Micah Van Deusen
@micahvandeusen
Followers
288
Following
143
Media
7
Statuses
103
Pen Testing • Home Automation Addict • Works @ RSM • @[email protected]
Joined June 2015
RT @albinowax: The whitepaper is live! Learn how to win the HTTP desync endgame. and why HTTP/1.1 needs to die:
http1mustdie.com
Upstream HTTP/1.1 is inherently insecure, and routinely exposes millions of websites to hostile takeover. Join the mission to kill HTTP/1.1 now
0
250
0
Search 15M+ Microsoft 365 tenants by org name or domain and discover all known domains in the same tenant: Legacy methods like Autodiscover/GetFederationInfo no longer work (.
7
75
302
RT @Gonski47: Wrote a blog on CVE-2023-5830 which is a critical (CVSS 9.8) security vulnerability in ColumbiaSoft's Document Locator. Shout….
blog.gonskicyber.com
Overview of critical CVE-2023-5830 vulnerability in ColumbiaSoft's Document Locator, allowing full data compromise via SSRF attack. Learn mitigation steps
0
8
0
RT @wunderwuzzi23: 👉 Let ChatGPT visit a website and have your email stolen. Plugins, Prompt Injection and Cross Plug-in Request Forgery.….
0
254
0
RT @_Mayyhem: With any creds, you can coerce auth from a computer account (e.g., with @topotam77's PetitPotam) and use @Tw1sm's fork/PR of….
0
53
0
RT @PortSwiggerRes: The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2022!.
portswigger.net
Welcome to the Top 10 Web Hacking Techniques of 2022, the 16th edition of our annual community-powered effort to identify the most important and innovative web security research published in the last
0
230
0
RT @ly4k_: Today we're publishing new techniques for recovering NTLM hashes from encrypted credentials protected by Windows Defender Creden….
research.ifcr.dk
In this blog post, we present new techniques for recovering the NTLM hash from an encrypted credential protected by Windows Defender…
0
686
0
RT @irsdl: now has another gadget which is capable of loading code rather than running command to avoid easy detect….
0
36
0
RT @Burp_Suite: Introducing the brand new flavour of Burp Suite - completely free, and available for a CI/CD pipeline near you … #cicd #das….
portswigger.net
Introducing Dastardly - a free, lightweight web application security scanner for your CI/CD pipeline, from the makers of Burp Suite. Secure web development ain't easy Ensuring your code is written sec
0
109
0
RT @runews: Someone hacked #YandexTaxi and ordered all available taxis to Kutuzov Prospect in Moscow . Now there is a huge traffic jam with….
0
6K
0
RT @albinowax: Thanks to everyone who attended Browser-Powered Desync Attacks, hope you enjoyed it! If you missed it but you're in the area….
portswigger.net
The recent rise of HTTP Request Smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessib
0
79
0
RT @itm4n: The July 2022 update of Windows 10/11 killed PPLdump 💀😢. Find out how in this blog post. 👉 https://t.….
0
261
0
This was a great exam from @PortSwigger. I wrote up a review of my experience with it and some tips if you plan on taking it
0
0
5
RT @shodanhq: The Shodan Membership is on sale now for $5 until the end of Sunday, July 17th (GMT):
0
1K
0
This was a fun project. I setup an APC AP7930 with Home Assistant so that I have 24 outlets and power monitoring controllable by Home Assistant.
0
0
0
RT @podalirius_: Ever wanted to trigger a #NTLM authentication to a machine using every possible RPC call ? You can do this using #Coercer….
0
208
0
Also APC make it so it’s not such a pain to factory reset.
0
0
0
Don’t trust the company selling your used equipment on eBay to wipe them…
1
0
4
RT @filip_dragovic: Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed b….
0
515
0
RT @WebSecAcademy: We've launched a brand new topic with eight new labs for you to get stuck into! The topic will look at how design issues….
0
105
0