d3fp4r4m @defparam Twitter profile

Last Seen Profiles

@augustjbrown

@gsrcup

@xen_artist

@cryptonomista

@RBRisers

@Harun29901725

@CosgroveLab

@_9980021

@lndvdr

@callsignvector

@bokeplokalmalam

@tomceoo10

@ShowtimeTyree

@B_quiet84

@sookiematahari

@BeastBoundLive

@SamMtfc

@APerpall58365

@SefSef88198

@UCU_OLDHAM

@digitalxroads

@KrissiCarter

@braadrcolu

@golobor

@bokeplokalmalam

@stw_pdg

@UCalculado

@stw_yang

@suttons_seeds

@bnt1540515

@paulholleran1

@kanthonyanti

@ThreeCare

@shopshi

@JLGalindo1

@Proudly_Alone

d3fp4r4m

@defparam

2 months

9

139

2K

d3fp4r4m

@defparam

4 years

Thanks to everyone for watching my talk! Here are the slides used: (video re-post will be handled by @nahamsec ) pdf: pptx: (has the animations)

Practical_Attacks_using_HTTP_Request_Smuggling.pptx

drive.google.com

7

238

610

d3fp4r4m

@defparam

4 years

A new fully disclosed HTTP Request Smuggling ATO report from yours truly. Thanks @prateek_0490 and @Zomato for working to help kill this nasty bug. 🙏

Zomato disclosed on HackerOne: Stealing Zomato X-Access-Token: in...

Account takeover vulnerability using HTTP Request Smuggling and Desync attacks, this time through Akamai en route to Zomato. A big thanks to Zomato and Akamai for working with me to fix these...

hackerone.com

13

162

528

d3fp4r4m

@defparam

4 years

My talk is up next on #NAHAMCON2020 stream. As an extra treat I've made public my tooling called Smuggler used to find HTTP De-synchronization. Enjoy!

GitHub - defparam/smuggler: Smuggler - An HTTP Request Smuggling / Desync testing tool written in...

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 - defparam/smuggler

github.com

6

135

356

d3fp4r4m

@defparam

2 months

8

29

282

d3fp4r4m

@defparam

4 years

So naturally the first thing I want to try is MiniPC M.2 M-key -> M.2 M-key to PCIe x16 adapter -> PCIe to PCI adapter -> PCI to PCIe adapter -> a TPLink PCIe Gigabit Ethernet controller. Any takers on if this monstrosity of a PCI hierarchy will link up and enumerate?

11

63

244

d3fp4r4m

@defparam

4 years

I developed a 1-python file snapshot-based fuzzer example to show the power of snapshot fuzzing even if your fuzzer loop is in pure python. This is just an educational toy fuzzer. Inspired by @gamozolabs , based on @h0mbre_ 's blog

6

42

236

d3fp4r4m

@defparam

4 years

Practical Attacks using HTTP Request Smuggling from #NahamCon2020

Practical Attacks Using HTTP Request Smuggling by @defparam #NahamC...

Live Every Tuesday, Saturday and Sunday on Twitch:https://twitch.tv/nahamsecSlides:https://drive.google.com/file/d/1iC0972G4meFPGTmqfs8g61qat7ZYLQgf/viewFoll...

www.youtube.com

10

53

216

d3fp4r4m

@defparam

4 years

Hey all! first blog post. Are the popular fuzzers just for binary exploitation? In this blog post I outline how you can find logic issues in web-related regular expressions using differential fuzzing. (spoiler: 29 lines of python using Google Atheris)

Finding Issues In Regular Expression Logic Using Differential Fuzzing

Regular expressions (or commonly known as regex) have been used for years to provide developers a quick way to pattern match or parse…

defparam.medium.com

1

86

208

d3fp4r4m

@defparam

5 years

So I did promise blog posts on RS CLTE-style attacks, I guess this will have to do for now. Often times with RS hijacking you can throw a victim into an open redirect to steal their tokens/cookies. Many thanks to @SlackHQ for fixing this within 24-hours of discovery #bugbounty

publiclyDisclosed

@disclosedh1

5 years

Slack disclosed a bug submitted by defparam: - Bounty: $6,500 #hackerone #bugbounty

1

84

224

22

54

204

d3fp4r4m

@defparam

2 years

Example of using Turbo Intruder in a "listen and attack" mode. A hidden secret: you can have turbo intruder scripts use the burp plugin API. Here we use burp.IProxyListener to intercept requests and reissue them inside turbo intruder mutating the method.

Example of using Turbo Intruder in a "listen and attack" mode. Because turbo intruder's jython...

Example of using Turbo Intruder in a "listen and attack" mode. Because turbo intruder's jython interpreter is technically inside burp you can have turbo intruder scripts u...

gist.github.com

6

44

190

d3fp4r4m

@defparam

3 years

Be careful running turbo intruder on an endpoint that triggers snail mail. Luckily it was only 40 requests📨♻️

4

9

177

d3fp4r4m

@defparam

3 years

New blog post for pentesters and bug bounty hunters: A walk though on how to set up Burp Suite for iOS App testing on both a physical jailbroken iOS device and also an emulated jailbroken iOS device on @CorelliumHQ #bugbounty

iOS App Testing Through Burp on Corellium

Introduction

defparam.medium.com

4

63

152

d3fp4r4m

@defparam

4 years

Can anyone take a guess what my talk will be on? Practical HTTP Request Smuggling Attacks :)

Ben Sadeghipour

@NahamSec

4 years

Excited to announce #NahamCon with @stokfredrik , @_johnhammond and @thecybermentor on Junst 13, 2020 with talks from @samwcyo , @TomNomNom , @snyff , @Jhaddix , @intigriti , @Jhaddix , @zseano , @defparam , @ChloeMessdaghi , @jcran , and more! Website will be live later :)

16

148

706

6

20

142

d3fp4r4m

@defparam

4 years

What is HTTP Response Queue Poisoning? Check out my talk "Practical Attacks using HTTP Request Smuggling" this Saturday There I will share 3 common techniques I used in past RS reports and 2 PoCs demonstrations of session stealing :) Bonus: I may be releasing some tools ;)

Ben Sadeghipour

@NahamSec

4 years

Everything you need to know about #NahamCon : Schedule: Discord: CTF: Donate: Thank you @TheParanoids , @eLearnSecurity , @intigriti , @yeswehack , @Bugcrowd , @SynackRedTeam & @Hacker0x01 !

14

111

355

9

27

146

d3fp4r4m

@defparam

5 years

0

37

119

d3fp4r4m

@defparam

3 years

Never thought smuggler would reach ~1k stars on github with ~200 forks. Thanks y'all for the support! I'm hopeful we did our part crushing this severe bug class.

GitHub - defparam/smuggler: Smuggler - An HTTP Request Smuggling / Desync testing tool written in...

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3 - defparam/smuggler

github.com

3

21

108

d3fp4r4m

@defparam

5 years

Here are a couple of things some HTTP reverse proxies normalize which requires careful parsing #bugbountytip Absolute Endpoint Normalization: Frontend: GET https://<host>:<port>/ep HTTP/1.1 ... Backend: GET /ep HTTP/1.1 Host: <host>:<port> ...

6

26

110

d3fp4r4m

@defparam

4 years

Gist of the Day - Turbo Intruder Cluster Bomb with Smart Filtering. 100 line script to dirsearch a host using different HTTP methods with Smart Filtering of responses with common status+length

Gist of the Day: Turbo Intruder Cluster Bomb with SmartFiltering

Gist of the Day: Turbo Intruder Cluster Bomb with SmartFiltering - cluster.py

gist.github.com

5

41

108

d3fp4r4m

@defparam

4 years

Fuzzing community: any write ups on clever tips/tricks/methods around developing harnesses? I would love to read more about practical harness development when hard to reach surfaces aren’t given to you in a nice clean API. i.e: enjoyed reading this one:

3

27

103

d3fp4r4m

@defparam

5 years

Why go for impact? Write descriptive reports? Give PoC + Video? because your duplicate may turn into a paid out Crit if the program prefers your report over the first finder. Shout outs to this h1 priv program, thats how you run a bounty program. #togetherwehitharder #bugbounty

5

6

96

d3fp4r4m

@defparam

3 years

When choosing a good bounty program on h1 you really need to look at all the program data altogether. Unfortunately the h1 directory doesn't list all data and all programs in a single view. I wrote a tool called h1stats to scrape data into 1 CSV

GitHub - defparam/h1stats: a tool that compiles a csv of all h1 program stats

a tool that compiles a csv of all h1 program stats - defparam/h1stats

github.com

5

23

98

d3fp4r4m

@defparam

8 months

@hakluke I don’t understand how anyone could say that with such confidence. I’d be reluctant to say that with my simple home network. I guess blind confidence gets you that top job

0

1

94

d3fp4r4m

@defparam

5 years

I'm glad a lot of people are resonating with the way I explained this RS CL.TE attack in the report. I'm a visual learner so I always go to diagrams to understand or convey technical concepts. Here are the diagrams from the report

6

23

94

d3fp4r4m

@defparam

4 years

Today is the day, come join #NAHAMCON2020 and watch the talks. Come see my talk (roughly 1:30PM PDT), I'll have a couple new git repos going live 😎

Ben Sadeghipour

@NahamSec

4 years

We are live!

4

32

134

1

11

91

d3fp4r4m

@defparam

6 years

Page Walking Cheat Sheet: Architecting a page walker on FPGA. Tired off looking up this info over and over. Placing it here hoping that it helps others and "future me" #wininternals #fpga

5

23

89

d3fp4r4m

@defparam

5 years

Finally made it to the 4-digit club. You guys are tough to keep up with. #togetherwehitharder

9

1

88

d3fp4r4m

@defparam

1 year

shubs

@infosec_au

1 year

For a few months, @samwcyo , @bbuerhaus , @rhyselsmore and I focused on hacking EPP servers / ccTLD zones. We're disclosing our work today on the hackcompute blog: Our efforts in this space led to the ability to control the DNS zones of the following

16

249

685

1

7

85

d3fp4r4m

@defparam

4 years

Sigh... people keep getting startled by double HTTP responses in burp thinking that it is HTTP Request Smuggling when it's actually HTTP Request Pipelining

4

23

79

d3fp4r4m

@defparam

5 years

To continue research into how broken HTTP/1.1 reverse proxies are I wrote a fuzzing framework to throw mutations at reverse proxies (with backend observation). I've only gone couple hours into testing before I found some serious issues. Time to report!

4

9

74

d3fp4r4m

@defparam

3 years

Haptyc - A Test Generation Framework for Turbo Intruder. This library adds payload position support and Sniper/Clusterbomb/Batteringram/Pitchfork attack types into Turbo Intruder. Enjoy!

GitHub - defparam/haptyc

Contribute to defparam/haptyc development by creating an account on GitHub.

github.com

0

32

74

d3fp4r4m

@defparam

2 years

The commit has a very detailed write-up on this bug for those who enjoy HTTP header exploits

BUG/CRITICAL: http: properly reject empty http header field names · haproxy/haproxy@a8598a2

The HTTP header parsers surprizingly accepts empty header field names, and this is a leftover from the original code that was agnostic to this. When muxes were introduced, for H2 first, the HPACK ...

github.com

James Kettle

@albinowax

2 years

HAProxy CVE-2023-25725 sounds like it might be a Connection header exploit... just like #7 from the top 10 hacking techniques of 2022:

5

51

185

4

20

74

d3fp4r4m

@defparam

4 years

Welcome all new followers, I didn’t expect my work to attract so many, thanks a ton for your interest in niche bugs! I’m not necessarily a content creator but I do love to share my findings/work/research with the community when possible. Pax et Amor ☮️❤️

5

1

72

d3fp4r4m

@defparam

1 year

I don't know about y'all but over the weekend I played around with single-packet attacks on stateful endpoints. There's a lot of weirdness out there... It's super easy to issue them in the repeater too. I have a hunch that this is going to create a lot of "fun" problems

James Kettle

@albinowax

1 year

Thanks to everyone who came to the #DEFCON31 edition of Smashing the State Machine! I'll be hanging around chilling for the next couple of days; feel free to say hi. Hope the techniques yield many crazy bugs for you in future :)

4

47

225

2

6

70

d3fp4r4m

@defparam

4 years

Any interest on a starting a discord server primarily focused on Web Security Research and Tooling? No discussion of bug bounty, bug bounty support. Sort of keeping it research based/academic for researchers + tool devs? Does this exist already? @garethheyes @albinowax @Agarri_FR

15

4

71

d3fp4r4m

@defparam

5 years

10 Triaged Crit/P1, 1 Triaged High, 2 Triaged Medium. All of them HTTP Desync bugs in the span of 2 months (The crits being session cookie/token stealing). This bug class is real and needs more attention...

6

5

71

d3fp4r4m

@defparam

4 years

In a recent @Hacker0x01 collaboration with none other than Mr. @NahamSec , We got a HIGH on one HTTP Request Smuggling report that turned into an MS IIS Advisory. If you run IIS take a look

Ben Sadeghipour

@NahamSec

4 years

Did some hacking with @defparam a while ago and didn't expect this to come out of it: ADV200008 | Microsoft Guidance for Enabling Request Smuggling Filter on IIS Servers 😂

1

9

111

2

3

69

d3fp4r4m

@defparam

4 years

I’m super happy people are finding weird issues and responses with . Sadly I can’t help everyone escalate from there. Every infrastructure is different. Similar to finding signs of SQLi or Java Deserialization, Desync attacks may need very specific payloads

3

4

65

d3fp4r4m

@defparam

4 years

Random tip: If you watched a technical con talk several months ago on a topic you've been researching/testing since then, go back and re-watch the old talks. It's amazing how many subtle details start to "click in" and make sense the second/third/fourth time around. #bugbountytip

2

12

64

d3fp4r4m

@defparam

4 years

Youtube links aren’t up yet but If you want to check out the video to my talk “Practical Attacks using HTTP Request Smuggling” you can hit up the Nahamcon2020 twitch archive link here: (at 4:28:00) Response Queue Poisoning explained at the end of the talk

Twitch

Twitch is the world's leading video platform and community for gamers.

www.twitch.tv

1

9

62

d3fp4r4m

@defparam

5 years

With "Cached and Confused: Web Cache Deception in the Wild" taking the #1 spot, and @albinowax 's HTTP Desync Attacks being the community favorite can we all admit now that proxying HTTP traffic through these "transparent proxies" fundamentally breaks HTTP?

PortSwigger Research

@PortSwiggerRes

5 years

Top 10 new web hacking techniques of 2019

7

760

1K

2

15

58

d3fp4r4m

@defparam

4 years

@s0md3v Here in an example of a JSON/Structure aware fuzzer I wrote for turbo intruder. On queueRequests I create a nice abstraction to parse, iterate, modify every value in a JSON body and issue out a test for each mutation/value.

Turbo Intruder JSON Fuzzing Example using JSONAccessor

Turbo Intruder JSON Fuzzing Example using JSONAccessor - json_fuzz_poc.py

gist.github.com

1

18

58

d3fp4r4m

@defparam

1 year

It would have never crossed my mind to realize that as hobbyists we have the PCB manufacturing capabilities today to completely interpose a 150 pin CPU from the 2000s...

JTAG 'Hacking' the Original Xbox in 2023

Released in November 2001, the original Xbox was Microsoft’s first venture into the game console industry. With its hardware closely resembling a cheap but v...

blog.ret2.io

3

9

55

d3fp4r4m

@defparam

4 years

An older write-up but a good story of using structure aware fuzzing to find bugs in PHP unserialize. Specialized fuzzers like this can be very powerful.

0

15

56

d3fp4r4m

@defparam

5 years

Looking to give back to the community, I studied . @albinowax 's HTTP Request Smuggling research, took his payloads from his BURP plugin code and create a testing tool in python called Smuggler. !!TIMEOUT!! == potential issue. Hoping to release by next week. #togetherwehitharder

10

54

d3fp4r4m

@defparam

3 years

h2echo - an extremely permissive h2 webserver for the purpose of visualizing malformed h2 requests. finishing up this and h2smuggler in order to provide commandline alternatives to burp's h2 testing tools and to make it easier for others to research in this area (more to come)

3

54

d3fp4r4m

@defparam

4 years

If you enjoy FPGAs and hacking PCI, here is a reference platform for all that I've used to build PCI devices on the DE0-Nano FPGA board and test on x86 SBCs. I can confirm it working enumerating my "1337"-Communication Controller. Enjoy!

2

6

52

d3fp4r4m

@defparam

4 years

It certainly does! PCI/PCIe is a fairly well written spec with special care to backwards compatibility. Those pericom chips on the Startech adapter boards are pretty nifty too.

2

1

52

d3fp4r4m

@defparam

1 year

Everyone purchase your ferraris, I found naffy's secret hes been trying to hide from us

Nathaniel

@nnwakelam

1 year

like $120k USD in the past couple weeks we out here

6

0

69

4

7

47

d3fp4r4m

@defparam

5 years

h1passets - I created a tool that will print all your HackerOne private program URLs that are in-scope and eligible for bounty to stdout #BugBounty

GitHub - defparam/h1passets: List HackerOne private program assets

List HackerOne private program assets. Contribute to defparam/h1passets development by creating an account on GitHub.

github.com

1

14

45

d3fp4r4m

@defparam

5 years

This is actually my first bounty ever awarded to me. Thanks @NahamSec for your @Twitch streams which got me started on this journey. I'm glad to hear that you are back! #TogetherWeHitHarder

7

2

49

d3fp4r4m

@defparam

4 years

New server day🎉 Supermicro 92 cores - Quad Xeon - 768GB ECC DDR4. Just in time for several fuzzing harnesses I whipped up, also I get to warm my cold basement a little, Win/Win.

5

2

49

d3fp4r4m

@defparam

1 year

This LK-99 stuff feels like a insane CVE with everyone patch-diffing for a PoC

1

5

43

d3fp4r4m

@defparam

4 years

Smuggler is used for non-destructive recon, for issuing actual desync attacks take a look at my turbo intruder scripts here:

GitHub - defparam/tiscripts: Turbo Intruder Scripts

Turbo Intruder Scripts. Contribute to defparam/tiscripts development by creating an account on GitHub.

github.com

2

11

44

d3fp4r4m

@defparam

6 years

- I finally released BAR-Tender v0.1 - A UMDF2 driver/app framework to provide easy local physical memory access through the PicoEVB FPGA mapped I/O device. Use this as a foundation for your DKOM/Kernel hacking and Win64 FPGA acceleration needs 😈

2

17

43

d3fp4r4m

@defparam

2 months

Random Gist: cidr scrapper

0

2

41

d3fp4r4m

@defparam

4 years

Learn how to reverse engineer Android application APIs

1

16

38

d3fp4r4m

@defparam

4 years

PCIe is a little too modern for me. So I decided to create a PCI adapter board for my DE0-Nano and hook it up to the Startech PEX1PCI1 . I have no functions to show yet but I am writing my config space driver in verilog and able to see the queries in signaltap. That is all!

4

3

37

d3fp4r4m

@defparam

3 years

People upset about bug dupe rules on Pwn2Own/ZDI. Hackers on @Hacker0x01 @Bugcrowd with hundreds of non-paid dupes over the years:

dragosr

@dragosr

3 years

@ryanaraine Sincerely I don’t get it. So many folks have been burned by that, changing that rule at this time would be exactly the wrong message to send. And frankly I don’t think it’s changeable. Vendors are always restrictive with bounties, first one in gets the prize, literally.

1

2

18

0

2

38

d3fp4r4m

@defparam

3 years

Thinking about updating smuggler to support more test variations and the latest HTTP/2 research. 🤔 I did some work tonight on HTTP/2 and it looks feasible

2

3

36

d3fp4r4m

@defparam

4 years

#BasementLab , when you need to go deep on a target 😈. prepping the lab for some HW/IoT testing this week

1

0

37

d3fp4r4m

@defparam

3 years

My talk on Haptyc is up soon at Being able to specify positional tags on your Turbo Intruder requests gives testers a ton more power to test random mutations in an easily expressible and constrained way. Github link coming up soon. #hacktivitycon2021

1

8

36

d3fp4r4m

@defparam

4 years

Honestly I find this to be the fastest way to set or switch server / protocol configurations in Burp Repeater

👣

@_sawzeeyy

4 years

Never knew one could "Paste URL as request" in Burp until I watched @defparam 's talk at #nahamcon yesterday 🧐

6

22

147

1

6

34

d3fp4r4m

@defparam

7 years

I'm thinking about starting a twitch stream on low-end FPGA development and my retro projects. There are lots of trick in FPGA dev that I think would be fun and useful to publish...

1

3

36

d3fp4r4m

@defparam

4 years

hehe, good job varnish

2

1

34

d3fp4r4m

@defparam

4 years

After 8 years working on hardware architecture and FPGAs for @AlteraCorp / @IntelFPGA , yesterday was my last day. I will miss my co-workers. Going forward I’m excited to be shifting my career focus to infosec and web security. More details to come 🙂

4

0

35

d3fp4r4m

@defparam

1 year

Thank god they were able to implement native support of Ads and telemetry before these useless features

BleepingComputer

@BleepinComputer

1 year

Windows 11 is getting native support for 7-Zip, RAR, and GZ archives formats in an update coming this week.

64

182

1K

2

6

35

d3fp4r4m

@defparam

3 years

Btw, if you hadn’t figured it out yet Jonathan Scott is just some campaign exploiting Cunningham’s law to DoS infosec researchers into wasting time on Twitter rebutting baseless claims. And it’s working pretty damn well

1

35

d3fp4r4m

@defparam

4 years

Just a kind PSA to users of : Please don't report the results of a scan directly to BB programs as a bug without manual confirmation. errors are not direct evidence of a vulnerability. Show impact, not logs

5

35

d3fp4r4m

@defparam

1 year

@ajxchapman @Michael1026H1 @_StaticFlow_ Oh btw, I have to bring this up because I just watched @G0LDEN_infosec ’s amazing defcon talk. If you are thinking about dipping your feet into designing serverless workloads for your automation/semi-automation check out his talk:

DEF CON 31 Recon Village - Gunnar Andrews - How I Built Recon to...

In the current cybersecurity scene, there is many different ways to perform recon. You can log into your server and run commands or write scripts until the s...

www.youtube.com

3

2

35

d3fp4r4m

@defparam

4 years

Decided to look up the history/format of the "User-Agent" string. It's cursed🤦‍♂️

0

6

34

d3fp4r4m

@defparam

5 years

@TomNomNom - Scheduling meetings at comfortable times (if timezone is an issue) - If the co-located team goes out for company sponsored lunch I've been given budget to take my fiancee out to dinner

1

0

34

d3fp4r4m

@defparam

1 year

Want the easiest start in full automation? Literally create a single python script that does 1 security check and has a slack webhook that fires if the check hits. Throw that script on AWS Lambda or Digitalocean Functions with a daily execution schedule and forget about it.

5

3

33

d3fp4r4m

@defparam

5 months

@ErrataRob Reminds me of the hell one person (a security researcher no less) willingly went through when they decided to purchase the California vanity license plate 'NULL'

How a 'NULL' License Plate Landed One Hacker in Ticket Hell

Security researcher Joseph Tartaro thought NULL would make a fun license plate. He's never been more wrong.

www.wired.com

1

4

32

d3fp4r4m

@defparam

4 years

OK a couple interesting things about this request smuggling bug: 1) My picked up on it for only the DELETE verb (I hadn’t seen that before) 2) The issue manifested somewhere in Akamai

2

6

31

d3fp4r4m

@defparam

3 years

Welp, just when I thought I walked away from Request Smuggling @albinowax pulls me back in…

PortSwigger Research

@PortSwiggerRes

3 years

HTTP/2: The Sequel is Always Worse by @albinowax

14

497

1K

0

1

33

d3fp4r4m

@defparam

4 years

@lavados @tugraz @tugraz_csbme Ah, paging!

3

6

33

d3fp4r4m

@defparam

6 years

With a lot of cool FPGA-based projects being written in Migen these days I decided to jump head first into it tonight. Here is a write up of my LED driver written in Migen. My early impressions are that I really enjoy it, but need way more practice.

Hello World for FPGA (in Migen)

A Nifty Collection of Tales & PoC

reconfig.io

4

6

32

d3fp4r4m

@defparam

3 years

hello world

1

2

31

d3fp4r4m

@defparam

5 years

While retro enthusiasts argue over FPGA vs. Emulator I went the "Why not both?" path and integrated an FPGA RTL simulation model into Higan (cc @byuu_san ). Instead of fighting, both groups can actually help each other move forward to the same goal :)

Verilator / Emulator - Co-simulation Model

Description Here: https://github.com/defparam/higan-verilog

www.youtube.com

3

6

32

d3fp4r4m

@defparam

4 years

Next research path will be into binary fuzzing, Looking to buy a decent fuzzing rig to start out, i’m thinking dual-socket Gold Xeons around 32 cores with around 256GB ram. Input welcomed, not cost constrained at the moment but starting small

9

1

31

d3fp4r4m

@defparam

3 years

For those who use Turbo Intruder day-to-day, check out response decorators for response matching/filtering. I created these decorators for everyone to use who wants fuff-like matches/filters applied in turbo intruder as 1 line function decorations. Enjoy!

James Kettle

@albinowax

3 years

Turbo Intruder 1.21 was just released, with a shiny new way of filtering responses by @defparam . Check out the docs:

1

30

134

5

1

30

d3fp4r4m

@defparam

4 years

Taking a little break from websec to do a little hardware hacking tonight (FPGAs/PCIe/PCI specifically). I received my Seeed Odyssey board, these Celeron J4105-based MiniPCs are pretty nifty. I also have some M.2 adapter boards, PCIe-2-PCI bridge and PCI-2-PCIe bridge

2

3

31

d3fp4r4m

@defparam

10 months

We don’t know everyone’s story to pirate, I’ve definitely dabbled in keygens when I was a teen and had no other money. One pro move would be for bounty programs to gift a pro license if they see evidence of cracked software in a valid report. Everyone wins

Baklava Monster

@ant0inet

10 months

"ethical" hackers using cracked @Burp_Suite in #bugbounty submissions 🤷‍♀️

29

25

270

2

1

30

d3fp4r4m

@defparam

3 years

0

1

29

d3fp4r4m

@defparam

4 years

This. This is why at times I enjoy building my own tools even tho there already exists known popular ones in the community. The abstraction some tools create: 1) dulls your knowledge on what is going on at a low level and 2) forces you to follow a specific author's abstraction

SwiftOnSecurity

@SwiftOnSecurity

4 years

Tools can also dull your skills. When everything you experience about a system is filtered through a disparate set of other people’s interpretations, you cannot connect underlying dots and behaviors you would readily observe if forced to do so directly using the native toolset.

