Olivia
Online
0xAlessandro
@0xAl3ssandro
CTF PLAYER WEB💧(@Infobahn_ctf) | Co-captain and researcher at @RewriteLab
https://ロ.cc
Joined June 2021
486 Following
160 Followers
366 Posts
Pinned Tweet
Here's some notes I made after reading @aszx87410 awesome writeup about srcdoc memos from Idekctf 2024, hope it's clear enough https://t.co/SnLgrm7xEk
We published a new research article on the Chromium 146 Renderer Process!
In this article, we start from the CVE-2026-3910 Maglev write barrier elision bug and walk through the full exploit chain: building a V8 heap R/W primitive via a GC-induced UAF, achieving an out-of-sandbox read using WebAssembly internals, abusing JSPI UAF and StackMemory / JumpBuffer, and ultimately reaching renderer process RCE.
Our goal was to provide a structured explanation of how modern V8 exploitation works in practice, from compiler-level bug analysis to sandbox-boundary primitives and final code execution. Huge thanks to our team member @m411k_ for conducting this research!
Check out the PoC!
Full article:
https://t.co/qezGcrklC1
I won't keep you in mystery any longer, here's how I found an XSS vulnerability *in* Shazzer!
The chain involved some interesting browser techniques no sane developer could foresee. Check out the details below:
https://t.co/nY20Anz0VO
(and thanks @garethheyes for making Shazzer!)
"Dad, what was it like playing CTFs before AI?"
We have successfully published a new research article!
This research takes an in-depth look at several interesting security incidents that occurred in 2025 and analyzes them in detail
While some of these incidents were already widely known, this research focuses more closely on cases that people may have only glanced over without examining thoroughly
Special thanks to One, TCP/IP, and @filime_sec for conducting this research!
We hope it receives a lot of interest! : )
https://t.co/4L9JeYNATY
[ RewriteLab Web Security Research Team, 2026 First Half Researcher Recruitment ]
Rewrite is a specialized web security research team composed of web hackers from around the world.
Researchers from various regions including Korea, Europe, Asia, and Africa collaborate to conduct in-depth research on the latest web exploitation techniques and technologies, while also working on a range of web security related projects
We are now publicly recruiting new researchers who would like to join RewriteLab and conduct research together with us
For detailed information about the recruitment requirements and the application process, please refer to the recruitment page below!
https://t.co/PHZ7NazvAD
And this makes sense given how many CTFs are held per year.
However, the ideal CTF challenge, in my opinion, should follow this formula:
"The author conducted a mini-research project and instead of publishing it, turned it into a challenge."
We take a closer look at the 2nd exploit, and sit down with @_manfp to learn about his research process.
https://t.co/h59rteNoNU
Hello! We’ve just launched a new wargame site called damn vulnerable web!
It consists only of web challenges, primarily designed for intermediate to advanced players rather than beginners.
We hope this wargame helps more people gain deeper and broader knowledge in web hacking :)
For now, we’re planning to accept only 300 users initially for open beta testing and capacity checks.
Starting from this tweet, we’ll gradually increase the number of allowed sign-ups each week. Your interest and support will be a huge help to our future activities
We’ll do our best to deliver even better work going forward. Thank you!
Wargame site: https://t.co/9iER5IGfSP
Join our Discord: https://t.co/gWTx9jUvtT
We’ve published a new article! This is a full writeup of the web challenges from the SECCON 14 Qual round. It has been written in detail so that readers can understand the core concepts and techniques even if they did not attempt the challenges themselves.
We would like to express our sincere gratitude to the researchers @Predic02 , @masamunee2003 , @ElleuchX1 , and @ irogir for their hard work on this writeup.
To everyone reading this, we wish you a very happy New Year 2026! We’re planning to release something new that we’ve been preparing between January and February, so please stay tuned and show lots of interest : )
Cross-Site ETag Length Leak
https://t.co/RYofmHVh6T
I just posted the author writeup for impossible-leak in SECCON CTF 14 Quals. As far as I know, this is a new XS-Leak technique! The ETag header can become a side channel :)
Here is my writeup of Intigriti's December XSS challenge. It consisted of 6 smaller challenges combining into a big 1-click exploit.
One of the most fun ones I've ever played. Loved the unique format by @RenwaX23!
https://t.co/mNYyMzdq0G
⏰ It's CHALLENGE O'CLOCK!
👉 Pop an alert before Monday the 22nd of December
👉 Win €400 in SWAG prizes
👉 We'll release a tip for every 100 likes on this tweet
Thanks @renwaX23 for the challenge 👇
https://t.co/g7bkRnaS5i
Part 3 of our Hacking AI Apps series.
This time we hacked OpenAI Atlas Browser: A vulnerability that let us control tabs, leak browsing activity, and hijack your Reddit/Facebook accounts by stealing OAuth tokens.
https://t.co/rhGzrfj5TW
Stay tuned for Part 4: Antigravity!
My TROOPERS25 talk has been uploaded! If you ever wondered if "style-src: 'unsafe-line'" in your CSP is bad, this one is for you.
Scriptless Attacks: Why CSS is My Favorite Programming Language
https://t.co/Upx72xBzSf
If you have some free time this weekend check it out. I wrote a small challenge
Infobahn CTF starts in 24 hours!
Prizes worth over $3000! Challenges across Web, Reverse Engineering, Cryptography, Binary Exploitation, Jail, and more.
Sponsored by Google Cloud, OffSec, OtterSec, RET2 Systems, Cybersharing, and Rapid Risk Radar.
https://t.co/so3moFybh5
[420885124] Intercepting console errors might lead to XSSI
https://t.co/nQcGkckUpl
HTTP is supposed to be stateless, but sometimes... it isn't! Some servers create invisible vulnerabilities by only validating the first request on each TCP/TLS connection. I've just published a Custom Action to help you detect & exploit this - here's a narrated demo:
Follow your rabbit holes is the takeaway from my latest CTF writeup.
I found several interesting techniques that can help tricky situations, such as using the Connection Pool to make Client-Side Race Conditions easier!
Read the whole thing on my blog:
https://t.co/cnh5B8E41n
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.2M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.6M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.3M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers