Olivia
Online
Joe Leon
@JoeLeonJr
Security Researcher
Joined February 2013
280 Following
18.3K Followers
70 Posts
@OfficialLoganK @tradelots @AikidoSecurity Completely agreed! I tried gently pushing back when the team closed the report, but it was communicated to me twice that this was intended behavior. If I knew to contact your team, we would’ve worked with you all before publishing.
Here's a couple of things worth a try to get an IDOR
Comment below if you've other useful tips & techniques.
🧵👇
#bugbounty #bugbountytips #infosec
Black Friday is here! Get FREE recurring API credits if you like + retweet this tweet.
If we get up to 100 RTs everyone gets 100 recurring monthly API credits. If we get over 100 RTs, everyone gets the # of API credits in the amount of RTs.
Cut out time: November 28th 10AM EST.
Black Friday warmup🔥
Get a chance to win a SecurityTrails swag pack:
Comfy t-shirt ✔️
Classic (and a favorite) hacker hoodie ✔️
Stickers ✔️
Just RT this tweet and make sure to follow @securitytrails - one winner will be chosen randomly on November 26th 2021 at 00:00 EST.
Who to follow
Jonathan Aufray 
@jonathan_aufray
CEO at @StartGrowthHack. I bring fast, repeatable & scalable growth to Businesses | Growth Marketing | Lead Generation | Sales | Conversions
Anthony Ellis
@skydog811
Investor Mergers and Aquisitions, Agent of change, talent scout, provocateur and bon vivant. Actors, Speakers and Entrepreneurs, acquiring businesses now.
John Tarnoff
@johntarnoff
I Help Mid-Career Professionals Transition to Better Jobs & Build Purposeful, Sustainable Careers | Coach | Educator | Community Builder | Content Creator
Finished my first week part-time bounty hunting with @synack on the @SynackRedTeam. It’s been an awesome experience and the VulnOps triage team is world class!
Hitting F12 in a browser is not hacking. If your code leaks personal data via public development tools that any person can see by simply pressing F12 on a keyboard then you have a huge data leak issue, not a hacking situation, on your hands. Fix your website.
🎵 If you're having cert issues I feel bad for ya son, I got $99 problems but the bill ain't one...🎵
All you have to do is pass the Burp Suite cert exam before 15th Dec and we'll refund you your $99 exam fee.
#burpsuitecertified #99problems
TIL that since hashcat 6+, you can pass your wordlists in the .zip or .gz format and it will decompress them on-the-fly.... pretty great for space savings on my 150GB+ of wordlists.
Burp Suite > Proxy > Options > TLS Pass Through.
Add these:
.*\.google\.com
.*\.gstatic\.com
.*\.mozilla\.com
.*\.googleapis\.com
.*\.pki\.goog
No more noise in your logs! #bugbountytips #Bugbounty #CyberSecurity
Trying to get into .NET lately I ended up putting together a new project as a result.
LittleCorporal is an automated Maldoc generator that leverages VBA, Donut, and thread hijacking to load a user specified shellcod blob into a remote process.
Project: https://t.co/G8WY3kLNr3
yarh- for some reason on win11 the SAM file now is READ for users.
So if you have shadowvolumes enabled you can read the sam file like this:
I dont know the full extent of the issue yet, but its too many to not be a problem I think.
I've written a tool to escalate from domain user to a full AD compromise using ESC8 by @SpecterOps. You can see in the pictures below how, when combined with a method to coerce authentication, it is extremely powerful.
Along with the release of our blog post on #XLSEntanglement we have published a git repo with POC code and some examples
https://t.co/h3oXINYQu1
Got some feedback that a guide to customizing C2Concealer would be helpful, so this is part 1/3 in a series on how to customize our tool to automatically generate c2 malleable profiles for #cobaltstrike
Process Creation is Dead, Long Live Process Creation — Adding BOFs Support to PEzor
Since the release of Beacon Object Files (BOFs), I wanted to support them as a new kind of output format in PEzor... Let’s dive into this short journey!
https://t.co/O6E6ImRUeL
Finally ready! Check out https://t.co/EZI09n1LOz to find out what file extensions are being used by attackers and in what way. Drop any feedback or suggestions in my DMs.
Yet another comspec-based #LOLBin to be added to your blue- or red-tinted repos.
For couple dozens of predefined commands, "help xxx" will launch "%comspec% /c xxx /?"
The finding itself is nearly year old, and it's high time I converted it into something practical.
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers