Marek Geleta

I just published my first blog post - SSRF via DNS rebinding geleta.eu/2019/my-first-… #BugBounty #NETSEC #CyberSecurity #ssrf #dns_rebinding

🚨 PoC for CVE-2024-48990 Local Privilege Escalation Released 🚨 I've published a PoC for CVE-2024-48990, a local privilege escalation vulnerability in `needupdate` (pre-installed in Ubuntu Server 21.04+) github.com/makuga01/CVE-2…

@intigriti top.name to cut down 3 more chars :d

@intigriti JS on controlled web: window.name='alert(document.domain)' window.location=`http://vulnerable_.com/?<iframe/srcdoc="<a/id=debug%20href=g:eval(parent.name)><script/src=easy-eval.js></script>">`

Can you spot the vulnerability? 🔎 Show us how you'd pop an alert(document.domain) in the comments 👇 The shortest payload gets a 25€ SWAG voucher! 🎫

This is amazing!

Overview of different vulnerabilities in Google's new web-based collaboration tool Threadit: XSS, Clickjacking, ACL bypass, Info leak... #BugBounty #InfoSec websecblog.com/vulns/google-t…

Kubernetes disclosed a bug submitted by @javierprovecho: hackerone.com/reports/859962 - Bounty: $1,000 #hackerone #bugbounty

🎉 We've finally released my blog, which is now kinda redundant to an excellent Defcon talk by @matter_of_cat and @InsecureNature. Luckily, there are a few additional bits of information there, so if you're interested in GCP Security, check it out! code.kiwi.com/towards-secure…

@bugpoc_official Solved it but I can't get it to work from bugpoc.com :/

XSS Challenge Hint #2 gotta verify that origin

@h43z Solved! :D

ctf4.43z.one be the first to solve this challenge! Objective: Show XSS in the name parameter

I just published Exploiting WebSocket [Application Wide XSS / CSRF] link.medium.com/puqyeTGD93 #bugbountytips #security @Bugcrowd

Just published a new BugBounty writeup. Go check it out! geleta.eu/2020/a-tale-of… #bugbounty #cybersecurity #writeup

Getting all 32000 email addresses of every registered user on Google.org’s Crisis Map thanks to IDOR and incremental IDs. #BugBounty #InfoSec websecblog.com/vulns/listing-…

New version of github.com/makuga01/dnsFo… is live! AAAA, CNAME support and much more. Go check it out! rbnd.gl0.eu

@shodanhq Any news?

@marek_geleta one sec

Are you a student, professor or work at a University? Register with your academic email to receive a free upgrade: buff.ly/2fC0W9Q

@0ktavandi The blind ssrfs thing really depends from target to target. Sometimes you might just be able to enumerate internal ports and sometimes you can even get rce but it really depends and it's probably much harder to exploit than "classic" ssrf

I just published my first blog post - SSRF via DNS rebinding geleta.eu/2019/my-first-… #BugBounty #NETSEC #CyberSecurity #ssrf #dns_rebinding

@LooseSecurity @KeybaseIO works pretty well keybase.io/blog/introduci…

Does anyone know a good implementation of end-to-end encryption for group chats? I've heard OMEMO works, can someone explain the key exchange and how it's verified that no other parties can access it?

@shodanhq Well @shodanhq.... It didn't go well 😕

@marek_geleta yes, but it's a bit more complicated. You'll need to send some verifiable proof to academic@shodan.io if your school doesn't provide you with an email address