Olivia
Online
I¯\_(ツ)_/¯I \ (•◡•) /
@BountyOverflow
BBH ( ͡° ͜ʖ ͡°) 💰 @Bugcrowd Top 50 \o/ ✌️ MVP✌️
I am here to learn/share application security stuff ✌️
I enjoy finding auth bypass bugs 🐞
🌎 Earth 🌎
Joined December 2010
1K Following
6.6K Followers
1.5K Posts
Pinned Tweet
What a great month it was July 2022!
I have ranked #2 world wide on @Bugcrowd
https://t.co/RzWzmTH6wG
Claude Code Skill Bundle for Bug Bounty Hunting & External Red Team Operations 🤖💀
• 51 offensive security skills + 15 slash commands • Trained on 574+ disclosed HackerOne-style report patterns • Covers XSS, SSRF, SQLi, OAuth, JWT, GraphQL, RCE, IDOR & API abuse • Enterprise attack chains for M365, Okta, VPNs, SharePoint & vCenter • Built-in recon, exploit chaining, triage, evidence hygiene & reporting
https://t.co/89R7Cx20oz
#BugBounty #RedTeam #CyberSecurity #Pentesting #AppSec
Been following @damian_89_ work for years, used his EASM product for bug bounty and it was one of the best out there. Now he just dropped ArgosDNS focused on subdomain intelligence, exactly what the recon space needed. The data quality is crazy, do yourself a favor and check it.
Why to use a simple #XSS vector like this 🤔
<img src=x onerror=alert(1)>
when you can use a much better one? 🤩
1'//"</Script><Img/Src%0AOnError=alert(1)//
The vector above pops in HTML and JS scenarios for single and double quotes! 🤯
Try it here: https://t.co/vLUbVDzLP2
Who to follow
Youssef Sammouda (sam0)
@samm0uda
Security Researcher/Hacker
1st in Meta bug bounty program for 6 years
Opinions are my own and not my employer's.
The Bug Bounty Hunter 
@tbbhunter
Promotions or business ✉️[email protected]
Nagli
@galnagli
Hacker; Red Agent & Attack Surface at @wiz_io / @Google; $3,000,000 Bug Bounty Hunter and Live Hacking Events Winner.
New Rhino Blog Post: CVE-2025-0693: AWS IAM User Enumeration
https://t.co/tuMn35kIxG
https://t.co/8jCiVQ8rnh
I don’t work there anymore but it’s truly so sick seeing this level of weird bug being patched so fast
Hell yeah
Thanks to the recent @PortSwigger top 10, I finally found the motivation to finish writing the 2nd article about DOMPurify security! 😁
Before releasing it, I would like to share a small challenge 🚩
Challenge link 👇
https://t.co/Fw1ePWFOMB
1/2
@krishnsec Solo Leveling is such a wild ride! The character growth and battles keep getting better. Can't get enough!
https://t.co/cIhXCjPnJy
Unleashing The Power of a JavaScript Bookmarklet for Endpoint Discovery in Bug Bounty and… https://t.co/R7y9i0gele
@3th1c_yuk1 @intigriti @renniepak Seems rennie deleted his twitter so original post is gone :/ but someone made a post about it here with the code: https://t.co/FahOFlpNRv
@krishnsec and then P1 P2
Got a CSRF attack being blocked by Content-Type validation? You might be able to bypass it with this quality technique. https://t.co/Y5Kf5vrzc5
After a 4-month break, I’m backon @Bugcrowd ! Life kept me busy with something truly special—welcoming my adorable daughter into the world. 🍼💕 Feeling so blessed! 🥰
There is a public website with the following folder path:
https://t.co/oSprjbDUrm<filename>
Does anyone know of any tricks for WordPress websites that would allow me to list all files and folders in the 'uploads' directory? #thanks-in-adv
@bug_vs_me earned Bounty finished.... then back to bug bounty again
@krishnsec And P1 is the aim!
I was facing a very strict WAF while trying to exploit a XSS : no gt/lt signs, no parentheses, no double quotes, no backticks. I was injecting inside an html tag. Turns out the solution was very simple (and not well documented):
<img src=x onerror=alert&#40document.domain&#41>
🚨Alert🚨CVE-2024-30103: Microsoft Outlook Remote Code Execution Vulnerability
⚠This Microsoft Outlook vulnerability can be circulated from user to user and doesn’t require a click to execute. Rather, execution initiates when an affected email is opened.This is notably dangerous for accounts using Microsoft Outlook’s auto-open email feature.
📰Refer: https://t.co/QEiHf8iwtH
#Outlook #Microsoft #hunterhow #infosec #infosecurity #Infosys #Vulnerability
@Burp_Suite you will effect after 1 day, as it is slow
Last Seen Users on Sotwe
Fernando Peao
Seen from Brazil
🍄
Seen from Malaysia
ADULT ARENA
Seen from Mexico
Alan_Incest
Seen from Chile
Tease Club
Seen from United Kingdom
Firman
Seen from Indonesia
شَخْصٌ مَا ✨ 𝑺𝒐𝒎𝒆𝒐𝒏𝒆
Seen from Saudi Arabia
Situs Nonton Video Bokep Paling Lengkap Artis Indo
Seen from Indonesia
Mustafa
Seen from Turkey
YERLİ MEKAN
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers