Kunal Pandey

@zseano Congratulations :)

What an AMAZING day :D very emotional, but it was perfect in every way! Wooohooo I now have a wife 🙌🙌

@zseano Sorry for your loss.

Unexpectedly lost my dad early hours this morning… completely out of the blue. He was fit & healthy and now he’s gone 😭 lost for words on how I feel. RIP Dad ❤️❤️ love & miss you forever

@Dinosn @synack Congratulations Nicolas. Well deserved. :)

Truly honoured to be recognized as Titan at @synack and named Mentor of the Year. It’s a privilege to stand alongside some of the top security professionals in the industry. Thank you all :)

@Akshanshjaiswl Thanks bro ❤️

@kunalp94 Congrats 💫, wish you all the best

@sudhanshur705 Yup

@kunalp94 Congratulations bro 🎉 ,so you were finally able to meet your Konan 👀

@bishal0x01 Thankyou :)

@kunalp94 Congrats Kunal.

🎉 Congratulations 🎉, the winners are @KavanSoni_07 @manish1221singh @pratikcyb @being__aman @scarcemrk @darkrider758 @iammeera_ @pandyaMayur11 @Mitin_sharma_22 @chalcidfly Keep your DM open. I will be contacting you directly. Enjoy the conference.

🎉 Giveaway Alert! 🎉 Hello everyone, I’m giving away 10 students passes for @bsidesahmedabad. Just comment below why you wanna attend the event and like the tweet. Good luck.

@0xMstar @krishnsec @zseano @Tur24Tur You can try encoded html entity in between jav%26Tab%3bscript://google.com/%0dalert(1) (	 —> %26Tab%3b) Only if the above value is reflecting on href link. or try %0c in between the javascript protocol.

Got this on one of the BB program , do you see problem here?, I reported this on bugcrowd Hackercup 2 years back & in collaboration with @krishnsec @zseano @Tur24Tur , It was in resolved state for 1 year, Recently revisited this & reported.

@ITSecurityguard @smiegles @lucio_89 Congratulations :)

I am incredibly happy to have skipped Defcon and Blackhat to marry the love of my life ❤️ Thanks to @smiegles @lucio_89 and Melvin for travelling all the way to Germany to spend the day with us ❤️

@carbonmanx @zseano The element "style" will trigger the above event handler as the content-visibility has been as auto. Using double quotes and adding "style element will trigger above XSS.

@zseano Does it require css on the page tho?

this works on latest version of chrome. no more user interaction needed for hidden input xss :) thanks for sharing!

@Cyber78678 @Burp_Suite Bro🤣🤣

@_d4ly_ @SynackRedTeam Wishing you more success. :)

Happy New Year Everyone! May each of you achieve your personal goals and enjoy both mental and physical well-being in the coming year.

@sudhanshur705 Ohhh...

@kunalp94 Thankyou,that WireServer thing looks interesting but I have been strictly told to focus on escalating the impact via the Oauth token only 🥲(the bug is actually fixed still they reverted the changes on the dev env just so that I can have a chance escalating it with that condition

I need to prove impact for the oauth token recieved from Azure Metadata endpoint(from a ssrf),are there any sensitive endpoints which are worth trying basically the program wants me to prove what the worst thing could be done with the retrieved access_token.Does anyone have idea?

@0xConda Congratulations 👏👏

After a few months of searching, I'm finally closing on my first house this week! Hoping to resume cybersecurity hobbies once we're settled. There are bugs to be found!

@luketucker Looking good 😀

@Rhynorater Nice IDN homograph attack on the redirection parameter by @Yassineaboukir :) hackerone.com/reports/861940

Ways to leak oauth code in app: * Bad redir URL host (can redirect to badexample[.]com not just example[.]com) * Bad redir URL host via . regex issue (can redirect to wwwXexample[.]com instead of www[.]example[.]com) * Bad redir URL path (redir to a path the attacker can leak via application logic) * Parameter injection in redir URL %3f -> ? adding parameters or breaking restriction logic * HTML Injection + permissive redir URL path (img tag + meta tag referrer policy) * PostMessage leak of URL * Open redirect Got any others?

Another Sharepoint Rest API documentation by Microsoft: learn.microsoft.com/en-us/previous…

If you see a site with " _layout/*" endpoints or in source code, then it runs on Microsoft SharePoint. Here is the API endpoint list that you can still test: s-kainet.github.io/sp-rest-explor… It's a complete list but you can still check out Microsoft sharepoint documentation.