Olivia
Online
Alex Cowperthwaite
@AlexInSecurity
Everything can be hacked, it's just a question of resources and creativity.
Toronto
Joined February 2011
795 Following
174 Followers
453 Posts
Param Miner 1.51 is now out in the BApp store! In case you missed it, Param Miner now uses timing analysis to detect hidden parameters, and help detect & exploit reverse proxies. Let me know if it finds you anything cool :)
Fortra FileCatalyst Workflow CVE-2024-6633:
dbPassword="GOSENSGO613"
Les mots de passe, c'est nul ! Avec 86 % des violations impliquant des informations d'identification volées, il est temps d'adopter les passkeys.
Découvrez pourquoi ils repr��sentent l'avenir de l'authentification dans la conférence perspicace d'Alex. @AlexInSecurity
Our offensive security team has been working closely with the maintainers of the TorchServe project and AWS to correct two vulnerabilities that could compromise AI infrastructure. Read more in the blog: https://t.co/Xcmji553H8
#AISecurity #AIIntegrity #AIVulnerability
Who to follow
Bishop Fox
@bishopfox
A leading provider of #offensivesecurity solutions & contributor to the #infosec community. #pentesting #hacking
VC @forgepointcap @carrickcapital @WestCap8
Kenny_L0gins
@3v0lver
Security stuff and Breakbeats, forensic plumber. Not a criticality-safe geometry. - Death is just the turning of a key in a lock. He/Him
sir kent norton Golden Eagle Consultant
@sirkentnorton
Psychic health coach, pro-photographer gerontologist; certified court mediator. Harvard medical mind-body https://t.co/kM5CoCQpl5 trainer/iran
So Apple has gone and updated the iMessage protocol to incorporate both forward security (very good!) and post-quantum cryptography. https://t.co/c7lidT3P9b
This shows again how our government are disconnected from the reality and doesn't understand technology. Banning a tool that is use in less than 1% of car thief is NOT going to reduce car theif.
Ignorance of deputies like @FP_Champagne is a danger to cybersecurity in Canada.
This iMessage exploit is crazy. TrueType vulnerability that has existed since the 90s, 2 kernel exploits, a browser exploit, and an undocumented hardware feature that was not used in shipped software:
https://t.co/YJdY6alLbV
Google starts prompting users to create a passkey for their account by default, but says passwords will "still remain part of our lives as we make the pivot" (@zombie_wretch / The Verge)
https://t.co/LSZ0CzE6Gg
📫 Subscribe: https://t.co/OyWeKSRpIM
https://t.co/X85d9Bqb28
Holy shit Microsoft figured out how their signing key was leaked
https://t.co/bJuY0tDFzn
Apparently there are concerns that the LastPass thieves are cracking vaults and stealing cryptocurrency seed phrases. https://t.co/xHcAA0qluf
Thrilled to be able to launch a new cloud tool to the community.
Huge thanks to my employer @Vectra_AI for supporting #opensourcesecurity
#threatdetection #cloudsecurity
See you all @cloudvillage_dc !
This is one of the most underrated enumeration/discovery techniques out there.. I've had lots of success with it. Great to see a new tool to help with this technique!
Releasing my first proper open-source tool: CloudPrivs. Brute force AWS permissions from credentials. Has a very high coverage rate is fast. https://t.co/KDLHUtQdz2
#infosec #Pentesting #Hacking #CyberSecurity
Just released a post on Windows driver signature timestamp forging 👀 really stoked to finally release this! This technique effectively bypasses driver signature enforcement in Windows https://t.co/LIdEUlbsy0
The team behind this sphere have claimed it is "unhackable" - cc @defcon
If you’re an H-1B stuck in an endless green card line, set your alarm for July 16.
Canada now has an experimental program where they’ll give 10000 permanent residencies to engineers that the US is repelling.
Part of their new tech talent strategy.
https://t.co/aTCwNoRgSw
Time to announce my latest project - https://t.co/T5Ju5hkI4k
Super exciting stuff.
Google released passkey support today!
Need to bypass the JWT signature? Kid param injection + directory traversal = signature bypass
Vulnerable apps using 'kid' for key retrieval might allow attackers to force a predictable key file (e.g. static file or /dev/null)🔓 Crafted malicious tokens signed w/ known key
https://t.co/GEZzjZdos7
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
61.9M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers