Olivia
Online
AppSec Wiki
@appsecwiki
An initiative to provide Application security related resources to Security Researchers by @exploitprotocol
Joined September 2018
1 Following
971 Followers
25 Posts
We've added a huge new topic, on XXE (XML external entity) injection. Lots of new content and 9 new labs!
https://t.co/JlL0rC4cvg
@VickyChawla6 Just corrected it, thanks for notifying me.
@marcusjcarey @jdubm31 @appsecwiki has one of the most comprehensive and high quality appsec resources I have seen. I am using it now to learn AppSec https://t.co/Px4DpvqHUi
Added a DevSecOps section in @appsecwiki with some intial links. Will continue to add more resources as i learn more about it.
Please add links/resources you are aware of. Thanks!
https://t.co/Ljf8IKT86m
Who to follow
Joel Margolis (teknogeek)
@0xteknogeek
AppSec by day, Hacker by night || Puzzle addict
dirty0124
@dirtycoder0124
A positive, never give up person. Founder of https://t.co/2H0KjZ5riG
Telegram group
https://t.co/bjQUMjI9Lh
Parth Malhotra 
@Parth_Malhotra
Hacking into your servers since 2012 :)
Research @pdiscoveryio
GitHub Desktop RCE (OSX) Bug Bounty writeup:
https://t.co/yodEPrbSeC
Thank you @GitHubSecurity for the bounty!
Story of my two (but actually three) RCEs in SharePoint in 2018: https://t.co/WRH0oYcc8N - it all began with a simple question in Jan. 2018: "have you worked with ysoserial .net?" what a year! Glad https://t.co/QdC0vrG8Xh is in Top 10 Web Hacking Techniques of 2017 @pwntester
New write up - "Reading ASP secrets for $17,000" - the really fun process of exploiting local file disclosure 🧐
https://t.co/JIzkytum1b
For better management of content, i have shifted all content of https://t.co/YpwVUJkocy to @appsecwiki now.
Apart from the existing content, Report/Writeups section is added. (https://t.co/ybrd6OWtJ2)
Planning to release some useful content next month. Stay Tuned 😉
There's a common misconception that 'X-Frame-Options: allow-from hxxp://example.com/' prevents framing. In fact, this isn't secure because Chrome doesn't support allow-from and never will: https://t.co/89BFnY1Y3p
So you can stop reporting Burp's XFO check as a false positive :)
Hackers, minor cool insight that I gained some time ago and found a vulnerability with: when you're looking at an asset that may use a microservices architecture, look for IDOR vulnerabilities using path traversal. E.g. https://example/?id=1/../2. See thread. #TogetherWeHitHarder
This is very interesting!
Here are the slides from me and @LittleJoeTables's talk "Getting Buzzed on Buzzwords" (a talk on using cloud tech to vastly improve pen-testing activities): https://t.co/GOsAmsVLUh
CC @_devalias @riposte_sec @bishopfox
A small gift from S2anta: @breenmachine showed how to abuse JasperReports for RCE (https://t.co/eiyP760xKf) - now here's a single .JRXML file to achieve the same thing if no .JAR's are allowed:
https://t.co/kVgan1VpAy
@Adekanmbi001 Sure! Please have a look at https://t.co/7FovxkbovZ
@VickyChawla6 I just pushed a fix for it. Change will reflect in 5-10 minutes. Thanks for letting me know about it . 👍
We just shipped our first newsletter.
You can subscribe to newsletter at https://t.co/eWZ1x3ABkR if you have not already.
Here is the link to this week newsletter: https://t.co/uMoTdqdCri
Thanks!
My latest #bugbounty writeup: A $2,500 IDOR in New Relic that allowed me to run NRQL queries and retrieve data from any New Relic account. You can read it here: https://t.co/GD6xqODEX0 Let me know what you think! #TogetherWeHitHarder #HackerOne
@VickyChawla6 Glad to know you liked it :)
Last Seen Users on Sotwe
Saikat Dey
Seen from India
lklklk
Seen from Indonesia
猫九大魔王
Seen from United States
ชอบหีฝรั่งอยากกระเเทกหีฝรั่ง
Seen from Thailand
Badisaba19 Yunus Emre
Seen from Turkey
Submissive Girl 🤎
Seen from Saudi Arabia
زاير ابها 25🥵
Seen from Saudi Arabia
acong
Seen from Indonesia
BURSA CUCKOLD & SWİNGER AİLESİ
Seen from Turkey
RAJANYA BAHAN COLI
Seen from Singapore
Most Popular Users
Elon Musk
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.3M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.6M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.3M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers