Olivia
Online
Nemesis Breach and Attack Simulation
@Persistent_Psi
Challenge your security before attackers do! Continuously and with persistence!
Joined January 2023
17 Following
121 Followers
34 Posts
Pinned Tweet
We scanned thousands of hosts for CVE-2026-48710 and found something important: being behind a reverse proxy, CDN, or Cloudflare is not always enough protection. In some setups, X-Forwarded-Host can still be used as a bypass. (1/2)
If backend middleware trusts X-Forwarded-Host and updates the ASGI scope, the malicious value can still reach ASGI and Starlette. We’ve updated the https://t.co/wWB8e92ADO scanner to test this automatically. Re-check your hosts! #badhost (2/2)
We scanned thousands of hosts for CVE-2026-48710 and found something important: being behind a reverse proxy, CDN, or Cloudflare is not always enough protection. In some setups, X-Forwarded-Host can still be used as a bypass. (1/2)
Full details of CVE-2025-53773 (RCE via Copilot in VSCode, Visual Studio, and other IDEs..) thanks to @gitlab and in particular @joernchen for the collaboration.
Who to follow
Fuzzing_in
@fuzzing_in
fuzzing and security videos. YouTube: https://t.co/vN0Qmp9BNl
🚀 If you enjoy bymeacoffee: https://t.co/nCbC3Abgq5 🚀
eversinc33 🤍🔪⋆。˚ ⋆
@eversinc33
reversing/deobfuscation/drivers @ https://t.co/64HAro8Scw
Dylan Tran
@d_tranman
pro skid
salsa sultan, verde villain, condiment connoisseur
sdvx vf 16
Former: Adversary Simulation @xforce, @NationalCCDC+@wrccdc & @globalcptc @calpolyswift
🚨 New RCE in Visual Studio & Copilot (CVE-2025-53773)!
0-Click command execution via prompt injection in READMEs/code comments. AI can alter settings & execute commands, risking CI/CD pipelines.
Patch now!
Full details: https://t.co/9HmJDmAnSW
Here's Claude Desktop using the Nemesis MCP servers to set up a test scenario from a malware sample analysis, fully automated!
If you're a researcher and have cool ideas and applications for AI automation with Nemesis, sign up to the wait list here: https://t.co/z2GcuAaAkr
We've released the first breach and attack simulation MCP - Nemesis MCP server integration is here: https://t.co/BRMobCK9uA
434c53388db2cc62e6f2070f77e69f174a78abf65c058b22c1fb2fcaedeb2d62
🙏 The eSIM/eUICC Security Training at @hardwear_io was also a lot of fun for me to hold. I'm happy to have had such a knowledgeable group with a great dynamic!
Proud to announce that PSI has secured a $1M investment from Georg Wicherski, ex-CrowdStrike.
This means we’re doubling down on combining DORA compliance with Breach and Attack Simulation, growing our team, and wave of new features.
Grateful for the belief in our team!
Digital Operational Resilience Act Series: Regulator Reactions and Information so far.
https://t.co/Jc5tzA0fl5
#DORA
📢 Attention all security engineers, researchers and developers!
Let's uncover the secrets of eSIM along with @marver at #hw_ioNL2024; learn about secure deployment practices, potential attack surfaces, and much more!
Link: https://t.co/ydeppocmh2
#esim #euicc #securityexperts
A remote code execution vulnerability has been identified in Windows systems that can compromise devices via WiFi. Ensure your safety and learn how to protect yourself: https://t.co/ww9a2EBW7X
CVE-2024-30078
CVE-2024-30078 Kunlun Lab 👀🔥 https://t.co/4G7DoWbjC0
How our team found a bypass for phishing proof @okta MFA and how it was handled:
https://t.co/JEV5RUmmxO
Read about how our @Giutro and Nikos from @Persistent_Psi bypassed @okta Verify "phishing-resistant" features.
https://t.co/iidlTQeLim
All your sessions are belong to us 🎣
Mike Cartoscelli joins the PSI team as our new COO! Having 29 years of experience in technology, he will focus on bringing our Breach and Attack Simulation (BAS) product Nemesis to a wider market and focus on how Nemesis can assure compliance to the DORA regulatory framework.
Raise your hand ✋ if you believe in practical learning rather than theory!
We've got you covered with our #NullconBerlin2024 7 hands-on, in-person Training sessions.
Training Objectives: https://t.co/v4vP7Fg5Hl
#infosectraining #ethicalhacking #cybersecurity
Want to know how to audit large software projects effectively? Eric Sesterhenn and myself will teach what you need to know @nullcon: https://t.co/nbcnSWhezN
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers