Thatcher@_danielthatcher·1 Ağu

@BlackHatEvents Whenever I try to submit my proposal, I get a 403 Forbidden. Is there anything I can do?

English

104

Black Hat@BlackHatEvents·1 Ağu

#BHEU 2023 Briefing Call for Papers closes tomorrow, August 2! Submit your proposal for the chance to share your research, knowledge & expertise at Black Hat Europe>> bit.ly/45ADELx

English

5.1K

Daniel Thatcher@_danielthatcher·23 Şub

A while ago I decided to try take on a big challenge and work out how to detect prototype pollution black-box. One thing I’m very happy with from this research is the simplicity of the solution I found

Intruder@intruder_io

Prototype pollution can be a dangerous bug, but it's hard to detect in real-world scenarios without the source code. In the latest blog, our researcher, @_danielthatcher, discusses a new technique for detecting prototype pollution in black-box situations:hubs.li/Q01Cs9L70

English

663

Daniel Thatcher retweetledi

mopman@mopman·17 Şub

Why do I know so many Dan's in infosec? Is there something about the name Dan? I strongly advise being cautious of your data around anyone named Dan, until we work this out.

English

Daniel Thatcher@_danielthatcher·14 Eki

@PortSwiggerRes Thanks for sharing

English

PortSwigger Research@PortSwiggerRes·14 Eki

Predictable GUID vulnerabilities are often critical and easily overlooked. This extremely practical writeup & tool release by @_danielthatcher is well worth a read: intruder.io/research/in-gu…

English

255

Daniel Thatcher@_danielthatcher·13 Eki

The technique isn’t new, but the vast majority of pentesters I’ve spoken to don’t know about it, so I thought it worth sharing with an example from a pentest. I’ve also created a tool to help you exploit this issue github.com/intruder-io/gu…

English

Daniel Thatcher@_danielthatcher·13 Eki

As a newbie pentester I read the RFC for GUIDs out of a fear that I wasn’t testing them correctly. A few years later, it paid off.

Intruder@intruder_io

GUIDs are everywhere - but there are hidden dangers when using them as they're designed for their uniqueness, not their security. Find out more in the latest blog from our research team: hubs.li/Q01pyz_r0 #guid #vulnerabilityscanning #CyberSecMonth

English

Daniel Thatcher@_danielthatcher·15 Ağu

I was lucky enough to catch this talk at BH, and it was one of the highlights of the conference for me. Great research, and really well presented

Aaditya Purani@aaditya_purani

Just finished ElectroVolt talk at #DEFCON30. Was super glad to see the entire room full. Thanks a lot for coming AND supporting! ⚡️ Hope you enjoyed the talk and can use the knowledge in your day to day work. Feel free to check out electrovolt.io for POCs. #DC

English

Daniel Thatcher@_danielthatcher·14 Ağu

@notdurson Dan is also a wonderful person. It was a lot of fun. Hopefully we see each other again next year

English

not plygrnd@not_plygrnd·13 Ağu

@_danielthatcher I can confirm that @_danielthatcher is an excellent human being. I look up to him (partly from necessity).

English

Daniel Thatcher@_danielthatcher·8 Ağu

Heading off to Vegas for the first time. If you see me about, say hi. I’m the lanky blond British guy with round black glasses.

English

Daniel Thatcher@_danielthatcher·12 Ağu

@notdurson @BlackHatEvents Sounds good. I’ll message you

English

not plygrnd@not_plygrnd·12 Ağu

@_danielthatcher @BlackHatEvents I am! I have my official neck piano and will be there today. DM me, let's hang out. And IOU an beer too!

English

not plygrnd@not_plygrnd·8 Ağu

Off I toddle. @BlackHatEvents here I come. Come hang out if ya want.

English

Daniel Thatcher@_danielthatcher·11 Haz

If you only need to read info rather than modify it, then the trick of loading the application in two separate iFrames works well. @iamnoooob writes about it here: blog.noob.ninja/escalating-low… @avlidienbrunn has a great talk on this and other tricks: youtube.com/watch?v=l3yThC…

YouTube

English

Daniel Thatcher@_danielthatcher·11 Haz

This example works by using the self-XSS to set a session cookie with a limited path so that the self-XSS will still load when the victim logs back into their account. The self-XSS can then access the rest of the application as the victim, so is effectively regular XSS.

English

Daniel Thatcher@_danielthatcher·11 Haz

If you have stored self-XSS and login CSRF you can probably do something interesting, but you have to do slightly more than this tip says. Here's an example I put together against Moodle a few years ago: blog.long.lat/2019/04/09/obt…

Intigriti@intigriti

Found a self-XSS? 🤨 Don't worry! Let's magically turn that into a valid XSS by sprinkling some CSRF on top of it! 🧙‍♂️ #bugbounty #bugbountytips 👇

English

Keşfet

@sudhanshur705 @strellic @BlackHatEvents @intruder_io @PortSwiggerRes @elonmusk @BarackObama @taylorswift13