Olivia
Online
1024 Cyber Services
@1024Cyber
●Penetration Testing
● Vulnerability Assesment
● Bug Bounty
● Threat Intelligence
● Github: TG bot :
Earth
Joined February 2025
47 Following
49 Followers
146 Posts
Recon Trick:
This is old but gold:
Look for publicly exposed docs on Google services.
Example dorks:
site:https://t.co/U5vGQ1majT intext:target
site:https://t.co/iKYebXXsST intext:target
Path traversal in file download:
/download?file=report.pdf → /download?file=../../../etc/passwd
#bugbountytips #ethicalhacking #webapplicationtesting
ASN lookup on the main domain → CIDR ranges → masscan the whole org.
Scope says "*.target.com" but the IP belongs to them too.
#bugbountytips #penetrationtesting
SSTI quick check: {{7*7}}, ${7*7}, <%= 7*7 %>
drop all three in every input field. One will hit on a misconfigured template engine.
#bugbountytips #cybersecurity
Forgot password + valid email → intercept the reset link → change the Host header to your server → password reset poisoning.
#bugbountytips #cybersecurity
ATLAS - A self-hosted, localhost CTI workbench that ingests raw threat data, enriches it via live API calls across six sources, and correlates everything
See more on github:
https://t.co/VDAzLelUIg
Host Header Poisoning (Password Reset):
Change the Host header to https://t.co/cCoGoRC9wW during a reset request.
If the email link is built using that header, the user clicks the link and sends
their reset token to you.
#bugbountytips
When a single ID fails, a pair might pass. IDOR bypasses can be that simple 🔥
- Victim's ID: 5200
- Attacker's ID: 5233
GET /api/users/5200/info → Access Denied ❌
GET /api/users/5200,5233/info → Bypassed ✅
#bugbountytips #PenetrationTesting
UPDATE: 19 MILLION exposed NGINX instances hit by the 18-year-old NGINX RCE found by AI.
A bug from 2008 just got a working exploit.
CVE-2026-42945 (CVSS 9.2)
No login. No access. Just one HTTP request.
POC:https://t.co/PVUwX9bwZj
UPDATE: 19 MILLION exposed NGINX instances hit by the 18-year-old NGINX RCE found by AI.
A bug from 2008 just got a working exploit.
CVE-2026-42945 (CVSS 9.2)
No login. No access. Just one HTTP request.
POC: https://t.co/PVUwX9bwZj
Manually sifting through Burp requests in history for possible vulnerabilities you might have missed can be a tedious process... 😓
Burp AI Agent by @six2dez1 brings AI-powered passive and active scanning to Burp Suite, covering 62 vulnerability classes with 10 backend options, including fully local models via Ollama! 🤠
Check it out! 👇
https://t.co/vkM5rUsdUq
⚠️⚠️ CVE-2026-45185 (CVSS 9.8): Critical Exim mail-server vulnerability — patch or upgrade immediately.
🔗FOFA Link: https://t.co/IMI4WcNJGo
🎯6.0M+ Results are found on https://t.co/HSOBZfCA2r in the past year.
FOFA Query: app="Exim-Mail-Server"
🔖Refer: https://t.co/9fxcd6qXQF
https://t.co/jr0qD0zH86
#OSINT #FOFA #CyberSecurity #Vulnerability
IDOR hunters:
don't just swap IDs — swap types.
/invoice/123 → /invoice/user_123 hits different object resolvers
#bugbountytips #ethicalhacking
testing for race condition
#bugbountytips
Rate-limit bypass with string terminators:
POST /api/myprofile%00
POST /api/myprofile%20
POST /api/myprofile%09
Backend normalizes → /api/myprofile ✅
Rate limiter treats each as unique 🔁
Useful for bypassing weak path-based brute-force protections.
#BugBounty #Pentest
Next.js v16.2.4 Security PoC Collection
https://t.co/8RJYcg4wfs
claude-osint is a paired set of skills for the Claude skills system. Each skill is a structured SKILL.md file that primes Claude with expert-level methodology for one half of the offensive recon problem
https://t.co/067FOsxNPc
WireTapper is a wireless OSINT tool designed to discover, map, and analyze radio-based devices using passive signal intelligence
https://t.co/kjQtfOL4wu
Site Spy - Website change monitoring,
powered by AI
https://t.co/kNTvNOe32c
📢 Ransomware Alert: MRS Holdings Ltd. 🇳🇬
MRS Holdings Ltd. (https://t.co/eVGpqCrn7Z), a Nigeria-based Oil & Gas company has reportedly fallen victim to the Kill Security ransomware group.
NB: The group intends to publish the data within 7–8 days.
🔍 Key Details:
🛡️ Threat actor: Kill Security
📅 Reported on: 09/05/26
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers