Olivia
Online
spidersec
@SpiderSec
- Suvadip Kar
Down to Earth
Joined December 2016
90 Following
5.6K Followers
329 Posts
ย Pinned Tweet
HTTP Request Smuggling in one Screenshot. ๐
If youโre around for Black Hat Asia Singapore ( April 1-4 ), letโs catch up!
โ๏ธ A lesser known tool, Osmedeus is the closest to Nuclei, that comes with an amazing web UI. You can use custom YAML workflows and vulnerability signatures just like Nuclei.
๐ https://t.co/AA21Rx7L7p
#bugbounty #bugbountytips #infosec #cybersecurity #Pentesting
Nice one!
Just Updated my Subdomain Enumeration Guide with new techniques, fixes, etc.
Have a look ๐
Boost your Recon game !!๐๐
https://t.co/MhzM6poLh9
#bugbounty #infosec
https://t.co/vx7cIbsYVS
This is fucking bananas and I can't believe I missed it.
hashcat -w 4
Exploiting Redis Through SSRF Attack https://t.co/C9hhxocO65
@payloadartist Its always about skills.
Just created a working POC for CVE-2021-40444 with folks @EG_CERT
Our Pre-Auth RCE exploit for Atlassian Confluence (CVE-2021โ26084) was leaked after reporting it to @VMware. They have refused to admit the leak and ignored our emails.
https://t.co/cwainPWv9y
Hard work, new car ๐๐ง
@ADITYASHENDE17 Thanks man
@satish28888 @satish28888 I personally use these nuclei templets and tools for my day-to-day work, they give good results.
https://t.co/ClVd6nYFsW
https://t.co/lVrxaNhWRv
https://t.co/O81Uo9mmnm
https://t.co/ddeoymQ7Cz
https://t.co/PcHm8yNRm7
https://t.co/4orMT84XHh
Yet another Account Takeover technique.
Seperator:
[email protected],[email protected]
[email protected]%[email protected]
[email protected]|[email protected]
Array:
{"email":["[email protected]","[email protected]"]}
Follow for more #infosec updates and #bugbountytips
![CySuite_'s tweet photo. Yet another Account Takeover technique.
Seperator:
email=victim@mail.com,hacker@mail.com
email=victim@mail.com%20hacker@mail.com
email=victim@mail.com|hacker@mail.com
Array:
{"email":["victim@mail.com","hacker@mail.com"]}
Follow for more #infosec updates and #bugbountytips https://t.co/2WEJyxentf](https://pbs.twimg.com/media/E9V2J_DXoAAeMpj.png)
@DenFox93 No, 200 is the server response status
Rate Limiting Bypass : (429 Too many Requests)
Append the headers to a request where the server is responding with 429
Client-Ip: IP -> 200
X-Client-Ip: IP -> 200
X-Forwarded-For: IP -> 200
X-Forwarded-For: 127.0.0.1, IP -> 200
IP = Random IP Address that you want to spoof
๐
@hummus_ful Yes you are correct, its not a valid test case for layer 4
If ip based rate Limiting is implemented, you can block a legitimate user from accessing the website
Client-Ip: Victim-Ip-Address -> 500 request -> Blocked
This is mostly effective on : "Ip Based Rate Limiting"
@0x01titsec Thanks mate.
Last Seen Users on Sotwe
Aslan
Seen from United States
gรผlรผnรผn gavat kocasฤฑ
Seen from Austria
ุฒุจู ููุณู๐
Donald J. Trump 
Seen from United States
fittman
Seen from Turkey
ุณุงูุจ ุจุฒูุณ 22๐
Seen from United States
Hollie Hotwife | No PPV OF
Seen from Switzerland
Turkish Cuckold
Seen from Spain
i love Fat people.
Seen from Singapore
็ๅฅณ้ฟๅงจๅฆๅฆๆฏๅญ
Seen from Japan
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers