字幕表 動画を再生する 英語字幕をプリント this is how to shot web web hacking and mobile hacking in 2015. I really appreciate everyone being here he's way smarter than me this is me I work for bug crowd I'm director -- I manage a team of hackers behind the scenes by bounty can you write the program. In 2014 I participated as a researcher. This talk is about my mend I use to do web hack king as well as stuff I learned from other researchers while doing this work. What is this really about. It's just -- I put a lot of -- my wife says it's okay. So more specifically what I did I started off with my mend which is a pen tester mend when I started doing this, application assessment. And so, I then went out manually parse d out all of the public researchers of all the badasses bug hunter I new about a hundred visit -- -- as well as people I new were good at it I went through ever article from the beginning of the crowd source bug bounty seen and also all of the Google and Facebook plans inter Bryce -- I created a presentation what I disstilled around that knowledge. This is kind of the stuff I'm going to bring in this presentation. Bug bounty testing from web -- discovery techniques, parameters often a tack useful fuzz strings, by pacer filter and some too long I think is cooler than other too long. Cool. So the first sections philosophy. So the differences between kind of bug bounty hunting and being a web pen test templet both sides and they are both right but when you get down to the practical work you introduce a lot of stuff here, up under dues time ton to a security tester they are not use to exesion when you are doing this kind of stuff unless you are playing in CTF I played in CFF's I was kind of used to it. You are only -- for what you find and not the hours you put in, so, I mean this is a basic overview of how they differ the talk is more about the technical stuff. Yeah, you basically tailor method based around finding stuff in 20 percent as opposed top 80 percent application assessment we'll go into how that 80/20 rule kind of fits in the rest of the slides. So if you are doing regular web app assess. -- this is usually what you are trained from and what your internal method is built off mostly any of the good consultants use and authors are you know super great testers, right but these take from you A to Z and you even though them find good bugs they take a long time to complete in full scale. So bug bounties are different if you want to do web hack and these are what you go for my talk as little bit different. Let's talk about discovery in web application assessment for a bounty. What you want to do is basically find the road less traveled if you are aiming to get paid I think so, you can a tack the flag ship application that the company has, right. That's not where the vulnerability is going to be that application has been tested by a pen test team probably had a bug bounty on it for a long time. Was really want to find part of the -- maybe has been secure web servers on different ports. You what about to find acquisition maybe the company had recently that came from a different development team and they might have a whole view of problems that came from a whole different group. You want to look at functional will the changes and redesigns on sites. Mobile websites because you are set to renter differently on your phone. And also a new mobile app version when you are testing. We are going to go into tools and stuff I used to find for you to a tack. So recouldn't MG is this tool that a lose to you do -- one part has all these modules to do subdomain discovery. Now subdomain discovery is a big part of finding application left out there marketing spins up a sight, -- DEF -- finding those and hacking those code execution through those sites is kind of where you can get big pay outside. So this script what it does is it scrapes Google for all -- given web property so let's say Acme.com this will -- for everything that is in ACME and remove those result until you are down to this long list of subdomains. Also scrapes being -- net craft, subdomains like common fires tool would this is on get had you been wrap around reCON installed if to you use -- you can pop the script in and go. Yes, so this is the output of something like that against the company like this. You can see -- probably a lot of domains here that have gone under assessed as far as you go, so, -- this is that idea of it rating through Google to find subdomains here you have sight then minus dub dub dub sites I found on its first hit sand box I removed that this is the scraping that the cool -- tool -- is doing. You get credit plier, business or shopping or advertising and you just keep on removing these until you have all of them. Then you -- then you end up with a huge list of sites to assess. Then you want to go through and on your entity that you are attacking you want to find mergers or acquisition that may be on -- they just purchased accompany, purchased by Facebook they got popped as soon as they were a choired they were not under Facebook six month rule I don't know if it's six month I can't remember how long. But yeah they got popped immediate until was a whole different DEF team. They got hit with injection and custom header that was great well not great but it was good for the bounty hunter. Wikipedia, update these things for stock reasons so keep an eye on these if you are -- your company has to purchase something else they have new domain may not be in the bug about tea -- there's also a repository of links of ever kind of -- that's comes out on pay pal and Googled. This one is post -- hosted and Facebook I have no idea its linked it has everything high percent linked these are the blog articles. Why is this important if somebody already found these bugs. Because, bugs get represented across the domain In different places. So you can tell a lot about an organization once you read these articles and find the same bug in other locations like the subdomains may be rogue -- how they filter out input you get a lot of in tell around the application, so, you no really doing a lot of research on your target can help but it's not the fast stuff so so port scanning I mentioned port scanning, it's not just for net pen, so, yeah, I mean how I hacked Facebook there was an article by Ryan I started out port scanning found a weird server he got in -- simple as that 8,000 dollar bug right or even more I don't remember. So, I asked do the net the Microsoft domain that you know -- that already opened to the world with MS12 zero 20 on it vulnerable so that was a thing. Go ahead and use simple map syntax to start port standing all of your sites make sure you check all those services this syntax will port scan for all ports on a domain as well as pull out any HTTP servers and display those it's a sin scan and OS -- so. So mapping so you found all of these new servers right like maybe subdomains or maybe you found an acquisition and something like that now you want to move you want to move into mapping an individual application, so, and take and notes is really important when you are doing this whether inside of like note pad or you know just using pen and paper like I use ever note all my bugs or in Temples I can copy and paste disclosure E-mail. So these are mapping tips that I use right away. Google is actually your friend you can get a lot of information -- I know there's parameter par sink scripts I couldn't find a good one for this presentation you know just parse parameters out of the Google like catch stuff but really the next big thing is directory reinforcing finding unlinked content content that's not supposed to be there. A lot of beam use content discovery for this kind of thing that's good they are good list but those list were created by going out spider the internet and then prioritizing them. There's some other lifts that are better for this type of work, so, the list or these list that came out of talk maybe four or five years ago raft was application proxy it was a decent one but since been discontinued its list for directory reinforcing has lived on. They are a spider of the internet robot do the text files everything that everybody doesn't want you to see is in this directory group forcing list super sick I can't tell you how many bugs I found just using this list like couldn't figure files all over the place. There's another list like this they went out and spider all the project if your sight or target is open source place you can take all the paths have have been -- get application or find config files. So after you do some unlink content discovery or directory re-- you can try to identify platform. So, there's just some really simple wins here -- you can alcoholic and looking at the heeders the comments in the pages analytic things that have been integrated they will give you the whole server stack they will give you version numbers if they can identify them. Retire do the JS one of my new favorite it will profile all of the server side Java script -- as well as give you all the vul never viability before that patch or your vulnerable -- list of prioritize process script tig. Once you identify all of these server version numbers check nor CVE and server type stuff that's standard that's web stuff. But these are good -- tools. Have you happen tho come across SMS you want to use these two tools curative scan for word compress a lot of people use this already. It will identify all plug ins and users for word compress install as well as look up any bones that are associated with those plug ins that have been disclosed. And then SMS map for -- and what is the other SMS -- so those are the two that have really yielded any value for me across SMS. You see a screen shot of curative scan. And its you know found aversion of a plug in or theme that has a file -- sometimes there's false positives honestly for what this script does it provides so much value so its great. So the directory we talked about a little bit earlier the work flow for this a lot of people do I just put this slide in here because I see a lot of people do it a little bit weird I see people -- off the top level path a lot and then just stop right they'll get errors don't know what to do with it they'll go to Acme.com and go to 200, 404, and more 404 you know there's nothing there then they'll hit control panel and see 401 I can't do anything I'm not authorized right so they -- after control panel there's so many like messed up access control on web server bugs you can explicit if you route -- I just see this a lot where people stop after the top level domain that's kind of the work flow you are doing there. Some other things that you can do is mapping and bone discovery using open source intelligence. Five sites six methods that you can use to find already publish bugs or almost all right public bugs I guess they are considered -- or whatever access .com, punk spider a burden of proof engine that scans the internet if your car get is a high profile sight information might all right be in here you can pull it out and use it to your van tach. Even if those bugs have already been disclosed. I found bugs on here not dis-- that's actually worked before it was like a super easy win. Help you get a feeling for what the company has faced before as far as prevalent across side -- file up loads and then you can do regression testing on all the domains up found earlier in the presentation. Go out and use these resources to try and find bugs in the platter form as quickly as possible they are free and out L the customer should know about them any way its the responsible thing to do. Okay. So this is my intern Ben, he's never spoken before at DEF CON neither have I this is my first speaking but he did an awesome project and he's going to talk about it for a couple seconds I really like it so. >> [Applause] >> So hello everyone my name is Ben. I'm on Jason's team. For the past couple months we actually gathered a bunch of files that includes all the date to for each Bugs Bunny program that's out there 200 visit plus programs that are included in this project they include how much a minimum is how much a maximum is, what's not included in the scope of the program as well. We use all this data and fed it into different scripts like CC on -- it just went through every single one of those programs and -- for subdomains. And this also is available on get had you been account and everyone can be in and use it if they want to. This is Yahoo's program a couple months ago -- what we have is record that shows that's the Yahoo.com all -- end flicker and all supplements of flicker included in scope as well as all mobile apps included as well you can see there's two dope maintenance which is Yahoo do the net and subdomains and Yahoo.com itself not included in the scope of the program. What we ended up doing with this using Ruby we wrote a script fed ever -- file and we crawl them and using -- for example for this one we -- and you can see there was disclose a dough -- just close a domain there's a you bunch of sites out there that you can easily report and report to venture. Taking it further we, same idea use all -- and we fit that into in treating which in treating is API framework that is for intelligence gathering and it does a bunch of tasks that you can see on the left side of the screen includes doing -- web spider end map and you name it we can do it with in treating. Also in treating is available on get H U B as well go ahead and commit to it if you need to. What we ended up doing for in treating we parse d every file with -- and you can see it says R, we are taking the task DNS boot sub-- and give it an entity and option all included in the manual and we are running that for Jason file the bottom shows its being assigned an ID that you can just go in local host and check it out and see what in treating has found. So for example we did in treating IO and for DNS root force you can see all those subdomains that have been out there that in treating found with IPI addresss as well. And make sure you guys check it out like I said it's on line -- the possibility, -- you can do whatever you can think of it. Being a bug bounty hunter I think it's huge for -- useful for everybody out there. >> [Applause] >> Yeah. That's a sick tool and sick framework both wrapping and reCON entry facility you've used -- I love both those tools using them both if you can in treating is going to be sick you guys should check it out so. Okay. So onto I'm going to have to blow through some of this. This presentations long. The one thing I want to say these are low -- the problem is if people start not paying attention to them you can't -- multiple bugs or I've have multiple bugs where where we've had a couple small issues like with pass pass or resets something like that we chain them to make like a critical account taker these are really important these are the kind of bugs that a lot of people see and like the hash tag beg a bounty people really don't like them. Don't discount them just note them if they that are out of scope don't discount them. That's what I have to say about some of these. So session -- the kind of same thing failure to -- new -- no new cookies -- these are all things are going to be able to use later a lot of times they are out of scope so either you are out of scope or unappreciated or due or something like that yeah, you should keep them in mind when you continue testing they can be. So the big part of this one is tackle fuzzingville -- we are going to talk about cross sight scripting some really good people have done the core idea of process scripting page functional will the display to the user that's kind of the question I ask myself you know can I get refreaks somehow with Java script so you can do manual test king Q which is great you can enter in your many character and see if they return but really when I'm trying to work fast in a bug BON -- so, you probably used them before the technical definition for them is web POLLY -- first one you will recognize they used to call it the R snake battering ram came out of -- you probably used this before you pray that you get across sight scripting this is multi context fillet by pass -- it's a mouthful I know. Its designed to evade filter it's a loud to execute In different web couldn't Detective and it's really cool so I have three of these that eyesight here that if you are just doing bug down tea hunting you can use and just kind of move a along on critical functions in the sight S this one is from a researcher he does cross sight -- I think he did Ph.D in cross sight scripting which to me mows my mind. This is a multi context -- so you can see here that he's trying to to markup in a whole burning of different context he's got like an at sign here to like trick trick E-mail like filter or maybe -- so he actually ran this along like top one hundred and like 80 percent of them vulnerable with search parameters with this string more AMMO. This one is done by MATH -- so he did a whole presentation on this idea of multi or payloads on websites so this is his multi context so this is one that I use now so thank you. Other observation when I started parse sink bug bounty work is important so finding cost missable themes or profiles that you -- trick them into using Java -- any application that deals with those type of things you are a pull things from U RI and render it for some reason. Import ting from a third party like Facebook immigration where there may be -- displace Facebook data in line so you can set your name on Facebook to script alert and will alert this sight. -- that didn't -- a lot of people discount web services right away because they think the content time won't execute across sight scripting won't execute Java script so you have to really check and make sure they are returning otherwise you can get -- and a lot of -- file up load names try to change it to script alert whatever like that its -- a of the places up loaded files themselves this as huge one actually that's all over the place so compiled file or HTML file and you basically a tack a file up load and so a lot of you know file up loads there's a whole section about file up loads we'll talk about it more in a little bit. Custom error pages where they are he can company winning what you can't find. Make parameters -- put it into your response and then log in and figure out password forms. Also, this is a swift parameter access that is a huge thing I don't think I've ever found a swift file that I decompiled that hasn't been vulnerable or remote file include actually Dennis here is like the guy I ask question all the time. So, yeah, so, things like J player and all of these software that are swift files that do media or whatever like so there's a whole -- on the common programs that these players use and then also the injection strong you have to do more manual analysis to do that manual oh I use this flash bang which I think is awesome you drop a swift file on the on the end cups out all the program -- dash displace them along with if they are going to execute out of the context of the swift file I highly suggest this tool if you are going to do some swift hacking way better than like a lot of the old once. Cool. So -- does the page look like it might need to call or stored data obviously. SQL I where it will execute in single quote, double quote and straight into -- context. I've seen a lot of -- remember these are things that actually scanners are starting to do they don't want to send a -- you have ate million parameters on a page takes forever to scan things, right. So I imagine a lot of scanners will start to pick up on this kind of thing the idea of these multi context injection strong this is awesome as well. So for injection to kind of go through and fuzz things I use SECT list project its got a bunch of fuzzing list and all this crazy stuff Daniel here actually helped me curate it we designed it together and its it's in valuable right its got like buy type of injection if you want to do a log in by pass in my shekel its got all those K -- C. RATED I highly suggest using this when I want to attack a form or something like that some parameter I think ses vulnerable so. -- so other observations to blind is the predominant -- you hardly ever get -- in those cases bench mark strong and stuff to make the page take a long time to load that's how you identify whether you take it the whole explicit way up to you we have a lot of researchers just want to identify and move on I like to run see y'all map it's still king there's no other tool that does it as good as SEQ U EL map. Everybody uses the map at some point. So, yeah, some tips tore the map basically when you are doing this you can actually parse a whole burden of proof blog file parse fuzz the whole file it takes forever it's not like the greatest way to do things its offering a lot of coverage. If you are up against some kind of black list or something like that it has tamper scrips you can use in code all of your - you can evade black list. There's a good guide on there, its somewhere on the form DBMS specific syntax -- so if you are going up against -- there's a simple string you can pass into map and get past black list A really fast way to in instrument the map is -- basically allows to you right alcoholic any window and Burp and request that to API running on local box you can be inside a Burp right click and start searching CLICK and start searching. Currency value item number values sorting parameters I'm not going to go through all these they are along lt slide this ses going to be on the hub any way you can grab it and use it if you think its useful these are the kind of place where I saw the most injection and -- this is sore right click on a request send it pi scan now that Burp -- -- doesn't look like this anymore but you get the idea. So this is my cheat sheet of S U L when I do broken down by my skill type these are cheat seats that let you know manual syntax a lot of these people pen test -- you have to use these you have to have them handy when you are doing injection, access who use access that suction, [indiscernible]. So, I keep those handy in May ever note when I'm doing S U L injection testing when I see errors something like that I just I start you know getting in that mowed. So file up loads and file inclusions next area. So local file inclusion the core idea is does it or kit interact with server file system. [indiscernible] obviously you can do it manually I have allomorph LFI scripting stuff up. You can see here like I tried a bunch of black list bypass to try to get common system files this is on the project. Common parameters or injection funds for this type of stuff you would think of this but its good to have it in the list file location, locale, path, display load, read or retrieve these are the most common parameters that you will find those in. Malicious file up loads. This is an important -- doing this type of testing not only just to up load swift file and get SS -- you can -- one of the ones I like a lot it's a DOS basically answering image? >> Specifies itself to be large but isn't you can up load it in the server we'll allocate all of this space not that big of zoo file you can dos the application server there's a whole blog on it. And then, you can you can actually one the things I think is interesting I'm into the going to go into it interesting buy passing security zones and store ring Malware so there's as well as poll -- payloads there's also files that can execute code In different context you think of a parse or reading a file it basically will look until it finds what it wants and execute that you can create ajar that is subtle so if I make executable -- allow ajar is that -- well I don't know you can storing Malware on your - I can send -- to go retrieve it can you do anything about that right. And cut stuff out I don't think so that's kind of hard to do. Interesting question there it's kind of another road. Dan Crawley did a presentation on it here at DEF CON it was super sweet so -- you should check that out. Oh, no. Technical errors. That came at the perfect time, actually. Oh wow. That's what we're doing. >> So who a -- he's a first time speaker. There's a story while we getting ready. I guess he mentioned that DEF CON16 he met someone. >> I met Julia my wife here. >> He met withs his wife here. Give him a hand, huh. >> [Applause] >> Cheers. Now back to the show I mean if I can deal with the laptop issue. Are these guys doing all right. Should I kick them off the stage or do you want to keep listening to them you want to keep listening. All right. I guess you can stay. >> Okay. All right. Can you give me a second until my throat stops burning. >> No. >> All right. All right see if this works. -- all right let's -- so follow-up load attacks are a thing I've never seen any better presentation along the road file up load attacks than this guy, if I mess up your names I'm sorry I love all these guys they are bug hunters just like me. This includes doing new and attacks as well as old attacks. Up load by passing extension trickery I'm trying to give you resources as well as the ones I would use so a lot of this I think got parse d into the new testing guide most of it at least. So, I would check that out too. As an intro to malicious file up loads and getting shells so -- oh this is what I talked about Dan I don't know that guys real name, but, yeah, these are the types of files that can execute In different ways. So you can see they have like a PDF that's a zip or NBR interesting research here coming out I would like to see interesting bugs come out of it. So, remote file includes and redirect, common parameters there destination continue redirect, U RI window next. Common black list by passes, these are all kind of escaping tricks you use normally in web stuff these are the most common once I found these are also in SECT list that I use often. So for RFI these are the common parameters file folder pass file template yes yes yes yes. So, these are where I saw the most bugs or you know other researchers published data around their RA -- RFI these are the type of parameters you can do. I think eventually the thing you do here, as you right a -- I haven't yet but that automates any time you see these it sends it to -- so you can just go test them later. I haven't done it I do it with eyeballs it's probably the bet way to do it is write an extension to do this work. How much time do I have ten minutes okay I think I can do it. If everybody knows about see suffer you find some function in the website that does something, right, and it's a security related function change password or whatever right there's a list latest function then you write alcoholic and Burp that's -- so what you have to focus on is C -- so common buy passes in my research yielded removing the toe Ken from the request, removing the parameter value from the request adding control dashed -- or changing the requested method. So check this out. This tool has gotten no love I don't know why I think it's been out two -- for two years. Any of you used this tool before no good give you something to take away. What it does you enforced able -- and you crawl a sight that -- in it like a C -- you create this template tell it what the TOKEN was what an air page looks like this is really easy to add. This has been out for I think two years already I don't understand why people want to use this super sweet right you write this it's a pie Anthony script then you run his PYTHON request all those across the whole domain, yes, sir request with those first three attacks then it produces HTMB -- L report which one gave error messages pry or -- sew made a lot of money doing this to Facebook and at this time because it wasn't direct extension it didn't get a lot of notice Iran dimly found out and I said sweet this is awesome this is part of the extreme output here's the base request here's the first drafted request and response and then you get a report back saying if they came back the same. So, I highly suggest that tool its linked in the talk. Another way to do it just to check for every request across a whole file that didn't have the TOKEN in it. The actual parameter so this is another scripted that does that its another script that runs on a file that went undetected kind of a little bit super sweet. I use these all the time it finds bugs all the time so. So just a common critical function like add and up load file, you know, password change, E-mail change transfer money country tea, delete a file, add a profile, things like that, so these are commonly where you see it. Privilege transport and logic kind of get mashed into a section. So, privilege, you know, -- but my testing thing you have administrative user you need a couple counts to do this then you have a low privilege user the low privilege user tries to -- pretty simple. Ought mate that across multiple function you might need too long this is what I use for is it this one is available on Burp store and basically you spider a site completely. You run through it. All of your post requests as as ADMIN user then go in as a lower user and you give that information -- was able to access that the ADMIN user I was also able to access you look through those in your output. So common function or views that I check for privilege escalation or anything like that these can be combined with last two seconds add a user delete a user start project change account info, view customer -- there's a page that tells everything about what that site does you want to try that view. Payment processing view like receipts or any view any with PI on it you want to focus on this is what that looks like. Again with low privilege user request everything gives you pry or advertised output. Prioritized look. >> Game mink head phones a couple months back, so, I found a bug in a really cool company and I had to disclose it and ended up call them on the phone and their help desk guy was I have no idea what you are talking about. Thing I actually linked -- of the IT group of that company finally someone accepted I told him I'm legitimated I just want to tell you this exist because I was buying a pair of head phones already and they may fix this bug. So, yeah and so the receipt function -- you could it rate up and down and fine other people's receipts with credit card on it. They sent me two free pair of head phones I have one one goes to Daniel for his birthday but I forgot to bring it. I'm sorry, Dan. But there's -- any way five minutes. Okay. Cool. Increment, key crash., sense five tongues, stewing user ideas these are how you test. These are common functions user fires that deal with [indiscernible] everything from the table everything that says user hash E-mail images that are supposed to be private so you can go through the slides and kind of go through this all of this is going to be on -- this as simple, I don't know why I put -- you see this newspaper -- new miracle -- this is exactly what I did. This were you what a disclosed bag that was patched. Transport -- there's this awesome script that will take up blog file again request ever request in your sight tree -- so you can see what's going over on unsecure channels instead of having to sort columns and all that stuff I find this useful try to downgrade everything then you report this is SSL downgrade attack or whatever. Logic, logic are us usually manual, the one I see a lot of styting hash parameters where there's -- they've -- irreversible or I'm too dumb to reverse it just finding another item -- and so doing that is usually yield the product for less money so, step manipulation this is like the bread and butter example everybody gives multiple steps order or put things in -- check out, pay, ship, so you just skip or you like put everything in your cart and you just ship because you have the whole process, so you just skip a process. Using negative quantities in -- or using negative in quantity value so actually had websites pay me credit because I put in a negative value on some pricing or or negative quantity right like order number equals one usually I want to buy one thing I put in negative 20 now they dread Ted my account like a thousands or something like that. So application level DOS this is interesting not actual DOS, right I'm not add indicating bug BONNTY I've seen sites that can't handle just like parse go a parameter with you know 40 zero or me putting in a math function as a parameter value server like I don't know what to do so those are interesting and then timing attacks I think there was a DEF CON talk about -- mobile I'm running into -- check these files for data storage as well as logging this is the best tool to get spun up. Basically jail -- it gives you full list of the hand her of all of the files all of the encryption val use. If it's using explicit -- most functional tool. I think it's partly based off of talk I gave a long time ago and he made it in rube be and its super sick its the best way to get into IOS testing if you've never done it before. This is a thing babblings we got to go there's other -- I repeat them don't discard them. Security head did he path disclosure keep them in your pocket later to escalate if you can use them. This is one idea of like you know if I have five or 30 minutes or something like that, what can I do so I try to time myself wimpled using this stuff in here so in 15 to 30 minutes I can doomiest of this using Burp and the automation maybe an hour depend how motivated I am these are the steps I go through, I register hit password resetting do all the forms go to security function check the cookie, I do like like perform enumerate or U ID I see in U RD, using one of the short list in the background up load a file if it had up load win 30 minutes or an hour I can usually find some pretty corner good bugs. Crowd source is different. It's a the same but different. You find like 20 percent of the stuff instead of 80 percent a lot of stuff goes quick of the data analysis is cool. You can probably do a 15 to 20 minute web test done -- [indiscernible] and follow all of the bug bounty people on the list. I put them on a list for you you can watch them hack things and talk about their find and. There's a lot of stuff that didn't get put opinion here there's a lot of data visit percent of the data is still unparsed I'm going to put it up as or maybe just mark down and you guys can contribute to it if you care enough if you just want to ticket and use it that's fine. Stuff to go in there more too long that I found XXE, meant to say [indiscernible] techniques, more detail and to add an toyed mobile tools that I use often. -- we good. Thanks. These are bug hunters that did -- who did things in this presentation all of them are awesome I respect every single one of them or who made tools. Also my team John Todd, Patrick, Katie, Kim consideration case see criss and Sam everybody in the -- I love doing this. So that's it.
B1 中級 米 DEF CON 23 - Jason Haddix - How to Shot Web: Web and mobile hacking in 2015 9 0 林宜悉 に公開 2022 年 05 月 14 日 シェア シェア 保存 報告 動画の中の単語