3

15

117

3

5

28

d3fp4r4m

@defparam

5 years

An HTTP Request Smuggling CL.TE bug lets you redirect a victim connection to a forged endpoint with GET parameters. FYI you can execute a forged graphql query this way on the victim by using: GET /graphql?query=<query> #bugbountytip

0

8

28

d3fp4r4m

@defparam

3 years

honeymoon #maui

2

0

28

d3fp4r4m

@defparam

4 years

Hey all, I open sourced an RTL implementation of a PCI core and an 8250-compat PCI UART function. In the demo I create a serial port function to interface with an on-board nios2 processor. With this design, low-end FPGA devs can start tinkering with PCI !

GitHub - defparam/PCI2Nano-RTL: An open source FPGA PCI core & 8250-Compatible PCI UART core

An open source FPGA PCI core & 8250-Compatible PCI UART core - defparam/PCI2Nano-RTL

github.com

1

6

28

d3fp4r4m

@defparam

3 years

Orange Tsai is a vuln finding robot 🤖

Orange Tsai 🍊

@orange_8361

3 years

Originally, I was very depressed about the bug collision(the SSRF part in #ProxyLogon exploit) with bad APT groups☹️ So I decided to sit down and dig for a new one... Here it is!

17

116

451

1

2

28

d3fp4r4m

@defparam

2 years

I hate you with the fiery passion of a thousand burning suns, scorching every fiber of my being and leaving nothing but smoldering ashes in its wake

3

2

27

d3fp4r4m

@defparam

4 years

Give this man a 128-pack of redbull

Nagli

@galnagli

4 years

Extracting sessionID from RXSS on redbull domain #BugBounty

6

4

80

2

0

26

d3fp4r4m

@defparam

5 years

My alter ego from Security is #FPGA Architecture. My first patent as . @IntelFPGA was approved! This an architecture that allows for OpenCL kernels on one FPGA to communicate to OpenCL kernels on other FPGAs directly over network to scale on a common workload. #iamintel

1

27

d3fp4r4m

@defparam

5 years

Also shout outs to @paypal security, @Grabsg security and @Zomato security who have in the past provided bonuses for descriptive write-ups, fast communication and availability for re-test

2

27

d3fp4r4m

@defparam

3 years

What do you get when you combine Turbo Intruder and Burp Collaborator? Turbo Collaborator! Look mom, it auto-binds ping backs to the requests that cause them. Inject those collab urls everywhere Worked on some weird TI scripts last night..

2

3

27

d3fp4r4m

@defparam

5 years

It's a pleasure working with the @Zomato security team. @prateek_0490 and his team rocks. #togetherwehitharder

2

3

27

d3fp4r4m

@defparam

4 years

Whispers v0.1 - A conceptual websec tool PoC - About ~450 lines of python + IMGUI bindings I wrote over the weekend. Works on Linux/Win. Perhaps the beginnings of a nice visual open source websec tool. I'm thinking of leveraging MITMProxy for web analysis #bugbounty

0

5

25

d3fp4r4m

@defparam

6 years

Sorry to spoil the surprise but I couldn't help but notice that RHSResearchLLC which made the PicoEVB and NanoEVB is making a MicroEVB () 😀 - Xilinx Artix-7 200T part - PCIe Gen2x4 (20 Gb/sec) - 512Mb DDR3 - M.2 key M 2280

0

5

26

d3fp4r4m

@defparam

11 months

Having the capability of asking "dumb questions" in a vast dataset of a burp project is basically the start of any interesting research. I can see why this is a powerful tool

PortSwigger Research

@PortSwiggerRes

11 months

Wrote a bamda to detect HTTP responses containing a space in the header name... not sure what we were expecting to find but it definitely worked return requestResponse.response().headers().stream().anyMatch(e -> ().contains(" "));

2

12

129

1

3

26

d3fp4r4m

@defparam

2 years

@realytcracker tearin’ it up @reconmtl

2

1

26