Olivia
Online
sh
@_shellehs_
India
Joined February 2019
1.1K Following
23 Followers
143 Posts
Time for another giveaway!
We will pick 6 winners to win one of the following:
1x Annual VIP @hackthebox_eu Licence
5x @PentesterLab 3 Month Licences
To enter:
1️⃣ Follow us @BugBountyDefcon
2️⃣ Like this post ❤️
3️⃣ Re-tweet this post 🔁
Giveaway open until Monday June 15th! GOOD LUCK!
@NahamSec Bundle 1
Giveaway and new course 🚨
I just released a nuclei course and we have made it a part of our Black Friday bundle. You can get all of our courses for the price of one.
🎁I’ll give some away. All you gotta do is RT & reply with which bundle you want!
https://t.co/U3ijsLW98N
🚨 Doing a giveaway for my Blind XSS Masterclass
Most people think they know XSS, until they meet blind XSS, the kind that fires where you’ll never see it.
Same methods that helped me earn $250K+ from real reports. https://t.co/VL5jwf8alx
🎁 Retweet and reply to enter.
$1,000 GIVEAWAY 🎁‼️
Here’s how to enter:
1️⃣ Fill out the ITMOAH survey
2️⃣ Like this post
3️⃣ Comment your fave tool
4️⃣ Repost bc your friends deserve a chance too
Giveaway closes Sept 30 at 11:59pm ET. One hacker takes home $1K. 20 others will score $200 each. Already filled out the survey? You’re entered to win!
If not, now's your chance: https://t.co/aweXU9Lr3R
@Bugcrowd Burpsuite
#bugbountytips Bypass CloudFlare Rate-Limit
Ever struggled with CloudFlare rate-limiting when brute-forcing endpoints during your bug bounty research?
A simple yet effective bypass is right there in CloudFlare’s documentation — specifically, leveraging the _cfuvid cookie.
1. Send initial requests to your target domain (e.g., https://t.co/IMq3MWhYMV) to generate multiple _cfuvid cookies.
2. Save these cookies. Remember that _cfuvid cookies are bound to both IP address and user-agent, so ensure consistency to maintain cookie validity.
3. Randomly use the collected cookies when performing endpoint enumeration at scale (e.g., with 1000 threads).
This technique helps you avoid hitting rate limits, significantly improving your enumeration process.
#bugbounty #CFbypass #cloudflare
@xitsec Kya rank hai? Let's play xD
Someone posted on Twitter about a CTF where you could use "." in the protocol now. So I fuzzed it:
https://t.co/tiL0JDwSaU
Let me know if it was you and I'll update the description with the link. I couldn't find it anywhere.
Bug bounties ain't just web. Throwback to when @kernelpaniek and I got RCE on Steam Client via a buffer overflow in Server Browser 🚨
Root Cause:
🎯 Wide-char conversion without boundary checks inside serverbrowser.dll leading to stack corruption
Exploit:
🪲 Crafted oversized Unicode player name payload
🪲 Unicode-compatible ROP chain built from Steam.exe gadgets
🪲 Dynamic call to VirtualProtect to mark stack executable
🪲 Shellcode launches cmd.exe
Impact:
💥 Remote code execution (RCE) on Windows
🤔 Partial control on Linux (2 bytes of EIP)
🤔 SIGABRT on macOS (due to canaries)
Delivery:
📦 User tries to connect to a CS game via Steam client
📦 User visits malicious webpage triggering Steam protocol handler
Tools:
🛠️ Python for UDP server and payload generation
🛠️ Immunity Debugger for base address retrieval
🛠️ Steam Server Query documentation for packet crafting
Read the full report: https://t.co/ArdRSVLf3M
I'm very happy to finally share the second part of my DOMPurify security research 🔥
This article mostly focuses on DOMPurify misconfigurations, especially hooks, that downgrade the sanitizer's protection (even in the latest version)!
Link 👇
https://t.co/Hg1MkqVuGw
1/2
@yeswehack Black hoodie ♥️
Introducing the Cookie Sandwich, a tasty technique to steal HttpOnly cookies using legacy RFC features: https://t.co/kellcWkFoL
BEAST GAME EPISODE 3 IS OUT NOW!
To celebrate, I'm giving away $100,000 total to 10 random people who like and retweet this post!
Go watch it here: https://t.co/Yntf9E7FTN
I recently developed and posted about a technique called "First sequence sync", expanding @albinowax's single packet attack.
This technique allowed me to send 10,000 requests in 166ms, which breaks the packet size limitation of the single packet attack.
https://t.co/puM7hZWIlE
⚠️ Giveaway ⚠️
Want to learn modern reconnaissance and hacking skills?
Join The Bug Hunter's Methodology Cohort 5!
October 2nd, 3rd, 4th -
https://t.co/DvozzsLYiE
Like and retweet this post for a chance to win a free seat! Five winners will be announced on Sept 1st!
@nanditathhakur Hello ma'am, can you DM please 🙏
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers