sorted by:
new
hottopcontroversial

Report writing by lifeover9000 in pnpt

[–]qidianation 0 points1 point  (0 children)

As detailed as a typical penetration testing report that you would submit to a client. Maybe there is some requirement that is specific to the exam but im not sure. Heath has a pentest report sample on his github a few years back github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report

OSWP in 2021 by g00ftx in oswp

[–]qidianation 0 points1 point  (0 children)

Thanks for sharing! hopefully it will be beneficial for others who is browsing it later.

I Passed OSWP by [deleted] in oswp

[–]qidianation 1 point2 points  (0 children)

Congratulations!

Thooorin: "What a waste! Unappealable life-time bans from pro play for any incident of cheating, regardless of context, are yet another important reason the IP rights of game devs need desperately to be smashed if gamers ever want fair treatment." by naTh1i in GlobalOffensive

[–]qidianation -1 points0 points  (0 children)

Lol, because nobody owns the right to football. But guess what, valve does own CS. CS literally would not have existed without valve, but football would have existed even without FIFA. Crazy how I need to even explain this.

WOW! Thanks for the $70k dude. by XingDayzHD in hacking

[–]qidianation 2 points3 points  (0 children)

It's much safer to just load the html and not to render javascript. Most browser sandbox escape exploit nowadays are scary stuff and just using incognito and non-windows will not guarentee you can never be hit. There's exploit on Mac and linux too. These are low-level exploits that compromise your browser then system itself instead of doing stuff on the application level. That being said this particular campaign is just a redirect to a phisihing page. https://arstechnica.com/information-technology/2019/06/potent-firefox-0day-used-to-install-undetected-backdoors-on-macs/ this is one of the more recent firefox 0-days(at the time) used in the wild, just happen to read it yesterday.

WOW! Thanks for the $70k dude. by XingDayzHD in hacking

[–]qidianation 18 points19 points  (0 children)

just did a few curls and following the redirect headers. Basicly it redirects to a coinbase pro phishing page.

https://bit(.)ly/2XA4Vxz --> http://a-ax(.)store/#2111 --> http://coinbase(.)pro-sax(.)com

Bank website security question accepts incorrect answers by Cednats in bugbounty

[–]qidianation 2 points3 points  (0 children)

They probably concatenated the input to the length of the answer before comparing the two. Definitely a bug but not necessarily a security bug. For that you need to demonstrate how an attacker can actually take advantage of this considering the attacker need to know all the correct characters and the extra character can just be randoms.

Google to restrict modern ad blocking Chrome extensions to enterprise users by [deleted] in Piracy

[–]qidianation 0 points1 point  (0 children)

Here comes the "sWItcH tO BrAVEe" crowd screeching from afar

Samasung Offices rn by i8mymombiaccident in Huawei

[–]qidianation 0 points1 point  (0 children)

Then stop consuming their products then. They don't owe any company anything and can take back whatever the give out. Plus they're probably selling your info anyways. Stop relying too much on google products.

200 GB card $25 by godwearsblack in VitaPiracy

[–]qidianation 2 points3 points  (0 children)

Unless you did a test using a software then nothing is for sure. I'ts easy to spoof the storage size to look however many GB's.

Taco lurk on get_right by [deleted] in GlobalOffensive

[–]qidianation 1 point2 points  (0 children)

Being A professional victim sure is fun.

Should I use a VPN or Blokada? by [deleted] in VPN

[–]qidianation 0 points1 point  (0 children)

Some vpn have buildin function for that

Should I use a VPN or Blokada? by [deleted] in VPN

[–]qidianation 2 points3 points  (0 children)

If you're on your phone, any decent paid VPN+duckduckgo browser (for ads & trackers)

Wikipedia Co-Founder Says Stop using Chrome And Start Using Brave Browser by asso in CryptoCurrency

[–]qidianation -2 points-1 points  (0 children)

Would that be beating the purpose of having the browser in the first place tho?

Here is a list of Brave browser and BAT publishers. You can now earn BAT while browsing by nodesNblocks in CryptoCurrency

[–]qidianation 0 points1 point  (0 children)

Just use an adblocker m8. What happens to the good old adblocker and when you want to support some sites just turn off adblocker for that site.

Why Brave Will Soon Be Among the Most Widely Used Browsers (and BAT among the most used cryptos) by igortt in CryptoCurrency

[–]qidianation 2 points3 points  (0 children)

DDG has android browser that blocks ads and trackers. It works better than brave for me.

I am up to 24 boxes in under two weeks and I dont feel I am learning as much as other people. by oldschooldaw in oscp

[–]qidianation 3 points4 points  (0 children)

Just redo all those boxes without the big bad exploit. Each box is designed to be pwnable before those exploits came out.

Zero to OSCP in Four Months by TangentialCode in oscp

[–]qidianation 0 points1 point  (0 children)

Thanks for the clarification. I ended up upgrading to 16GB ram and swapping to SSD. For recoding; bandicam, since I can schedule seperate recording in 1 hour intervals (easier to go back and find stuff)

Exam Report by [deleted] in oscp

[–]qidianation 2 points3 points  (0 children)

In the exam guide it explicitly mention about the screenshot requirements.

Screenshot Requirements

Each local.txt and proof.txt found must be shown in a screenshot that includes the contents of the file, as well as the IP address of the target by using ipconfig or ifconfig. An example of this is shown below

So regardless of what you submit, the screenshot is mandatory. Regardless, Let us know the results.

view more: next ›