Antonius Block

@_Xiety @intigriti Same happened to me just few hours ago

Is the 0day_pilot on @intigriti a bot? They just closed a html injection and IDOR leaking PII as information/ Closed lmao

@Rudy4FutureTech @albinowax I believe it has been renamed with "Exploit scoped-SSRF" as you can see here: github.com/PortSwigger/pa…

@albinowax Nice work! What do you mean by “Run ‘Find Internal Targets’” ? I’m not able to spot that option in the param miner.

The whitepaper is live! Listen to the whispers: web timing attacks that actually work. Read it here -> portswigger.net/research/liste…

I participated in the NahamCon 2023 CTF! Thanks @_JohnHammond, @nahamsec, the event sponsors, and all others involved! #NahamCon2023

@strangeMMonkey1 🩸 We've got 3 confirmed solves so far! 🔥 🥇 @lyubo_tsirkov 🥈 @lbrnli1234 🥉 @antoniusblock23 Who else can solve this challenge? 😎

@intigriti An attacker could set the kid header field to any file with predictable content (i.e. /dev/null) then forge a valid JWT using the same key

Can you spot the vulnerability? 🔎 Show us how you’d be able to become the admin in the comments 👇 The best explanation gets a 25€ SWAG voucher! 🎫

Thank you @WebSecAcademy and @PortSwigger for the amazing contents and practical labs about JWT authentication bypass!

Nice catch!!! Zimbra Email - Stealing Clear-Text Credentials via Memcache injection blog.sonarsource.com/zimbra-mail-st… via @sonarsource

⏰ It's CHALLENGE O'CLOCK! 👉 Find the XSS before Friday June 3th! 👉 Win €300 in SWAG prizes! 👉 We'll release a tip for every 100 likes on this tweet! Thanks @PiyushThePal for the challenge! 👇 challenge-0522.intigriti.io

@intigriti @PiyushThePal Not hard but still an interesting challenge! Thanks @intigriti and @PiyushThePal

Just scored a reward @intigriti, check my profile: app.intigriti.com/profile/lucapf… #HackWithIntigriti

@bunny_0417 @intigriti Thanks @bunny_0417 ! It was a business logic error vulnerability.

Just scored a reward @intigriti, check my profile: app.intigriti.com/profile/lucapf… #HackWithIntigriti

A nice and detailed explanation of the CVE-2022-1388 vulnerability root cause #bigip #f5 #cve randori.com/blog/vulnerabi…

@CTFtime I believe the team rating scoreboard might be incorrect due to how your system assigns points to teams. Maybe it's a known issue, but if you want more info, please let me know and I'll share.

We fixed a bug with team name parsing (sanitizer was too strict) and updated some scoreboards - there can be slightly changes in 2021 team ratings.

@honoki Nice one!!!

Few solutions for the #NahamCon2022 #ctf github.com/lfama/nahamcon…

I participated in the NahamCon 2022 CTF! Thanks @NahamSec, @_JohnHammond, @STOKFredrik, @kkevsterrr, @Congon4tor, @calebjstewart, @M_alphaaa, @birchb0y, and all others involved! #NahamCon2022

Our second winner is @antoniusblock23! 🎊 This is a straight to the point writeup. If you want to know what to do, in a quick and concise way, give this one a go! Read it here: gist.github.com/lfama/b80c6bef… 3/4 👇

@intigriti @aszx87410 Nice challenge!

⏰ It's CHALLENGE O'CLOCK! 👉 Find the XSS before Sunday April 24th! 👉 Win €300 in SWAG prizes! 👉 We'll release a tip for every 100 likes on this tweet! Thanks @aszx87410 for the challenge! 👇 go.intigriti.com/xss-challenge