This will have huge impact!, another great example on how RCE can be achieved on OWA easily through ViewState deserialization attack. Red Teamers it's your chance now :) thezdi.com/blog/2020/2/24…

Thanks Nikhil Mittal for this great course #Pentesting #redteam #ADLab #CRTP

Attacking Helpdesks (Part 1): Remote Code Execution (#RCE) chain on #Deskpro with #Bitdefender as a case study. Full technical details to #exploit RCE inside. blog.redforce.io/attacking-help… #BugBounty #websecurity #infosecwriteup

Me and the folks RedForce just finalized the 1st part of the Windows authentication attacks series. blog.redforce.io/windows-authen… The series suppose to cover the NTLM/Kerberos authentication in detail as well as how their attacks work. Happy reading, and stay tuned for part 2.

POC of CVE-2020-3452

POC2 for CVE-2020-3452 #bugbountytips #BugBounty

An easy catch! 😅 Pentest with tight schedule, No publicly-known vulns? Download firmware -> extract binary -> strings -> find low hanging fruits -> Win :))

POC of CVE-2020-3187 #BugBounty #bugbountytip

Bug Poc XSS #2 Challenge Writeup Thanks for this great challenge BugPoC medium.com/@osama.alaa/bu…

Alhamdulillah, P1 Warrior and MVP Q2 Achievements Thanks bugcrowd bugcrowd.com/blog/congratul… bugcrowd.com/blog/congralat…

Bug Poc LFI Challenge Writeup - Stealing /etc/passwd , AWS Metadata , and source code. - Makeing quick source code analysis Thanks BugPoC medium.com/@osama.alaa/ss… #lfi #ssrf

الحمد لله Thanks @eLearnSecurity #eWPTX

Finally finished HackerOne ctf individually with a hint in challenge 11 , it wasn't a human challenge :D Thanks Adam Langley for this wonderful ctf especially Evil Quiz and attack-box challenges #ctf

Write-up of #hackyholidays CTF , Thanks Adam Langley for the challenges. osama-alaa.medium.com/h1-ctf-grinch-… #bugbounty #bugbountytips #infosec #hackerone #ctf

Cloudflare XSS bypass in input tag : Payload : onfocus=alert(1) autofocus> Don't rely on public payloads to bypass WAFs , as most of them won't work :D You have to craft your own payload . #xss #bypass #bugbountytip #BugBounty

That what happens when my internet speed is slow :D

An unauthorized server-side request forgery (SSRF) vulnerabilities (#CVE-2021-21973) POC

Unauthenticated RCE in VMware View Planner (#CVE-2021-21978) POC Advisory: vmware.com/security/advis…

Insecure Java Deserialization leading to RCE (CVE-2021-27335) in one of the common Banking Applications discovered by one of Malcrove - Next Generation Security team members: malcrove.com/kollectapps-in…

الحمد لله VMware fixed two vulnerabilities in vCenter server: CVE-2021-21992 >> XML parsing denial-of-service vulnerability CVE-2021-21993 >> SSRF vulnerability For more info vmware.com/security/advis…