Q5Ca

238 posts

Q5Ca

@_q5ca

Chief Remote Work Officer at @u0Kplusplus

Vietnam Katılım Kasım 2017

389 Takip Edilen958 Takipçiler

Q5Ca@_q5ca·25 Ağu

@ZackKorman Happened to me. Tried to remind you guys 😂

Q5Ca@_q5ca

Just a quick reminder: Copilot on microsoft365.com (m365.cloud.microsoft/chat) is not on scope for bounty 🥲 duongq5ca.substack.com/p/another-micr…

English

156

Zack Korman@ZackKorman·21 Ağu

Microsoft isn’t paying a bounty because this related to “enterprise copilot” which apparently isn’t covered? I don’t even know what that means… I have an M365 copilot license and a P1 license lol. What are they talking about.

Zack Korman@ZackKorman

Microsoft isn’t disclosing this so: M365 Copilot allowed users to access files without producing an audit log. All you had to do was ask Copilot to not link to the file. You don’t even have to ask; it sometimes just happens. If your org uses Copilot your audit log is likely wrong

English

257

19.3K

Q5Ca@_q5ca·10 Ağu

@GodfatherOrwa @aditi_singghh 👀

QME

199

Q5Ca@_q5ca·28 Tem

@huyvinhptit @grok 👀

QME

Q5Ca@_q5ca·24 Tem

Ước 🥹

Khoa Dinh@_l0gg

Blog for ToolShell Disclaimer: The content of this blog is provided for educational and informational purposes only. blog.viettelcybersecurity.com/sharepoint-too… #SharePoint #ToolShell

QST

597

Q5Ca@_q5ca·19 Haz

@S1r1u5_ Cool!

English

103

s1r1us (mohan)@S1r1u5_·19 Haz

@_q5ca yeah, you can just set a flag in protobuf request

English

417

s1r1us (mohan)@S1r1u5_·13 Haz

Hacking Windsurf: I asked the AI for the shell, it said yes. new video’s out. I show how I could’ve hacked you… just by getting you to click my link. Link posted below.

English

414

66.9K

Q5Ca@_q5ca·13 Haz

@by6153 @haxor31337 Yes, but I think it didnt help much 😅

English

Zeeshan M.@by6153·13 Haz

@haxor31337 @_q5ca Hi @haxor31337 it was a great talk loved it totally 🙌 also I have a question when you used ActivitySurrogateSelector gadget it prompted almost 16k+ characters payload and you mentioned that the querystring supports 2048 characters did you tried to use -minify option in ysoserial

English

Tuan Anh Nguyen⚡️ 🇻🇳@haxor31337·4 Haz

From SSRF to RCE and transfer money in core banking. It is really cool red team case. A perfect combination of external and internal vulnerabilities for each other to bypass the monitoring and detection of the blue team. Present by my colleague @_q5ca youtu.be/xBnMrNCuO_w?si…

YouTube

English

353

30.8K

Q5Ca@_q5ca·10 Haz

@GodfatherOrwa @HusseiN98D @haxor31337 Remember that! I’m comming!

English

657

Godfather Orwa 🇯🇴@GodfatherOrwa·10 Haz

@HusseiN98D @haxor31337 @_q5ca 🤣🤣🤣🤣🤣🤣 same here

English

1.1K

Hussein Daher@HusseiN98D·10 Haz

Burn out, platforms not always playing the right game , some programs scamming you.. it's not all beautiful in Bug Bounty. Find a backup plan ;) only the wise will start diversifying. The next years will become very hard.

English

5.7K

Q5Ca@_q5ca·5 Haz

@vudq16 Slide: 1drv.ms/p/c/362121a38b… Recording: youtube.com/watch?v=xBnMrN…

YouTube

English

Q5Ca@_q5ca·16 May

Happy to share that my colleague @vudq16 and I will be speaking at PHDays in Moscow 🇷🇺 next week, May 24th. I’ll share a story from one of our red team projects, with techniques to maximize stealth during the operation. Hope to make new connections there:D phdays.com/en/forum/progr…

English

3.6K

Q5Ca@_q5ca·5 Haz

@pfiatde @haxor31337 Here is it: 1drv.ms/p/c/362121a38b… Please tell me if there is any problem 😅

English

pfiatde@pfiatde·5 Haz

@haxor31337 @_q5ca Nice! Are the slides also available somewhere? 👉👈

English

222

Q5Ca@_q5ca·4 Haz

@HusseiN98D @haxor31337 Keep what’s in Moscow in Moscow man 🙏

English

Hussein Daher@HusseiN98D·4 Haz

@haxor31337 @_q5ca Your colleague is a boss 🔥

English

738

Q5Ca@_q5ca·4 Haz

@haxor31337 @GodfatherOrwa let see if we can get more views than you 🤣

English

Q5Ca@_q5ca·2 Haz

@cyberx00t Yes?

Govind Jha@cyberx00t·2 Haz

@_q5ca metadata access ?

Español

Q5Ca@_q5ca·2 Haz

Just a quick reminder: Copilot on microsoft365.com (m365.cloud.microsoft/chat) is not on scope for bounty 🥲 duongq5ca.substack.com/p/another-micr…

English

2.6K

Q5Ca@_q5ca·2 Haz

@cyberx00t Ssrf

174

Govind Jha@cyberx00t·2 Haz

@_q5ca What Bug ?

English

190

Q5Ca@_q5ca·16 May

@amoshkov @vudq16 Давай. Я хочу водка!

Русский

Alex Moshkov@amoshkov·16 May

@_q5ca @vudq16 Expecting some memes over your slides! 🙃

English

Q5Ca@_q5ca·16 May

Congrats @_l0gg! You did the thing I thought was impossible. Hard work pays off 💪

TrendAI Zero Day Initiative@thezdi

Confirmed!! Dinh Ho Anh Khoa (@_l0gg) of Viettel Cyber Security combined an auth bypass and an insecure deserialization bug to exploit #Microsoft SharePoint. He earns $100,000 and 10 Master of Pwn points. #Pwn2Own #P2OBerlin

English

885

Q5Ca@_q5ca·16 May

@tuo4n8 @vudq16 Nao có dịp ae mình giao lưu a nhé 🤣

Tiếng Việt