About Me
YoKo has spent more than 9 years (from total of more than 12 years) in information security field, focused in risk from security testing point of...
July 25, 2014
Tagged: About Me
Search
Recent Posts
- From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World
- If Allah willed it, will be back soon!
- 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
- CVE-2019–18624 – Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)
- Race Condition that could Result to RCE – (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3)
- USB HID – Rubber Duck Payload – Auto Turn Off UAC, Firewall, & Defender at Windows 10 & Connect to Reverse Shell in 10 sec
- Adobe Photoshop CC 2019 v. 20.0.0 (for OS X) Expired Subscription Bypass – Bypass Trial Expired
Categories
- About Me (3)
- Achievements (2)
- Bug Report (19)
- Desktop Apps (4)
- Mobile Apps (3)
- Random Things (8)
- Web Apps (12)
- Write-Up (13)
Latest Tweets
In this article, we learn about #dumping system #credentials by exploiting the credential manager. We will talk about various methods.
@rajchandel #infosec #cybersecurity #bugbountytips #linux #pentest #redteam #ethicalhacking #COVID2019 #Covid_19
https://www.hackingarticles.in/credential-dumping-windows-credential-manager/
I received a $500 reward from Facebook for DoS I found in Instagram direct messages. Below is a scenario that shows impact on group messages.
#bugbounty #bugbountytip
Good slides: https://docs.google.com/presentation/d/1N9Ygrpg0Z-1GFDhLMiG3jJV6B_yGqBk8tuRWO1ZicV8/edit#slide=id.g82807e23a8_0_8
The last trick (Authy 2FA bypass) is covered in "Idor to Shell" from @PentesterLab
My first bounty + first CVE-2013-6674 was from Mozilla back in 2014-01-29. The vulnerability was Stored XSS and affected Mozilla Thunderbird email client (desktop) version. Affected millions of users at that time.
More details + POC Video:
https://securityaffairs.co/wordpress/21692/hacking/vulnerability-mozilla-thunderbird.html
#BugBounty