Sysdum

WontFix can be an RCE Goldmine SOAPwn by @chudyPB #5 in PortSwigger Web Hacking Techniques of 2025 Microsoft’s refusal to patch HttpWebClientProtocol invalid casting makes any .NET app using ServiceDescriptionImporter permanently vulnerable to arbitrary file write via malicious WSDLs. Blog link 👇 labs.watchtowr.com/soapwn-pwning-…

#CVE-2025-55182: RSC RCE — It functions as an in-memory webshell backdoor, offering a significantly more covert foothold. Please verify this again on your own endpoint.

@infosec_au You're a beast dude 😎

Pushed a new update to github.com/assetnote/reac… -- it now scans for the RCE payload via reflection. Use the --waf-bypass flag to bypass WAFs, works well for Cloudflare/AWS. Other WAFs might need tinkering with the payload, depending on whether they don't have a max context limit.

Critical strike: China's hacking training grounds (PART 1) substack.com/inbox/post/179…

Using @Burp_Suite and a website playing a new trick on you? This happens but no fear (most of the times)! The screenshot here shows a Java TLS limit. Recent JDKs added jdk.tls.maxHandshakeMessageSize (default 32768 bytes) Use "-Djdk.tls.maxHandshakeMessageSize=65536" to solve this. Add this to the end of the ".vmoptions" file if you have it installed. #BurpSuite #BugBountyTip

@mcipekci The GOAT himself 👑

Money doesn’t bring sole happiness, this has no meaning anymore. Treasure yourself and your dear ones. #bugbountytips PS: thanks to all collabs who made this possible

Voting for a President in America be like "choose one"

@pwnEIP I want a foil version of this card. Also emotional damage OP 😂

@Chrollo_l33t @NinjaParanoid I'm in this tweet and I don't like it

@NinjaParanoid The most annoying is the BugBounty community, thinking they are superior once they find XSS bug in lala website back in 2015!

Infosec Twitter has become so cringe these days, that the moment I open it, I leave it within 1-2 minutes of scrolling. I know a lot wont like what I write, but why does majority of the defensive side think they are batman of infosec community when their contribution is near to nil? Only reason I open up twitter is to post about BRc4 because this is where I started, but now its just cringe.

Additionally, I've run into WAFs blocking or blacklisting any more than 1 directory up (e.g ../../). These paths weren't blocked. Another Java-ish payload is the popular Tomcat/nginx normalization bypass /..;/. I see it mostly present in Java apps

If you think you've found a path traversal, instead of throwing /etc/passwd and similar paths, check if the app is java-based using Wappalyzer. I've scored a few bounties by trying the following: ?file=../WEB-INF/web.xml ?file=../META-INF/MANIFEST.MF #bugbountytips #BugBounty

@ozgur_bbh Great write-up!

Before working on new blog post ideas at 2024, I wanted to share some of my best posts again from the previous years, in case anyone missed them. 1- A Less Known Attack Vector, Second Order IDOR Attacks Blog post: ozguralp.medium.com/a-less-known-a…

@SSgtRomaine @JackRhysider If you read the article, you would know the author is using it ironically.

Kind of a strange thing to just blurt out of no where...

@intigriti Telerik, it's the gift that keeps on giving

If you could only hunt down one CVE for the rest of your life, what would it be? 😎️

@hack1or0 @adrielsec Impact is that the victim is sent a link for a known website and it redirects you to an attacker's site that is mocked up to look like the legitimate site. They can then perform a watering hole attack to ideally obtain the victim's plaintext credentials.

@adrielsec Could you please explain the impact of it?

Open Redirect Vulnerability: Steps: 1. login in target website let say 123.com 2. after succes fully login turn On your foxy proxy and burpsuite 3. Clik log-out to the web application and intercept it 🧵+ #BugBounty #BugBountytip #bugbountytips

@NahamSec When nobody is buying MSF pro so you get into the legal business

Rapid7 asking me to remove an educational content from YouTube over the fact that used them as an example for publicly accessible swagger file.

Finished in 1st place at the Red Team CTF @ #DEFCON 31. @RedTeamVillage_ Started off playing the event solo, but I was joined in the finals by my fellow teammates from Team Europe, @sijsu and @s3np41k1r1t0 to get the win. Thank you ThreatSims and @hackthebox_eu for the event!

🚨 Attention 🚨 We’re asking everyone that was at the RTV CTF today in Cesar’s Forum to CHECK their swag bags. Unfortunately, someone walked away with one belonging to one of one of our volunteers. It is vital that we locate it as it contains his ID etc. DM us if located! 🙏🏾

@S1n1st3rSecuri1 Thanks for bearing with me while I fixed some things! 😅😅

@systemDumb made a lot of the web chals for the event. They were all great but the zorg ones have a special place in my heart. Thanks for helping set it up

Got to see @_JohnHammond again today at the red team village CTF. Just missed the cutoff for finals by 20 points🫠

🙌🏼 Thank you to @flipper_net for adding to our epic RTV CTF prizes! #defcon