Olivia
Online
Mohamed Dief
@DemoniaSlash
😁😗😎🥸🤩
hell
Joined July 2019
95 Following
306 Followers
275 Posts
Pinned Tweet
| ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄|
| Stop ignoring security |
| issues because you |
| don't want to edit |
| a single line of code |
| ___ ________________|
(\__/) ||
(•ㅅ•) ||
/ づ
npm is vulnerable to RCE, even --ignore-scripts can't protect you
https://t.co/rXpJp8Ru5e
@v12sec @THORChain Are you really surprised that a network that has been used for money laundering for years didn't pay you? I suggest you take a look at THORchain history
The golden era of the Hacktivity page on HackerOne
I just published unstrip, A little bit more advanced tool written in rust to recover symbols, types, interfaces, and method signatures from go binaries and also allows you to re-write the entire executable to include those symbols
https://t.co/Oe3govskkQ
@Jhaddix That's why companies are asking researchers to submit the AI prompt + model they used to find this (if they used AI),templates if they where using any automation in exchange for bonus,In this case, Since you didn't use either, your report is going directly to their internal infra
I just hate this job so much
thank you terry for the wise words
Microsoft has banned Nightmare Eclipse from GitHub: https://t.co/EmeiJnJ0Ps
This is the researcher who disclosed several zero-days after Microsoft also deleted their MSRC account.
They have now moved on to GitLab: https://t.co/Npj0gplSum
(h/t to: @[email protected])
@mountainaddict0 The only scenario where it's impactful is actually when a sentry API key is exposed, that would give you access to actual traces and internal information which you could never access from a sentry DSN (sentry DSN allows submitting error traces but never allows you to retrieve em)
@mountainaddict0 Don't believe everything you read on medium, most of these guys are just faking blogs, How sentry work is that you import their SDK on the client side so the client-side errors could be reported to the DSN, it only works by the user actually sending those errors in HTTP requests
@pdiscoveryio So we got 2 possible outcomes from this, either traige fails tragically cause AI is no where to be trusted with vulnerabilties, and the chances of it ruining the production while reproducing it is pretty much high, or it's actually a hit on PD gets aquired and goes corporate
Ever since actual triagers such as antina and goldenretriver, even "still" vanished from the traiging team years ago, HackerOne started forcing those idiot traigers on us that doesn't even try to do their job, and it's impossible to communicate with them
That's actually crazy cause that's what i've been saying for years now, HackerOne been doing this for YEARS now where traigers doesn't even bother reading the reports, But somehow you guys are only mentioning this when Loveable and CircleUp got hacked cause of them?
On December 11, We reported a AWS token leaked on a public repository belonging to marriot infrastructure which had SES service with verified domain of @marriot.com on December 12 @Hacker0x01 closed the report as n/a saying https://t.co/0suiUzOdqH is explicitly out of scope:
Let's not forget the incident where a hackerone traiger stole a researsher vulnerablity and started mass reporting it to programs too, If you really think HackerOne is to be trusted for either the researcher or the company you're probably a fool or missing a chromosome
Just released flux, YAML recon workflows with DAG support, Parsers for tools output, Local database per-project, Check it out
https://t.co/t4ULpE9AIR
@asaio87 Also security is a service, Bug bounty is the freelancing version of it, instead of requesting an audit from a firm they publish a bug bounty program and millions of hackers send reports there and they get awarded based on the severity of their finding
@asaio87 Well that's what they call a bug hunter, Security researcher who reports vulnerabilities in "good faith" and usually get paid for it, But this one is blackmail
Super interesting take from one of the greatest hackers
He says Mythos is not as good as they claim, because zero-day vulnerabilities are not that hard to find for skilled hackers
I'm far from the hacking world but sounds reasonable
Any thought?
Last Seen Users on Sotwe
Couple mamun sopna
Seen from Turkey
Pencinta binor gemoy montok besar
Seen from Germany
raesa
Seen from Indonesia
merokok58
Seen from Singapore
pecinta ibu kandung
Seen from Indonesia
Hyo
Seen from Indonesia
樂先生-东莞
Seen from Vietnam
TS Lunatics
Seen from Indonesia
carlinha
Seen from Brazil
Findom Princess ✨ 
Seen from Japan
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers