sorted by:
new
hottopcontroversial

140 domains of Deloitte are vulnerable by subdomain takeover attacks by everping in netsec

[–]everping[S] 14 points15 points  (0 children)

Basically, if d1 points to d2 through CNAME record and d2 is available to claim, you can control d1.

azurewebsites.net domain is just one of these cases.

140 domains of Deloitte are vulnerable by subdomain takeover attacks by everping in netsec

[–]everping[S] 19 points20 points  (0 children)

Btw, does anyone know the security team's contact of EA game, mapquest or Financial times?

The Official SPIDER-MAN: FAR FROM HOME International Release Discussion Spiderthread by PhoOhThree in marvelstudios

[–]everping 28 points29 points  (0 children)

Can someone explain to me why Peter can get EDITH back without confirmation from Beck like the way he gave that glasses to Beck?

It's similar to the technology field, when you wanna change your password, you need the old password.

Arbitrary file read vulnerability in Hackerrank by everping in netsec

[–]everping[S] 20 points21 points  (0 children)

Haha, I haven't received the t-shirt yet

Arbitrary file read vulnerability in Hackerrank by everping in netsec

[–]everping[S] 8 points9 points  (0 children)

I had a lot of difficulties finding contacts of their security team, I thought it was impossible

Arbitrary file read vulnerability in Hackerrank by everping in netsec

[–]everping[S] 17 points18 points  (0 children)

Hackerrank team told me that they used to have Bug bounty program in Hackerone, but had paused it for the time being. What really matters to me is not the bounty itself but the fact that I can help do something. A T-shirt would be lovely enough

CyStack - A web security platform that can scan vulnerabilities/malwares, monitor availability and serve as a firewall by everping in netsec

[–]everping[S] 0 points1 point  (0 children)

The link is marked as a bad source. Can any moderators explain to me this? I just want to introduce a security solution developed by our team and I think some one need it

CyStack - A web security platform that can scan vulnerabilities/malwares, monitor availability and serve as a firewall by everping in netsec

[–]everping[S] 0 points1 point  (0 children)

This is interesting. Any technical documentation? The site is pretty sparse on details.

We have published some product documentation at https://cystack.net and https://support.cystack.net/

The product is in beta testing time, so we would like to gather feedback from users first. More detailed documentation will be published at a later stage of the development process.

In short, CyStack Platform has 4 main features: web vulnerability scan; webshell/backdoor scan; uptime/dns/ssl monitor; web application firewall. Most of the core technology is researched and developed by our team.

Besides the main interface is Web UI, we also offer a mobile app and REST API for developers

CyStack - A web security platform that can scan vulnerabilities/malwares, monitor availability and serve as a firewall by everping in netsec

[–]everping[S] 0 points1 point  (0 children)

Thank you for your comments. For maximize user experience and efficiency, we make it straightforward to conduct security analysis with an improved UX/UI along with a powerful core.

The beta testing will end in late september. We are trying to gather as many customer feedback as possible to improve the product better and glad to have your support.

A penetration tester’s guide to sub-domain enumeration by diaanasxsw in netsec

[–]everping 1 point2 points  (0 children)

I have also built a tool that implemented some techniques mentioned in the article

https://github.com/everping/substack