Olivia
Online
Geetansh Aditya
@AlphaXAstrum
Joined January 2026
14 Following
1 Followers
84 Posts
Apps behind reverse proxies can't use the visiting IP address as a source of truth, because the actual request to the webserver comes through the proxy, not directly from the browser. To fix this, many reverse proxies add a HTTP header with the source IP as the value (typically X-Forwarded-For).
This can sometimes be spoofed by simply adding that HTTP header ourselves.
Follow along with this lab walkthrough here 👇
https://t.co/MgHTPdCQAv
Password brute-forcing doesn't always need to happen on a login field! 🚨
In this lab walkthrough, we brute-force a password by abusing "change password" functionality.
Play along here 👇
https://t.co/AIb1ehWQYA
🚨NEW LAB!
Exploiting an AI powered security scanner to perform destructive actions.
Watch the video walkthrough and follow along for here (free) 👇
https://t.co/jkZcMklzeg
In this lab walkthrough, we exploit a blind OS command injection vulnerability to exfiltrate the output of a command via DNS! Pretty nifty!
Follow along here 👉 https://t.co/AjNlGav1DS
On live targets, password reset flows are an *excellent* target. Any bug in the flow can result in a full account takeover and getting them right is surprisingly complex.
Walk with me through exploiting some broken logic in a password reset flow.
Follow along here: https://t.co/lMzyWlOn1V
Full account takeover via 2FA bypass!
Follow along as we perform a 2FA bypass against Carlos' account.
Sign up and navigate here to access the free lab: https://t.co/aH1V9UQTlO
When an application is vulnerable to SQL injection, attackers can leverage the UNION keyword to extract data from additional tables within the database.
What is UNION keyword used for?
UNION is used in SQL to combine the results of two or more SELECT queries into a single result set.
Here is how it works:
Example SQL Query:
`SELECT a, b FROM table1 UNION SELECT c, d FROM table2`
For the above query to work, the following needs to be true:
- Both queries return the same number of columns.
- The data types in each column are compatible.
Once true, both the tables will be output as a single result.
Find out how the UNION keyword can be used to figure out the number of columns and data type in a database!
Check out our SQL Injection course for more 👇
https://t.co/3L2wcurHzD
Have you ever cracked a password? 🔑
In this lab we use an XSS to steal Carlos' password, which contains an encrypted password, and then we crack it to gain access to his account!
Follow along with me here: https://t.co/EkXXP2Q6ot
Turn your Nmap scan into a clean report in seconds ⚡
1️⃣ Scan with XML output
2️⃣ Convert it to a readable report
Simple flow:
nmap -> xml -> xsltproc -> html
Perfect for documenting recon during bug bounty hunts.
AI code review has come a long way, but it can't catch everything.
We gave Neo MedPortal and asked it to find IDOR and authorization flaws.
Neo cloned it from GitHub, deployed it, and ran AI code review AND runtime testing parallel.
🟣 Identified IDORs and auth flaws
🟣 Created test users to validate exploits
🟣 Discovered 17 vulnerabilities (CVSS 5.4–8.1)
🟣 Patient-to-Patient and Doctor-to-Doctor attack paths
With runtime testing, it iterates through the application, verifies each finding, and provides reproducible PoCs.
Finally, it prioritizes fixes and provides clear remediation.
Try Neo today 👇
https://t.co/0mTmsRlHNJ
Discover URLs passively from multiple sources with urlfinder 🌀
Urlfinder quietly maps web assets without ever touching the target!
Watch Neo test an application and uncover critical access control flaws with perfect accuracy.
It found that a policyholder could approve their own claim and set arbitrary payout amounts by bypassing role checks.
Try Neo today 👇
https://t.co/TshfnAi43Q
@Bugcrowd B can stop Path Traversal, but isn't safe as we can access any file from uploads. So all of them are bypassable in a way. But path traversal, then yes B can stop it.
What’s going on here?
Spot the bug. 🐞
Production is hardened, but staging often isn’t.
Use this one-liner to discover dev and staging environments.
Your FFUF command isn’t returning anything useful, is it?
The problem usually isn’t the wordlist. You’re likely getting filtered or rate-limited.
Slow it down, control your rate, use realistic headers like a browser, and filter the noise so real endpoints stand out.
Try now 👇
Want to try out a simple 2FA bypass with me?
Follow along here 👉 https://t.co/GMwnKdyQo1
@ritu_twts I mean VS code in itself isn't an IDE either, it needs the right extensions. And if that's the case then Neovim can't be beaten, its better if you know how to use it.
This one is common in SPAs.
Did you SPOT it already?👀
👇
Last Seen Users on Sotwe
Po iu oi k14
Seen from Vietnam
🔥 آمـ◎ځـيارة🥒🔥
Seen from United States
Aosad سالب
Seen from Kuwait
小布熊
Seen from Singapore
MATURE LOVER
Seen from Turkey
Trai Đẹp Cu To
Seen from Vietnam
Cậu bé nông thôn
Seen from Vietnam
enjiii
Seen from Indonesia
Lilly Hall
Seen from Kuwait
HUB BESTE
Seen from Germany
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
61.9M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers