LiveOverflow 🔴
@liveoverflow.bsky.social
Got two RTX 3090 for local AI stuff.
And yes, I do see that the thermals are not optimal 🙃
And yes, I do see that the thermals are not optimal 🙃
February 19, 2025 at 7:14 PM
Got two RTX 3090 for local AI stuff.
And yes, I do see that the thermals are not optimal 🙃
And yes, I do see that the thermals are not optimal 🙃
Fancy Bear! what are young russian hackers up to??
January 29, 2025 at 11:17 AM
Fancy Bear! what are young russian hackers up to??
This is the kind of issue where you need to change your perspective. If you are stuck with "we as the attacker want to directly access cached data", you will miss the obvious.
Turns out, we can control the cache parameter, by forcing the victim to visit the link with our value!!
Turns out, we can control the cache parameter, by forcing the victim to visit the link with our value!!
January 24, 2025 at 2:14 PM
This is the kind of issue where you need to change your perspective. If you are stuck with "we as the attacker want to directly access cached data", you will miss the obvious.
Turns out, we can control the cache parameter, by forcing the victim to visit the link with our value!!
Turns out, we can control the cache parameter, by forcing the victim to visit the link with our value!!
OP clarifies it's not the browser cache. Server-side cache would still be exploitable, right?
But no... OP explains that it's not exploitable, because an attacker cannot guess the random cache key parameter :(
But no... OP explains that it's not exploitable, because an attacker cannot guess the random cache key parameter :(
January 24, 2025 at 2:14 PM
OP clarifies it's not the browser cache. Server-side cache would still be exploitable, right?
But no... OP explains that it's not exploitable, because an attacker cannot guess the random cache key parameter :(
But no... OP explains that it's not exploitable, because an attacker cannot guess the random cache key parameter :(
Those are the real bug bounty tricks nobody talks about :P Faking bugs!!!
Jokes aside, that's not the end of the story!
A fellow hunter asks some clarifying questions. Browser cache? Server side cache? Or maybe even a service worker?
Jokes aside, that's not the end of the story!
A fellow hunter asks some clarifying questions. Browser cache? Server side cache? Or maybe even a service worker?
January 24, 2025 at 2:14 PM
Those are the real bug bounty tricks nobody talks about :P Faking bugs!!!
Jokes aside, that's not the end of the story!
A fellow hunter asks some clarifying questions. Browser cache? Server side cache? Or maybe even a service worker?
Jokes aside, that's not the end of the story!
A fellow hunter asks some clarifying questions. Browser cache? Server side cache? Or maybe even a service worker?
This is a great post on bug bounty reddit!
OP reported an IDOR, gets paid $2,000, and then realizes it never was IDOR. It's just a cached response...
OP reported an IDOR, gets paid $2,000, and then realizes it never was IDOR. It's just a cached response...
January 24, 2025 at 2:14 PM
This is a great post on bug bounty reddit!
OP reported an IDOR, gets paid $2,000, and then realizes it never was IDOR. It's just a cached response...
OP reported an IDOR, gets paid $2,000, and then realizes it never was IDOR. It's just a cached response...
When I was still early in my career, 7 years ago at 31C3, I saw
Ange Albertini's talk. His work on file formats always was one of those "aha!" moments for me.
So it was really nice to see @angealbertini.bsky.social (corkami) back again at #38C3 <3
Ange Albertini's talk. His work on file formats always was one of those "aha!" moments for me.
So it was really nice to see @angealbertini.bsky.social (corkami) back again at #38C3 <3
January 6, 2025 at 10:28 AM
When I was still early in my career, 7 years ago at 31C3, I saw
Ange Albertini's talk. His work on file formats always was one of those "aha!" moments for me.
So it was really nice to see @angealbertini.bsky.social (corkami) back again at #38C3 <3
Ange Albertini's talk. His work on file formats always was one of those "aha!" moments for me.
So it was really nice to see @angealbertini.bsky.social (corkami) back again at #38C3 <3
My cat roomate always pranks me when I don't lock my laptop
December 2, 2024 at 5:07 PM
My cat roomate always pranks me when I don't lock my laptop