\\x3csVg/\\x3e","url":"https://nopzon.com/da2a1fa9/noob","mainEntity":{"@type":"Person","name":"Himanshu Anand","alternateName":"@noob","url":"https://nopzon.com/da2a1fa9/noob","image":"https://cdn.bsky.app/img/avatar/plain/did:plc:6p35qqtqfiff3w5sujbuws3k/bafkreiehvcsn5rgq5rklh7f6c4xgnefwfny4c3nfxxyx4sqfpsfjquljjm","description":"Capturing some flags!!\n\nhttps://himanshuanand.com \n\n\njaVasCript:/*-/*`/*\\`/*'/*\"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//\\x3csVg/\\x3e"}}
Advertisement · 728 × 90

Posts by Himanshu Anand

Every couple of days I am getting a notifications from @bsky.app regarding some old activity.
Is this a bug or a feature to keep users engaged?

5 days ago 0 1 0 0

The lack of common sense among the people, it should be called "uncommon sense".

7 months ago 0 0 0 0

Which companies are forcing staff into the office during the tube strike? #London

7 months ago 1 0 0 0

How do you get this info?
(Some 3rd party IP is reaching out to some xyz IP)
Help a noob

7 months ago 0 0 0 0
Post image

Don't forget our Call for Papers (also Rookies and Workshops) is still open!
Have you got something original and interesting to share, but need somewhere to do it?
➡️ #BSidesLDN2025

More information and to submit your proposal: cfp.bsides.london/bsides-londo...

#Security #BSides #London

8 months ago 6 8 0 0

Now I know why my teeth glow at night .

8 months ago 2 0 0 1
Preview
Over 150K websites hit by full-page hijack linking to Chinese gambling sites We estimate that approximately 150,000 websites have been impacted by this campaign. The script defines an array of keywords related to betting, gambling, and casino brands both in English and Chinese...

A web malware campaign tracked as ZuizhongJS has now hijacked over 150,000 websites—and counting—to insert ads and redirect users to Chinese gambling sites: cside.dev/blog/over-15...

This campaign started last month: cside.dev/blog/over-35...

1 year ago 10 6 0 0

I thiywe need more people to acknowledged it.
It seems most of the time people and companies try to hush it down. 🤷‍♂️

1 year ago 0 0 0 0

Never realised there is a visa requirement for delivery training as well. Is this something new?

1 year ago 0 0 1 0

Browsers only read the CSP when a page initially loads. This means that adding or modifying a <meta> tag afterward won’t affect or weaken the policy. Additionally, secure sites typically define the CSP in the HTTP header, which browsers enforce immediately and ignore any attempts to override.

1 year ago 0 0 0 0
Advertisement

I had an stupid thought: since a CSP (Content Security Policy) can be implemented using a <meta> tag, what’s stopping JavaScript from rewriting these meta tags to bypass the CSP?
I knew it was not possible but why not?

1 year ago 1 0 2 0

Poor handwriting.
🥲

1 year ago 6 0 1 0

Hey cybersecurity folks! As a direct or indirect consequence of the US (and others) cutting foreign aid, there are many who have done cybersecurity for NGOs and at-risk groups who are or will be looking for a job. They often have broad experience, from research to incident response to education 1/2

1 year ago 111 49 2 1

Hey Brian
I was the one who found this. Feel free to let me know if I can be of any help.

Cheers

1 year ago 1 0 0 0
Preview
Hackers are hijacking WordPress sites to push Windows and Mac malware A cybersecurity company says hackers are pushing Mac and Windows malware through sites that are using outdated versions of WordPress. © 2024 TechCrunch. All rights reserved. For personal use only.

Hackers are hijacking WordPress sites to push Windows and Mac malware

1 year ago 63 29 4 7
Preview
Hackers are hijacking WordPress sites to push Windows and Mac malware | TechCrunch A cybersecurity company says hackers are pushing Mac and Windows malware through sites that are using outdated versions of WordPress.

Honored to be quoted in @techcrunch.com 's latest article on the hijacking of WordPress sites to distribute Windows and Mac malware. It's crucial for website owners to stay vigilant and implement robust security measures. Read more: techcrunch.com/2025/01/29/h...

1 year ago 1 0 0 0

We found 2 more domains associated with the same attack:

iogamesl[.]xyz
wp-cdn[.]top

In today we have identified a little over 500 websites that were impacted.

1 year ago 1 0 0 0

I was expecting a crash, but I guess the system's a bit rusty…

1 year ago 0 0 0 0
Preview
10,000 WordPress Websites Found Delivering MacOS and Windows Malware We identified over 10,000 WordPress loading showing fake Google browser update leading to malware downloads.

WP infected website infecting windows users with SocGholish and Mac Users with AMOS.

cside.dev/blog/10-000-...

1 year ago 1 0 0 0
Advertisement
Preview
Government and university websites targeted in ScriptAPI[.]dev client-side attack Yesterday we discovered another client-side JavaScript attack targeting +500 websites, including governments and universities. The injected scripts create hidden links in the Document Object Model (DO...

Black hat SEO, compromised gov and university websites.

cside.dev/blog/governm...

1 year ago 0 0 0 0
Preview
Over 5,000 WordPress sites caught in WP3.XYZ malware attack We’ve uncovered a widespread malware campaign targeting WordPress websites, affecting over 5,000 sites globally. The malicious domain: "https://wp3.xyz/plugin[.]php".

Over 5,000 WordPress sites caught in WP3.XYZ malware attack
cside.dev/blog/over-5k...

1 year ago 0 0 0 1

This is crazy, everything I say BOTS 1 new bot follows me. 😅🤣

1 year ago 0 0 0 0

Post about BOTS get more BOTS. 🥲

1 year ago 0 0 0 0

I got more bots followers than real people. 🤷‍♂️

1 year ago 0 0 0 0

When to expect next Ivanti 0day?

> My prediction 1 more this quarter.

1 year ago 0 0 0 0

New year/quarter is incomplete without Ivanti 0day.

1 year ago 0 0 0 0

French authorities are asking for the proof.
Can I show them this screenshot?

1 year ago 0 0 0 0

Waiting for the list!!

1 year ago 0 0 0 0

Happy CVE-2025-0001

1 year ago 0 0 0 0
Advertisement

A bit old but I was quoted :D

1 year ago 0 0 0 0