Prateek Thakare ๐ฎ๐ณ
@thakare_prateek
Followers
2K
Following
4K
Media
25
Statuses
761
Security Engineer | Synack Red Team member
Pune, India
Joined July 2018
It was a great experience speaking at @THREAT_CON. Thanks for inviting us and giving us the opportunity to share our knowledge. Hats off to the hospitality we received from the organizing committee. Also thanks a lot for the special memento.
3
1
28
A few months ago, @rootxharsh and I gave a talk, sharing the slides here in case theyโre helpful to anyone.
4
45
313
Found an RCE in Google Web Designer :) Very similar to the CSS Injection to RCE found by Bรกlint Magyar. https://t.co/BpOJ4sfvNx
sudistark.github.io
Technical breakdown of a Remote Code Execution vulnerability in Google Web Designer via a malicious Video Ad Template abusing the NinjaShell API.
18
101
457
We announced the Critical Research Lab this week. And for our FIRST post, we got @J0R1AN's: - Exploiting Web Worker XSS with Blobs Go check it out!
lab.ctbb.show
Ways to turn XSS in a Web Worker into full XSS, covering known tricks and a new generic exploit using Blob URLs with the Drag and Drop API
1
50
218
It was a nice experience delivering training @bsidesahmedabad with @igauravbhosale ๐ฅณ
โจ You know what makes us the happiest? Seeing those bRiGhT, HaPpY faces at BSides Ahmedabad! ๐ Training Day-2 is in full swing & the energy is just contagious โ learning, networking & fun all around. ๐ #BSidesAhmedabad #TrainingDay2 #HackLearnGrow
#infosec #cybersecurity
0
1
7
i get asked all the time how to be an ai hacker. go read my "how to hack ai apps" post then just read and understand every post on embracethered[.]com by @wunderwuzzi23 and you will be an expert AI hacker. im not joking. it's that simple. links below.
11
51
346
The @SLCyberSec research team is releasing our final research post for our Christmas in July efforts, two RCEs and one XXE (all pre-auth) in Adobe Experience Manager Forms. One of the RCEs and the XXE still do not have official patches:
slcyber.io
Vulnerabilities in AEM Forms The Searchlight Cyber Research Team discovered and disclosed three critical vulnerabilities in Adobe Experience Manager Forms to Adobe in late April 2025. As of writing...
7
64
228
Added a new Past Talks feature to #CFPDirectory that allows you to search for past presentations added by speakers complete with download links to the materials and video if available... Check it out
cfp.directory
Find talks, presentations, and keynotes from speakers in our directory. Discover presentation materials, recordings, and slides from conferences worldwide.
0
7
9
After 9 months+ of cranking, cursing, and cursoring, and drawing on over 20 years experience running #HITB's Call for Papers, I bring you CFP Directory - a single system to make it easier for speakers to submit and organizers to connect and curate talks:
cfp.directory
Connect speakers with conferences worldwide. Discover open CFPs, submit talks, and grow your speaking career.
6
36
73
#OffensiveCon25 videos are now up! https://t.co/aRzmXS7iPA
youtube.com
OffensiveCon 2025 Talks
9
170
417
Shocked to find severe battery acid damage in my Hyundai Creta 2023. Acid leaked onto the gear shifter cable and nearby parts, causing a breakdown. No proper drainage near the engine, feels like a serious safety oversight, please look into this. @HyundaiIndia @Hyundai_Global
2
5
5
Thrilled to finally release my latest research "The Single-Packet Shovel: Digging for Desync-Powered Request Tunnelling". Desync vulnerabilities stemming from HP2 downgrading continue to plague even the largest vendors, have a read to find out more! https://t.co/Elsr3WEYXZ
assured.se
In this paper I will reveal the discovery of wide-spread cases of request tunnelling in applications powered by popular servers including IIS, Azure Front Door and AWS' application load balancer...
3
46
142
Apparently @offensive_con worked their asses off to get their talks up on YouTube Go check them out And here's the coolest talk, my talk: https://t.co/d3Vvo5UPrp And with that, the full chain used to exploit the S24 is released. Yay!
#OffensiveCon25 videos are now up! https://t.co/aRzmXS7iPA
4
33
158
Take a look at my blog w/ @Bugcrowd where I talk about RCE and one of the ways it landed me a critical payout! https://t.co/iaqONivw4H
bugcrowd.com
I like to think of RCE not just as a bug but as an impact. Why? Because there are numerous waysโliterally 1001โto achieve RCE. The initial foothold for an RCE attack can vary significantly, ranging...
10
67
308
This ๐ฏ
agree with sean here, and thatโs why you should start doing ctfs or reversing vulnerabilities. you open a basic binary challenge in picoctf. but you never took any courses. it looks completely alien. you have no clue where to start. something in you wants you to solve it, for
0
0
1
I guess somebody was thinking outside... the... sand... box! "Compromised renderer can control your mouse and escape sbx" https://t.co/8OWneoaTKi
4
30
197
Hello everyone โฅ a little bit write-up of #bugbountytip #bugbountytips I am going to write here ..... Title: getting unauthorized access on 3rd party's/workspaces & and building your checklist for quickly locating bugs there via massive recon we know that its helpful to look
41
342
1K
A small writeup from my side also, solved it after the deadline was over ๐
Also I moved all my blogs in one place GitHub Pages so you can find everything at one place now: https://t.co/gSzWQ65fNO
sudistark.github.io
This was really an interesting xss challenge by @J0R1AN. I solved this challenge after the challenge deadline was over but still wanted to do a blogpost cause why not :p
โฐ Intigriti's December Challenge is over! ๐
โ
15 hackers found the correct solution ๐ 4 hackers wrote a cool writeup ๐ Check out the winners below and drop your write-up in the comments!
2
13
60
A repo for learning various heap exploitation techniques by @shellphish
https://t.co/MDbkqR4z8Y
github.com
A repository for learning various heap exploitation techniques. - shellphish/how2heap
1
49
172
Imagine opening a Discord message and suddenly your computer is hacked. We discovered a bug that made this possible and earned a $5,000 bounty for it. Here's the story and a beginner-friendly deep dive into V8 exploit development. Watch: https://t.co/QtAro4fj4t
17
179
739