Patryk Bogusz

I have recently figured out an interesting way of abusing the AWS KMS for data exfiltration in the restricted VPC. You can read more here: niebardzo.github.io/2021-08-23-roo… #AWS #Security #Cloud

@LiveOverflow Love those tips ❤️

Thanks to the CISSP certification I know everything there is to know to be an effective IT security executive. #cisotips

@LiveOverflow Lol 🤣

Stumbled over this tweet sharing a "low severity bug worth reporting". It was deleted after I pointed out that this is NOT a vulnerability. But the tweet is gone now, and some might still think this is a valid issue. So I decided to share it again to say: IT'S NOT! #bugbountytips

I have recently written short blog post about the various caching mechanisms in Apollo.js niebardzo.github.io/2021-04-26-apo…

@varseand @disclosedh1 @geeknik You can exploit either through Web cache poisoning or Request Smuggling. Without that it is not exploitable. At least until @albinowax figures out different way.

@disclosedh1 @geeknik How can you set X-Forwarded-For header in the browser? What’s the attack scenario?

U.S. Dept Of Defense disclosed a bug submitted by @geeknik: hackerone.com/reports/882220 #hackerone #bugbounty

We continue our work with @intel and @DellTech to enable the Data Confidence Fabric technology. "The #Chrysalis upgrade is relevant to #ProjectAlvarium, which must annotate and score massive amounts of data in a fast, scalable, and secure manner." cio.com/article/361791… #IOTA

@varseand Only J&J chips integrate with the smart Toothbrushes 🤣

Finally vaccinated! :) When can I expect chip to star working? Does it integrate with HomeKit since the first dose?

Starting a new series, going over the sudo vulnerability research step by step. It's kinda like "season 2" from my binary exploitation playlist. liveoverflow.com/why-pick-sudo-…

Wbijajcie na OWASP Poland - wraz z kolegami z GS poruszymy sporo ciekawych zagadnień. ⁦@owasppoland⁩ meetup.com/pl-PL/owasp-po…

@optionalctf Catching a reverse shell :)

Name something better than seeing a hit on your collaborator server

The top 10 web hacking techniques of 2020, by @albinowax with help from @filedescriptor, @irsdl, @Agarri_FR and the entire community portswigger.net/research/top-1…

Quick post about interesting case of Jinja SSTI: niebardzo.github.io/2020-11-23-exp…

Delivery was delayed, but here it is! #tryharder #OSCP

Design vs. UX.

No więc obiecany research Michała Bentkowskiego ($30000 zgarnięte w ramach bug bounty!): sekurak.pl/the-curious-ca…

@pawelmaziarz Certutil tez daje radę :)

Warto wiedzieć, że w Powershellu sprawnie można policzyć hashe SHA1, SHA256, SHA384, SHA512 czy MD5.

@LiveOverflow Amazing. Love this series :)

Researching the MissingNo Glitch from Pokemon Read and Blue. Using "discovery fiction" as a method of learning. We are tracing reads and writes during important actions to find the interesting memory areas. youtube.com/watch?v=p8OBkt…

Kogoś trzeba było szybko zatrzymać, więc zatrzymali (i to wcześnie rano - czyżby o 6?) informatyka, który się pomylił. Pojęcie ryzyka zawodowego zyskuje na znaczeniu. tvn24.pl/polska/wyciek-…

@Zaufana3Strona Maskra, to państwo jest na skraju upadku. Pora pakować walizki.

#Docker images and dockerfiles for (un)popular fuzzers - bugs.sh/docker & bugs.sh/dockerfile 💪#fuzzing #bughunting