Olivia
Online
CryptoCat
@_CryptoCat
Security Researcher @rapid7 ๐
Hacking Content @ ๐
Not Here
Joined May 2016
229 Following
8.8K Followers
8.1K Posts
ย Pinned Tweet
Want to become an ethical hacker? ๐ฅท Here's a list of my favourite [mostly practical] resources ๐
They are all free (or have a free option) and there's more high quality material here than anybody realistically has the time to complete โณ
![_CryptoCat's tweet photo. Want to become an ethical hacker? ๐ฅท Here's a list of my favourite [mostly practical] resources ๐
They are all free (or have a free option) and there's more high quality material here than anybody realistically has the time to complete โณ https://t.co/yh5z0Iu9VS](https://pbs.twimg.com/media/F212Li5WMAAeJCt.png)
We helped FFmpeg find and fix 21 security vulnerabilities.
In a 1.5M-line codebase, we spent just $1K in API costs. Some of these bugs had been hiding for decades.
We also developed a PoC demonstrating an RCE primitive when FFmpeg processes RTSP streams.
Full write-up: https://t.co/mIrjirCgcB
Not even Google is safe from RCEs, and we brought @brutecat on the pod to talk about his hacking journey on Google!
https://t.co/FtkQysEeiC
@BuildHackSecure @I_Am_Jakoby I DMd last week but haven't heard back yet. Hopefully he's just taking a break from social media.
Who to follow
Ryan M. Montgomery 
@0dayCTF
Pentester / Serial Entrepreneur / Child Safety Warrior โ https://t.co/9c4DBWMYiQ
Youssef Sammouda (sam0)
@samm0uda
Security Researcher/Hacker
1st in Meta bug bounty program for 6 years
Opinions are my own and not my employer's.
ProjectDiscovery
@pdiscoveryio
Real, exploitable vulnerabilities. No noise. Nuclei scans fast. Neo closes the loop. @pdnuclei ร @neo_ai_engineer
@Hacker0x01 The words "train", "fine-tune" or "improve" generative AI models also leaves a lot of room. Most companies don't use data to "train" models, they give standard models (e.g. Opus) access to data, tools etc.
@Hacker0x01 "Researcher submissions" leaves room for all kinds of legal tricks. What do you actually use for training? Any anonymised data that was once a part of a report? Presumably if all the training data was publicly sourced, you'd be quick to confirm that ๐
@h4x0r_dz They are probably being legally accurate when they say they train on "researcher submissions". Like when the NSA said "nobody is *listening* to your phonecalls" ๐
@njcve_ fixed by tomorrow ๐
Writeup coming ๐
https://t.co/GsHEzuCOt4
New video about the argument injection bug I found in Gogs!
https://t.co/gRhZgeg8O0
New @rapid7 observed exploitation of PAN-OS GlobalProtect auth bypass vulnerability CVE-2026-0257 which allows authentication bypass cookies to be forged for VPN access. Full details, technical analysis, PoC , IOCs and remediation guidance in the blog: https://t.co/Bye7K5gzKO
4 RCE chains across 4 LiteLLM versions, each patched within days of working.
What started as #Pwn2Own Berlin prep turned into a race against the vendorโs commit log.
https://t.co/OFB7GBIosm
By @bestswngs & @bruce30262
Let's go! ๐ฅ
Offensivecon's talks are now available on our YouTube channel!
๐ https://t.co/cBmHPsj7qV
@ngosytuanbug Thanks bro! ๐
This is required reading today.
@caseyjohnellis didn't even write this today about MSRC - but it nails it.
Full disclosure IS the agreed upon path forward to keep a vendor in check who stonewalls, threatens, or otherwise is shit to work with for security researchers.
Found an unpatched RCE in Gogs ๐ Any authenticated user can get code execution on the server through argument injection into git rebase. Full @rapid7 writeup + @metasploit module available now!
๐https://t.co/VAYLxZ6o1b
I won't keep you in mystery any longer, here's how I found an XSS vulnerability *in* Shazzer!
The chain involved some interesting browser techniques no sane developer could foresee. Check out the details below:
https://t.co/nY20Anz0VO
(and thanks @garethheyes for making Shazzer!)
I don't normally complain about dupes but some of the reports I've got queued atm.. I really hope not ๐ค
Follow every Mythos discovery through our coordinated vulnerability disclosure dashboard.
https://t.co/xri3fTpf77
StubZero: $148,337 RCE in Google Cloud Production
https://t.co/m7cBnSTaj4
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers