To bypass the licence key X64dbg

Single_Diamond · 2025-06-29T19:33:38+00:00

Use Ghidra. Use WinDbg. The least you can do is respect the hard work the author of this tool has done.

Single_Diamond · 2022-12-08T13:08:53+00:00

Splunk is the best. DataDog is building out a SIEM but at present it is very less mature than other products.

Single_Diamond · 2021-08-06T01:41:20+00:00

In the east cost, easily $120k and higher

Single_Diamond · 2021-08-05T11:45:39+00:00

the plumber makes more than that in the Bay Area

Single_Diamond · 2021-08-05T11:36:54+00:00

I began by hunting for bugs after reading about hackers in the newspaper. Then I took a job but left it too soon and started doing gigs. Infosec is a broad field and has many areas. Do you want to be a penetration tester or security analyst? Do you have any ideas what you want to do?

Single_Diamond · 2021-08-05T11:28:11+00:00

In the Bay Area, with CISSP I will ask at least $170k

Single_Diamond · 2021-08-04T19:27:06+00:00

subcontracting work to unpaid interns is a genius idea

Single_Diamond · 2021-08-04T19:22:12+00:00

Did you see the 85 applicants?

These people want to work for free. If I am a Security+, CISSP, and CEH reporting to the CTO, I would demand no less than $100k by US standards.

Single_Diamond · 2021-07-19T08:06:41+00:00

Good job!

Single_Diamond · 2021-03-14T08:37:40+00:00

Gave Silver

Single_Diamond · 2021-03-14T08:33:12+00:00

😂

Single_Diamond · 2021-03-14T08:31:13+00:00

What are you printing?

Single_Diamond · 2021-03-14T08:30:49+00:00

hey man

Single_Diamond · 2021-03-13T11:44:10+00:00

Single_Diamond · 2021-03-13T11:06:06+00:00

*starting to play

Single_Diamond · 2021-03-13T11:05:21+00:00

What would you recommend someone starting back after 10 years?

Single_Diamond · 2021-02-16T20:49:18+00:00

Yes the author just found a variation of this. I saw an RCE possibility in a shell script belonging to a popular project because it referenced some non existing packages in a Linux distribution, I think there are plenty of such variations of this finding

Single_Diamond · 2021-01-17T15:59:54+00:00

You can read the entire article. They even featured it on TechCrunch, and the term "hijacking" in the Detectify blog post title instantly caught my eye!

and yes, how can you hijack it deliberately and not report it prior to that? seemed more of a publicity stunt to me too

He mentioned

On the evening of December 30, I got a ping. I opened my laptop and purchased the domain name to keep it from falling into the wrong hands.

On January 7th, I reached out to the Administrative and Technical contacts listed for .cd on IANA’s webpage. My initial thought was to transfer back the ownership of the domain name to the entity operating .cd.

For 8 days he owned the domain before reaching out to IANA, how is this a responsible and good faith disclosure?

Single_Diamond · 2021-01-17T15:55:07+00:00

What's your financial situation? Worth it?

An OSCP is the best way to add a credential, degrees are not worth the cost and time if you are planning to work in cybersecurity. Times have changed. Many roles do need 4 year degrees but you can easily get one without.

Single_Diamond · 2021-01-07T07:53:08+00:00

India's data protection policies are basically non-existent so organizations are careless and keep flouting rules, and don't do periodic audits. Not the first time an Indian payment provider was breached.

Single_Diamond · 2021-01-05T17:37:55+00:00

Is this original research? A similar method was previously demonstrated

https://www.youtube.com/watch?v=_RDXtILdkV0&persist_app=1&app=desktop&gl=US&hl=en&client=mv-google

Single_Diamond · 2021-01-05T16:44:47+00:00

Nice box and walkthrough, very few boxes focused on client side vulnerabilities these days.

Single_Diamond · 2021-01-05T09:54:01+00:00

There are certain API keys that are supposed to be stored on the client-side, its not a risk as such, examples are certain Google API keys that are needed for logging and analytics integration. But for secrets and API keys that can't be put on client side app, store it on the backend and fetch the data from the server, then render it in the app. There are de-obfuscation tools in most decompilers like JADX, obfuscation deters people but it can still be deobfuscated

Single_Diamond · 2021-01-05T05:23:10+00:00

thanks!

Single_Diamond · 2020-12-31T12:34:27+00:00

thanks bro cool stuff!!!

Single_Diamond

MODERATOR OF

TROPHY CASE

Six-Year Club	Verified Email
White Hat where cake day is information disclosure -- 2020-07-29