Olivia
Online
303sec
@303sec
Security Research & DevSecOps. 303sec on all platforms. Ex-baby (now fully grown).
edinburgh, scotland
Joined May 2018
1.5K Following
291 Followers
4.7K Posts
My kinda hot take on the Mythos stuff is really that there is so little money in offensive research that it's still not really that hard to find bugs. These AI companies are operating with budgets that make the entire offensive research of all big tech combined look like a joke
In collaboration with @renniepak, I just pushed a new (and probably final) update to the CallMe extension.
Now you're one click away from contributing your passive callback findings to the community, as it lets you export them in the right format and standards to submit to the https://t.co/1UqbKc06Ke repo. Make sure to update!
Yousef (@samm0uda) gave me a challenge few days ago, it's a redesign of Amir's recent challenge, the solution is quite interesting, I was able to solve it in 10 minutes as I'd previously debugged QS library it, I highly RECOMMEND it, the source code:
https://t.co/D2cgR6v9PA
Who to follow
@_danielthatcher Made a tool based in your research. I hope you like. :)
https://t.co/CHxGqHonoh
You may have read @AnthropicAI Frontier Red Team's blogpost about finding zero-day vulnerabilities at scale. I think it's more than that - LLM workflows greatly improve "negative-day" and "never-day" discovery. Here's the tool I built to do this.
https://t.co/2U5VHOiBBD
404 page to RCE. A report by @spaceraccoonsec
He chained two old CVEs to achieve RCE:
- Found a 404 page mentioning an obscure CMS, discovered /josso/signin login
- Triggered CVE-2007-0450 (directory traversal in mod_proxy) using a %5C../ to bypass the internal proxy
- Reached an unprotected JBoss web console on localhost (CVE-2007-1036)
- Exploited Java deserialization with jexboss tool for full RCE
Full report 👇
https://t.co/3Cera6pL9w
It's been a while since I've tried to find bugs in @facebook. Maybe it's time to look into the new stuff.
I remember the days when we spent one entire day intercepting mobile app traffic by patching a native library when nobody knew about it and finding an easy location-based open redirect on https://t.co/siGBtnuijn
This blog by @phwd_ has always been a great inspiration. It's a goldmine of everything about hacking @meta
Blog link 👇
https://t.co/1dSFw7OA0e
My Web challenge writeups from @0xL4ugh CTF v5👑🚩
1) pdf.exe
Next.js DNS Rebinding → Python CRLF → pdfkit Injection
https://t.co/emoxYxcIJD
2) gap
Lodash RCE via JSON vs JS mismatch
https://t.co/L29KzuxxyR
Both include 0-days 👌
And take my word.. Lodash one is fun😉
For the past few weeks I've been building a fuzzer from scratch in Rust. Today I'm releasing Astra along with a complete write-up that covers the full implementation, check it!
- Repo: https://t.co/FJIfHQvP4O
- Article: https://t.co/gkrqiOnc4H
Old bug gold.
I never get tired of these SSRF payloads:
Hope this helps someone
https://t.co/JB75ZGTXdt
Blog post: On the Coming Industrialisation of Exploit Generation with LLMs https://t.co/aK4pysY1wD
TL;DR: I ran an experiment with GPT-5.2 and Opus 4.5 based agents to generate exploits for a zeroday QuickJS bug. They're pretty good at it.
Code: https://t.co/47xHRObhRy
@assetnote @SLCyberSec My work on the novel SSRF technique that landed a critical payout at a Live Hacking Event: https://t.co/CTSTEtKiD1
I really love this poll because it lets you discover a lot of great research from the past year that you might have missed.
I've decided to highlight the Сlient-Side related research that I think is especially worth your attention.
$312,500 worth of stored/reflected XSS vulnerabilities in Meta’s Conversions API Gateway allowed Javascript code to run on any Facebook domain and millions of third-party websites. The flaw enabled zero-click Facebook account takeover and more:
https://t.co/7gWpR4LQ8x
10/ Next.js Cache Poisoning to XSS by @zhero___
Legendary research about Next.js
Spoofing framework-internal headers to force-cache SSR JSON as HTML
Cache poisoning → DoS and stored XSS via stale-while-revalidate
https://t.co/VuhEZfaFhl
Had some recent success using untranslatable Unicode in place of a "?" when attacking URL parsers for SSRF/OAuth issues.
What worked was...
\udfff -> � -> ?
Therefore...
{"redirectUri":"https://attacker\udfff@[victim]/"}
Equals...
Location: https://attacker?@[victim]/
![samwcyo's tweet photo. Had some recent success using untranslatable Unicode in place of a "?" when attacking URL parsers for SSRF/OAuth issues.
What worked was...
\udfff -> � -> ?
Therefore...
{"redirectUri":"https://attacker\udfff@[victim]/"}
Equals...
Location: https://attacker?@[victim]/ https://t.co/IDL41DJPKE](https://pbs.twimg.com/media/EU45ABnXYAAUYgS.png)
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers