Olivia
Online
Aditya rawat
@adihacks
Security researcher
India
Joined October 2020
266 Following
663 Followers
319 Posts
https://t.co/We4YmdaIWR
@termireum This was crazy, good work mate 💪
No username. No password. Just a header. How a simple oversight led to a $3,000 authentication bypass.
https://t.co/U2OntnQa0J
vibe coded a fuzzing ai agent last month and let it run for a week using my $200 claude max.
it then found 21 high/critical vulnerabilities in Chrome.
Who to follow
Ali Tütüncü 
@alicanact60
Security Researcher
Pratik Dabhi
@impratikdabhi
👨🏻💻Ethical Hacker 🐞Bug Hunter | Penetration tester 👨🏻💻Security Consultant at @Deloitte ☢️ Bugcrowd Top 300 | YouTuber (23k+ Subs) | Yeswehack Top 100
Mohd Waseyuddin
@waseyuddin
Data Engineer, Penetration tester and Bugbounty Hunter
Interview with admin of Spear forum
"This year, we will be #1 hub for cybercrime. We allow anything, except RAAS and CSAM"
https://t.co/PSkRckzALh
learning more reverse engineering and tried to make a basic agr recorder so i started with bo2, still a very much wip but the long term goal is to support multiple games
why books can’t be in the dark theme?
I've just released the slides from my @0x41con talk with @opa334dev - "The State of iOS Jailbreaking in 2025".
https://t.co/CfUjUNo5jq
So great to be back in Berlin at Nullcon! Slides from my talk can be found here for those interested: https://t.co/qDslNGiY60
🧪 iOS Pentesting: Step-by-step guide on "IPA Binary Analysis" using MobSF.
Guide: https://t.co/YLiMMbXYec
#infosec #pentesting
Anime series about tech / hacking / AI / programming
💻👇
My Phrack article, "Calling All Hackers" is finally out!
It's about what I learned going from a hacker to running a company—and how hackers can make a difference in today's world. And the shitty parts of startup culture no one talks about.
Read here: https://t.co/bkwCtyo9Wg
So far, I have written 706 pages to help the security community. My goal will be writing new articles of the Exploiting Reversing Series (ERS), which is focused on security research. However, I am planning to write one or two additional articles of my previous series MAS (Malware Analysis Series) to finish it off.
10. https://t.co/6SNMK1u99L
09. https://t.co/YMTSBl5HLa
08. https://t.co/yvXoY9uWtf
07. https://t.co/DIcpSdRpfW
06. https://t.co/AvjPAaTmQN
05. https://t.co/4wFVoBGapZ
04. https://t.co/PE7JeEM5lm
03. https://t.co/QXa2To5Z4S
02. https://t.co/BPt9L7QFdW
01. https://t.co/vGnT26NOin
#windows #idapro #kerneldrivers #kernel #infosec #reversing #malwareanalysis #vulnerability #securecode
This weekend, I watch teams competiting in Google CTF and did nothing else... Oh actually I wrote the solution for ZKPOK, enjoy :)
https://t.co/mbGeIAap9k
@VitalikButerin 😂!facts > conclusions
Release: VM Escape Exploit for Parallels Desktop Hypervisor (Pwn2Own 2021) https://t.co/QDj9wYcMwT (source code + video walkthrough)
A virtual machine escape exploit will typically require kernel privileges in the guest OS. In this exploit I chose to offload the reverse-engineered toolgate protocol implementation to a Python module, while keeping my low-level kernel code minimal, just enough to implement the attack interface - a nod to the principle of least privilege in systematic software engineering, which we miss a lot in non-trivial exploit development. -- @alisaesage
Today I received a $12,000 bounty using the Sandwich Attack ! 🤑
The vulnerability allowed me to enumerate the API Keys of other users 🤯
How did I do that ? Well the API key was a UUIDv1. If you are not familiar with UUIDv1s you need to know that they are constructed in 6 sections:
High, Mid, Low, Clock Sequence, Node ID, and UUID version.
Interestingly, the Node ID corresponds to the MAC address of the system generating the identifier. This means that if two consequent UUIDs are generated on the same device, this part remains the same, similar to the Clock Sequence.
When High, Mid, and Low are combined, they reveal a timestamp represented in hexadecimal value.
Using some basic mathematics it's possible to subtract the offset between the Gregorian Calendar and the Julian Calendar and then divide by 1000 to get an Epoch TimeStamp.
Ok now that we know that they are generated by a timestamp + machine ID, it means that we could generate them back if we know when the API keys were created 🧐
Luckily enough the API Key that I was using was generated in a batch, meaning I could use the Sandwich Attack in order to brute force the API Keys of other users easily 🔥
If you want to know more about how I exploited the Sandwich Attack, go check my video about this on my YouTube channel 🤟
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.2M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.5M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.3M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers