Olivia
Online
Sean Pesce
@SeanPesce
IoT & Android Hacker | OSCP |
United States
Joined August 2016
194 Following
255 Followers
90 Posts
@ozeniken @archiveis IIRC this is due to some archaic rules around classified data, and/or bringing data into classified spaces (e.g., SCIFs)
Just rediscovered this Smali bind shell I wrote a while back. Useful for niche scenarios like minimal exploit PoCs (i.e., overwriting DEX files for arbitrary execution). IIRC it compiles to a few hundred bytes.
https://t.co/yRLeaop1E3
#android #mobilesecurity
@rebane2001 @NotionHQ I've long thought there should be an option to retain history on 0-second meta redirects TBH
@Muntrive @FirewallFiasco @Hacker0x01 One-click ATO is absolutely a vulnerability, and often considered high-severity. Anyone saying otherwise is objectively incorrect.
Consider also that many XSS and CSRF attacks require a click, and they don't always guarantee something as impactful as ATO.
Who to follow
Mohamed Mahmoudi
@medmahmoudi_619
Penetration tester & security researcher
Sapra
@0xsapra
System architecture, Security enthusiast and Ai Geek !co-founder ctf team super guesser(@SuperGuesser - Defcon finalist 2021-25) @cred_club https://t.co/HILsR9KOln
Soumyani1
@reveng007
Red mind. Blue mission. Turning attack tradecraft into detections | CRTO | CRTP | @BlackHatEvents 2024 Arsenal, @WWHackinFest 2024 Presenter and @BSidesSG 2023
@fr4vian Yeah it's basically impossible unless you have a generous triager - I've found several one-click RCEs and all were rated "high"
@skcd42 @charliermarsh Yeah I believe this is just a general browser quirk, your highlighted selection is lost when the DOM is updated
@S1r1u5_ Not Chrome, but this one was a cool approach to finding issues in Android permissions logic
https://t.co/3goONAxU5T
@Ch0pin Also, excessive use of the "not interested in this post" button
@Ch0pin Nice! Definitely an under-researched topic
https://t.co/ArTDbFMAKk
Great blog post from @payatulabs: Understanding and Modifying the Hermes Bytecode
https://t.co/TOSl5ekwDX
@vasyaqwee @tdinh_me VS Code: right-click -> "format document," and when you copy/paste from it, it retains your (theme-specific) syntax highlighting
@MishaalRahman Actually, I've seen quite a few devices with security policies that let you install/sideload apps, but not enable developer options - this would still be a use-case for Termux
@MishaalRahman Wow, sounds like we might not need Termux anymore
We've just updated our URL Validation Bypass Cheat Sheet with a new IP address obfuscator by @e1abrador, and new payloads by @SeanPesce and @t0xodile. Check out the full details at: https://t.co/vX3DHRg9Zr
This is just a small sample from that list
Arc browser (on Android, at least) seems to block ads and annoyances by injecting a <style> element on every page you visit - it applies this style by using a giant list of more than 12,000 CSS selectors for common nuisance DOM elements
Exploiting Android Client WebViews with Help from HSTS
https://t.co/3gP6pVV8rM
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.4M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.7M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers