Dave Vieira-Kurz

In my web security training I often get asked for multi context payloads. This is the one I've created and learned to love in the past 10 years. Try yourself with @owasp_juiceshop by @bkimminich #bugbounty #hacking #juiceshop #owasp #hackerone #Security #WordPress #number23

@intigriti My first critical zero-days, publicly disclosed responsibly, date back to 2006: an RFI in a leading payment/billing firm and an RCE in the top domain & server management portal of the time.

What was your first critical bug? 😎

How often do you use ChatGPT and alike weekly? #ChatGPT #OpenAI

@MameHaze exactly :)

@secalert Is this a ChatGPT answer? ;) They literally use the same graphic ROMs, it's a title screen swap, nothing more that I can see.

One thing I don't understand is why Gals Panic 4 got reissued multiple times in 2000/2001 with different titles, including as 'Gals Panic SU' even if Gals Panic SU was already a unique entry in the series. What does SU even stand for? Super?

During a recent code review I noticed something in the VSCode Language Server JSONRPC implementation that made my brain tingle. Why not investigate this on stream? Maybe we find nothing, maybe we find something useful. twitch.tv/liveoverflow

DroppedConnection - a fake VPN server that captures credentials and executes code via the Cisco AnyConnect client. research.nccgroup.com/2023/03/01/mak…

@harshbothra_ 2007

When did your Bug Bounty journey begin?

@CristiVlad25 %27%20or%202005%21%3D2006%2B--%2B

When you work on a target and you see copyright 2005, must be something in there, or must be super safe? What's the first thing you'd try?

@coder_rc Well put :D

I have a HTTP joke but if I posted it, you wouldn't get it.

@hakluke take pictures of dangerous wild animals with 90mm. and only 10 ft away.

What would you do if you knew you couldn't fail?

@Agarri_FR Yeah. Imagine one types in the URI, has a typo and identifies "you have an error in your syntax" error-based sql injection :D

An useful ad... 🤡

@alosdev I am proud of @alosdev to be part of those awesome individuals.

@akamai_research 1. Trust your instincts 2. Keep focused 3. Be patient 4. Read a lot 5. Don't wait for the next rainy weekend, start now!

Calling all security researchers: When someone says they want to get into security research and are looking for advice, what is the first thing you tell them?

@taviso Wait a second. Let me start numega SoftICE on my Windows 98 machine. 😂

If someone get a working OpenSSH exploit from this bug, I'm switching my main desktop to Windows 98 😂 (this bug was discovered by a Windows 98 user who noticed sshd was crashing when trying to login to a Linux server!)

😬

@hexpwn NSA is listening 📶

@HackenProof RCE using multibyte character to bypass their protection.

What's the last vulnerability you've found?

A prototype @Burp_Suite extension for Enterprise/Pro using the new Montoya API. Leverages the Google Safe Browsing API to check that any URLs in the enumerated site map aren't known to be malicious. Help detect those watering holes! Code 👇 gist.github.com/olliewuk/c518e… [1/2]

@novasecio my brain and instincts

What's your most used tool in bug bounty?

@kyREcon So many wonderful memories with my beloved combo in the early 2000s: W32Dasm (+Bratpatch), numega SoftICE, hiew, PEiD, LordPE. #reverseengineering #warez #reversing

If you ever used this, you probably need to start eating healthier and exercise more.

@SEKTOR7net de_dust2 5v5

If you said "Code Segment", you'll be forgiven! But, NO, NO, NO! Not Computer Science, Not C-Sharp, kiddos! The one and only... COUNTER-STRIKE!!! 😎

New blog post and updated #binaryninja plugin: "Statistical Analysis to Detect Uncommon Code" We use statistics to identify obfuscation in an #Anticheat, a mobile DRM, a #Windows kernel module & malware. Link: synthesis.to/2023/01/26/unc… Code: github.com/mrphrazer/obfu…