Ayush Pathak

@ehayushpathak/security-risks-of-cors-e3f4a25c04d7" target="_blank" rel="nofollow noopener">medium.com/@ehayushpathak… I wrote this for @mubix's OSCP voucher giveaway challenge. Not something great tho but i learned something new and that's good.

Hi @WakefitCo @SupportWakefit. Thank you for the worst service ever by any provider. Your delivery agent called to inform me about the delivery later denied delivery saying "the driver doesn't want to drive". nd now instead of rescheduling the delivery, u guys returned the order.

Just completed the #CloudHuntingGames by @Wiz_io! 🚀 It was a challenging experience exploring Cloud IR. Think you can handle it? Take on the challenge here: cloudhuntinggames.com

New writing/research ✒️ Fragility of The Internet: How Sacrificial Nameservers allowed potential DNS hijacking of 1.6+ million domains Article: devanshbatham.hashnode.dev/fragility-of-t…

AWS just released RCP examples to prevent OIDC misconfigurations from many third-party vendors. 😍 #specific-example-controls-for-tenancy-within-multi-tenant-oidc-providers-with-a-shared-issuer-url" target="_blank" rel="nofollow noopener">github.com/aws-samples/re… This prevents the problem I wrote about here: wiz.io/blog/avoiding-…

I tested over 10 LLM models against a unique, yet basic Trojan source code. All failed to detect the Trojan except for Grok2. This is surprising, given the rise in companies offering AI-powered secure code reviews. If they can't even catch this simple behavior, then "AGI" is still far off. This issue could directly lead to supply chain attacks, where malicious code slips past AI code reviewers. That’s all for now—thank you for coming to my TED talk! Read my full article here: devanshbatham.hashnode.dev/trojan-war-aga…

@sameer_bhatt5 @bsidesahmedabad @Hacker0x01 @rohsec @Akshanshjaiswl @3ncryptSaan @thedrsniper @techyfreakk @_smile_hacker_ @udit_thakkur @Krit_Sec @sameer_bhatt5 aa nahi paya, parcel kardo plox

Day2 #h1 swag distribution is at @bsidesahmedabad registration desk outside after lunch around 2-2:15 PM so everyone come and grab your lovely @Hacker0x01 swags. @rohsec @Akshanshjaiswl @3ncryptSaan @thedrsniper @techyfreakk @_smile_hacker_ @sameer_bhatt5 @udit_thakkur @Krit_Sec

Ahaan! Nice.

Service Update - @airtelindia is still working to resolve the technical issue 3 days later while extending the given timeline on every deadline. :)

Ig it's an infinite loop now :) @airtelindia

Check out my write-up on a seemingly harmless and limited send() in GitHub (CVE-2024-0200) and how it could be used to obtain environment variables from a production container and to achieve remote code execution in GitHub Enterprise Server: starlabs.sg/blog/2024/04-s…

@cyberGoatPsyOps @Frichette_n @Antonlovesdnb attackdefense.pentesteracademy.com Has a good course + labs on AWS security (Paid)

As someone involved in the AWS offsec space, I want to share why I strongly do NOT recommend the HackTricks AWS Red Team Expert course. The author of it is a plagiarist, stealing content from other creators and is directly profiting off of it through sponsorships. A 🧵

The fact that they developed a complete zero-click to kernel chain, JUST to then force the device to open a web page to trigger the "real" chain, is the most bureaucratic exploit I can imagine 🙈 koeln.ftp.media.ccc.de/congress/2023/…

[CVE-2023-46604] ActiveMQ Insecure Deserialization RCE Analysis Writeup In my attempts to learn more about vulnerability research, here is my analysis on the recent ActiveMQ vulnerablity and its exploitation. shashankbarthwal.com/articles/cve-2…

@xscorp7 As always, good work from your side sir

@flipkartsupport Thanks for the support! Order received finally :)

@ehayushpathak We're sorry to hear about your experience with the order delivery. We'd like to help you with your concern. Please share the order details with us through a private chat so that we can lend support. Awaiting your response. (1/2)

Hey @Flipkart @flipkartsupport that's a quick delivery!!!! Also, thank you for NOT resolving the issue but giving a new date every time I asked for an update on the provided date.

Here is my detailed write-up on exploiting some vulnerabilities in Industrial Cellular Router. Don't miss it! #CyberSecurity #Hacking @win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf" target="_blank" rel="nofollow noopener">medium.com/@win3zz/inside…

It's important for learning to be available to all. Kickstart your cybersecurity journey with 𝗙𝗥𝗘𝗘 𝗵𝗮𝗻𝗱𝘀-𝗼𝗻 AWS security labs from @PwnedLabs . We will always have a good collection of free cloud security labs. Please retweet and share with friends and colleagues

⚡️ Extract URLs from an APK using Rayder workflow Rayder: github.com/devanshbatham/… Workflow: github.com/devanshbatham/… #bugbountytips #bugbounty

paramspider: Mining URLs from dark corners of Web Archives for bughunting/fuzzing/further probing GitHub: github.com/devanshbatham/… 🔄 Revamped Features: - Multiple domain names Input using file - Enhanced Exception Handling - Easy Setup using pip - Clear and more readable Code #bughunting #cybersecurity #bugbountytips