Juan

@bef0rd & myself have exploited the Path Traversal and RCE in the latest patched version of Apache (2.4.50). We recommended to upgrade ASAP to the new version 2.4.51. Security report: httpd.apache.org/security/vulne… CVE: 2021-42013 #security #apache #apache24 #0day #CVE202142013

Stanford just did something wild. They put their entire graduate-level AI course on YouTube. No paywall, no signup. It’s the exact curriculum Stanford charges $7,570 for ❱❱❱❱ watch free now

@R3nnix hola! ¿Qué tal? ¿estas láminas con las instrucciones están disponibles? No alcancé a tomarles foto y quería ver el material para intentar hacer los otros desafíos post eko.

@IVANGOMEZDELEOM Viví algo muy similar años atrás, lo solucioné con una buena abogada que tenía bastante experiencia tratando temas cómo estos. Espero todo mejoré pronto 💪

@WebSecAcademy Hi, are the client side labs working as expected? I have tested 2 of them and they don't seem to work: the first one for CSRF and the last one for CORS. The wiener account is hacked fine with my payloads but the victim account is not. Ty.

I'm glad you were amused by the joke :). It has truly been a privilege to meet you Dr. @jordanbpeterson. Thanks for all your teachings, both from your books & psychology readings on YouTube.

@housecor From a security point of view pre-commit can be used to prevent leakage sensitive information in your commits. For example, hardcoded credentials, PII data. And you can’t just delete it later, because it will still be leaked in the commit historical.

Pre-commit hooks are a waste of time. Why? Because they enforce standards too early. Pre-commit hooks make us wait for a quality check on every commit.👎 The code shouldn't need to be "right" to save my changes. The code only needs to be right before merge. Solution? Use CI.

@Capitan_Alfa Y que importa si es o no… QUEMA LA CASA!

Algún especialista en arañas? Consulta; La araña de la foto es "de rincón"?

@jordanbpeterson Hola Dr. Peterson. What to look for when choosing a university to study psychology? Thank you.

@mazen160 But SAST tools does the same. It would be great to test with others vulnerabilities when you can’t detect them with regex and patterns. Example: IDOR.

No way 🤯, OpenAI can actually detect XSS vulnerabilities in code samples.

Becoming a reader has been the most important habit I’ve developed over the last 10 years. Here are my 13 favorite hacks to read a book a week:

Today I am finally releasing a new 3-part browser exploitation series on Chrome! This was written to help beginners break into the browser exploitation field. Part 1 covers V8 internals such as objects, properties, and memory optimizations. Enjoy! jhalon.github.io/chrome-browser…

@DragonJAR Qué tal funciona Docker?

Llevo unos días usando un MacBook Pro 💻 con procesador M2 para realizar labores diarias de un auditor de seguridad y me gustaría dejar en este hilo 🧵 (que espero construir con sus aportes también) mis apreciaciones al respecto 👇

Vulnerable banking application to learn and practice OWASP A01 🎓 github.com/itsecurityco/O…

@sudochmod4777 @RandoriAttack @springframework It also returns false positives for patched version of Tomcat: WebappClassLoaderBase.getResources() disabled. 8080: vulnerable 9090: patched

The following non-malicious request can be used to test susceptibility to the @springframework 0day RCE. An HTTP 400 return code indicates vulnerability. $ curl host:port/path?class.module.classLoader.URLs%5B0%5D=0 #SpringShell #Spring4Shell #infosec

Check out my latest article: Docker PoC para el CVE-2022-22965 (Spring4Shell) linkedin.com/pulse/docker-p… via @LinkedIn

@SoyUCN Buenas, con los nuevos cambios no se puede acceder a Cavi.

#CatólicaDelNorte ¡25 años Revolucionando la educación! traemos buenas noticias que aportan a la Transformación Digital de nuestra Institución 😀🎊🎉

@sniferl4bs Sí, el tiempo todo lo cambia 💪

Sale la luz al final de la tormenta ?

@dark0pcodes 💯

Estoy pensando en hacer un live streaming de reversing una vez por semana. ¿Qué opinan? ¿Algún interesado en ese tipo de contenido?

Congrats to the @sexy_allpacks for winning the 2021 EkoParty Advanced CTF and thanks to everyone who played! Gracias @NullLifeTeam @ekoparty

Thanks for participating in the @ekoparty Advanced CTF 2021! Hope you enjoyed all the challenges and congratulations to the winners: @sexy_allpacks, SYPER de @certunlp, @rupcion. There is also a special mention to @cntr0llz and @fernetInjection! Thanks 👏! #Ekoparty #eko2021 #ctf