Ophion Security

over 1 year ago

Live chat histories contain treasure trove of data. From answers to security questions to credentials and more. We found a way to access it all in Cisco's Webex Connect. Read here: https://t.co/JcEA5TkyIE #vulnerability #vulnerabilitydisclosure #attacksurfacemanagement

0

2

1

405

over 1 year ago

We are actively scanning Microsoft's GitHub organization and more than 150k repositories and 5k users. You can do the same for your organization starting today. Check out the demo: https://t.co/MATTse9807 #githubactions #githubsecurity #attacksurfacemanagement

0

1

0

2

207

Critical Thinking - Bug Bounty Podcast

over 1 year ago

Thanks for the shout! We love all the episodes coming out! Looking forward to sharing more research blogs in coming months.

@ctbbpodcast

over 1 year ago

New Episode is live covering the craziness with Zendesk and the nuances of how "informative" report disclosure should be handled. Also, some badass write-ups from @OphionSecurity and a new song drop from @realytcracker! https://t.co/rdqjO48QwK

0

21

3

4

3K

0

2

1

0

1K

Who to follow

Lauritz

@_lauritz_

IT-Security Researcher, Pentester and Bug Hunter. Passionate about 💻, 🤽‍♂️, ⚜️, 🎸 and ⚽ (@VfLBochum1848eV ) #Kaeferjaeger + H1 Ambassador

𝘻𝘰𝘪𝘥𝘴𝘦𝘤

@z0idsec

‍💻👨‍💻☕ • Bug Bounty Hunter, • SRT Member @synack, • Building cybersecurity SaaS solutions • Work for @pentesterlab ❤️ Be calm and hack.

Sachin Thakuri

@sachinnthakuri

Security Engineer @ some tech company | Co-founder @THREAT_CON and @THREATNIX 🤓Hacker by profession.

over 1 year ago

Endless security reviews, questionnaires, and compliance can be a nightmare when selling to enterprises. 🛡️ What if you could handle it all in one platform? Pentests, Questionnaires, & more. Check it out: https://t.co/GzsSffYipX #Cybersecurity #SaaS #SecurityCompliance

OphionSecurity's tweet photo. Endless security reviews, questionnaires, and compliance can be a nightmare when selling to enterprises. 🛡️ What if you could handle it all in one platform? Pentests, Questionnaires, & more. Check it out: https://t.co/GzsSffYipX #Cybersecurity #SaaS #SecurityCompliance https://t.co/jeZiZohqpu

0

6

1

1K

over 1 year ago

A simple cookie value allowed disclosing chats of hundreds to thousands of users through a Live Chat integration. Learn more on blog one of two from our Live Chat security research. https://t.co/FbAfEHNQhq #vulnerabilitydisclosure #livechat #ophionsecuritylab

0

2

189

OphionSecurity retweeted

over 1 year ago

Yay, I was awarded a $37,500 bounty on @Hacker0x01! https://t.co/5HTywrZaJU. Had a fun time hacking AWS at @HackerOne's LHE on Edinburgh. #TogetherWeHitHarder

17

424

20

89

20K

over 1 year ago

How should at-scale offensive scanning work? What values do they provide to companies? Checkout a recent podcast @mallocsys did with FireTail's Jeremy Snyder about it: https://t.co/bYHYIWTSwO

0

1

295

over 1 year ago

That’s what we call 0 bullshit, no FUD hacking. Research ➡️ find vulns ➡️ write exploits ➡️ report.

over 1 year ago

Flight from Vegas after Defcon got delayed…hacked for 2 hours during the delay…reported a P2 on Square…got paid. I love hacking. #bugbounty #hacking

mallocsys's tweet photo. Flight from Vegas after Defcon got delayed…hacked for 2 hours during the delay…reported a P2 on Square…got paid. I love hacking. #bugbounty #hacking https://t.co/HqO31HvQTe

11

278

11

43

15K

0

1

362

OphionSecurity retweeted

over 1 year ago

Flight from Vegas after Defcon got delayed…hacked for 2 hours during the delay…reported a P2 on Square…got paid. I love hacking. #bugbounty #hacking

11

278

11

43

15K

almost 2 years ago

Increase your sticker game with these stickers next week at BlackHat and DEF CON. #hackersummercamp #defcon #blackhat2024

Uranium238

@uraniumhacker

almost 2 years ago

Catch me at BlackHat and Defcon next week for some stickers! #defcon #blackhat

0

7

2

0

1K

0

390

almost 2 years ago

There is no such thing as too much data when building context based scanners. More data -> more knowledge -> more research -> more vulnerabilities to identify and resolve 💻

almost 2 years ago

Currently monitoring almost 1million+ records and assets through automation in one of our test deployments. Might have automated too hard.

0

2

0

1K

10

2

0

302

about 2 years ago

Orion in the real world 🤩

about 2 years ago

🛡️ Vulnerability of the Week: Going from High to Critical in 5 Minutes to get millions of customers' PII When testing a company, I found a vuln where authenticated users could pass enumerable account tokens to access another user's PII: DoB, Address, Phone, Transaction history, account balances and more. #attacksurfacemanagement #bugbounty 🧵

1

5

1

6

2K

0

1

550

about 2 years ago

Traditional ASMs are too noisy and full of false positives. An offensive context-based approach to attack surface management reduces vulnerabilities and helps internal teams identify and mitigate more vulnerabilities. Learn how Orion can help you today. https://t.co/PCKFlhgNqN

OphionSecurity's tweet photo. Traditional ASMs are too noisy and full of false positives. An offensive context-based approach to attack surface management reduces vulnerabilities and helps internal teams identify and mitigate more vulnerabilities. Learn how Orion can help you today. https://t.co/PCKFlhgNqN https://t.co/mljTYzAucR

0

2

3

1K

about 2 years ago

We had an amazing time at BSides SF meeting with everyone and discussing pain points with traditional attack surface management. Thank you for having us @BSidesSF! #attacksurfacemanagement #bsidessf

OphionSecurity's tweet photo. We had an amazing time at BSides SF meeting with everyone and discussing pain points with traditional attack surface management. Thank you for having us @BSidesSF! #attacksurfacemanagement #bsidessf https://t.co/UG2Z73ygFs

0

3

1

0

375

about 2 years ago

That's it. That's the tweet.

0

3

1

3

835

about 2 years ago

#walkthetalk

Uranium238

@uraniumhacker

about 2 years ago

Nothing better than when a product you have been developing for past few months finds another critical on a Monday evening.

1

6

1

2K

0

392

OphionSecurity retweeted

Uranium238

@uraniumhacker

about 2 years ago

Nothing better than when a product you have been developing for past few months finds another critical on a Monday evening.

1

6

1

2K

about 2 years ago

Attack Surface Management should be proactive not reactive. Meet the Ophion team at BSides SF to learn how Orion can help you identify and monitor for vulnerabilities in your assets including supply-chain dependencies, SaaS deployments, on-premise applications and more. #bsidessf

OphionSecurity's tweet photo. Attack Surface Management should be proactive not reactive. Meet the Ophion team at BSides SF to learn how Orion can help you identify and monitor for vulnerabilities in your assets including supply-chain dependencies, SaaS deployments, on-premise applications and more. #bsidessf https://t.co/5lFPBMNzQ3

0

224