Olivia
Online
OldFriend
@b0ydC_
Joined February 2017
100 Following
148 Followers
592 Posts
We recently had a vision meeting with the Crit Digital team - the parent company of @ctbbpodcast.
The goal for the company is simple:
Promote hacker excellence in the bug bounty community.
Here is how we plan to do it.
Think you've got an XSS in Markdown?
Here's a list of payloads to try! 👇 (Thanks @cujanovic 🤘)
https://t.co/SFee3oEaEC
Oh hey @code_armor @armosec @ArnicaIO @appsentinelsai @attcyber @QwietAI @Zimperium @OxeyeSecurity @pangeacyber @sec_phoenix @Phylum_IO @pixeebot did you hear that we're looking for 2025 sponsors?
Learn more 👉 https://t.co/iu6DZOZFG8 and jump on this 🥁 🎸🎤 wagon!
#appsec
Who to follow
WYV3RN
@wyv3rn__
I'm a student in Canada and an Amateur at Bug Bounty! Socials: https://t.co/QnE3L3ca3o https://t.co/fHgiJBZlMj
Alex H.
@GodLevelAccess
kur3us
@kur3us
hacker | infosec | red team | appsec | pentest | cloud | CTF | husband | father | usafveteran | oscp | #badgelife
@[email protected]
@[email protected]
join the secure code summit by @BHinfoSecurity
My latest writeup about how to exploit file upload vulnerabilities, even when the server is hardened and "secured" 🔥
#BugBounty #bugbountytips #hacking
https://t.co/EusVCAPjP3
We'll be giving out 6 of these on the @ctbbpodcast episode that goes live on Thursday morning. A great gift for the hacker in your life <3
📚 The Smarter Bug Hunting (For Low Hanging Bug)
📌 Step 1: Gather Recon Data
The foundation of bug hunting is solid reconnaissance. Use tools like Amass and Subfinder to discover subdomains.
#amass enum -d https://t.co/x9T5IiIxMM
#subfinder -d https://t.co/x9T5IiIxMM -o subdomains.txt
💡 Tip: Target overlooked assets like staging environments or old subdomains—gold mines for misconfigurations!
📌 Step 2: Look for Open Ports
Scanning for open ports and services can lead you to hidden vulnerabilities. Use Nmap:
#nmap -sV -p- -iL subdomains.txt -oN nmap_results.txt
💡 Tip: Pay attention to non-standard ports; they often harbor interesting services.
📌 Step 3: Identify Vulnerable Endpoints
Use httpx to detect live endpoints:
#httpx -l subdomains.txt -o live_endpoints.txt
Follow up with FFUF for fuzzing:
#ffuf -u https://t.co/iEajasQlif -w /path/to/wordlist.txt -mc 200,403
💡 Tip: Fuzz for directories like /admin, /test, and /backup.
📌 Step 4: Test for Common Bugs
Some of the easiest yet impactful vulnerabilities include
1. IDOR (Insecure Direct Object References)
2. Misconfigurations in headers or access controls
3. Default credentials in login panels
Example: Testing for IDOR with Burp Suite:
1. Intercept requests and modify object IDs or parameters.
2. Observe the response for unauthorized data.
📌 Step 5: Automate Your Findings
Tools like Hakrawler can help you crawl and identify more endpoints:
#hakrawler -url https://t.co/MSZI5zc02U -depth 2 -plain > urls.txt
Pair it with ParamSpider for parameter discovery:
#python3 https://t.co/DXf9ZzK0qo --domain https://t.co/x9T5IiIxMM
🔑 Key Takeaway: Focus on actionable bugs with high reproducibility. These might seem small, but in the right context, they’re incredibly impactful!
#BugBounty #CyberSecurity #BugHunting #EthicalHacking #LowHangingFruits #PracticalGuide #CyberSecTips #InfoSec
🛑 GIVEAWAY ALERT 🛑 ⬇️
Today is day FOUR of FIVE days of @arcanuminfosec
and friends Black Friday and Cyber Monday giveaways!
Today we are giving away FIVE seats to our training:
"Red Blue Purple AI"
RBPAI is a cutting edge course on how to USE AI to scale your cyber security skills! It is the ONLY course of its kind!
Full Syllabus:
https://t.co/74xIHO49yf
Each person can have up to FOUR entries to the giveaway!
♻️ Share This Post = 2 Entries
♥️ Like This Post = 1 Entry
✍️ Comment This Post = 1 Entry
Winners will be posted next Tuesday!
🛑 GIVEAWAY ALERT 🛑
Today is DAY TWO of FIVE DAYS of @arcanuminfosec and friends Black Friday and Cyber Monday giveaways!
Today we are giving away FIVE seats to our flagship training:
"The Bug Hunter's Methodology Live"
TBHM is one of the BEST trainings in the industry for modern pentesters, bug hunters, and red teamers!
The next cohort is in two weeks but, these tickets can be used for any cohort next year.
• https://t.co/nUaEMBD1oo
Each person can have up to FOUR entries to the giveaway!
♻️ Reshare This Post = 2 Entries
❤️ Like This Post = 1 Entry
✍️ Comment This Post = 1 Entry
Winners will be posted NEXT TUESDAY!
🚨 GIVEAWAY ALERT 🚨
Today is DAY ONE of FIVE DAYS of @arcanuminfosec and friends Black Friday and Cyber Monday giveaways!
Today we are giving away FIVE seats to our new "Attacking AI" course in January! (Syllabus coming soon, it's gonna be a banger)
https://t.co/cY9vcI7rg0
Each person can have up to FOUR entries to the giveaway!
♻️ Reshare This Post = 2 Entries
❤️ Like This Post = 1 Entry
✍️ Comment This Post = 1 Entry
How to find the manifest.json file of any Chrome extension:
1. Go to chrome://extensions
2. Turn on Developer mode
3. Copy the extension ID
4. Go to ~/Library/Application Support/Google/Chrome/Default/Extensions
5. Find the matching ID then find the manifest.json file!
We've interviewed a lot of impressive hackers here on Critical Thinking - but Sharon Brizinov is really something else.
This guy won two awards at the latest H1 LHE and has been a regular at Pwn2Own for the past several years.
He does web & IoT. Enjoy!
https://t.co/xLSoG6QWA1
#BugBountyTip of the day:
If you're learning about cookie injection or parsing logic, you should read @ankursundara’s blog on cookie bugs.
Link: https://t.co/3BsHHw5YSG
Once you've read it, make sure to bookmark it for when you find yourself in injection contexts!
Struggling with WAFs that seem to block every XSS attempt? Here’s a lesser-known trick from @parrot409: the Chrome-only onscrollsnapchange event. We’ve just added it to our XSS cheat sheet for those hard-to-crack scenarios.
Want to become an ethical hacker? 🥷 Here's a list of my favourite [mostly practical] resources 📚
They are all free (or have a free option) and there's more high quality material here than anybody realistically has the time to complete ⏳
![_CryptoCat's tweet photo. Want to become an ethical hacker? 🥷 Here's a list of my favourite [mostly practical] resources 📚
They are all free (or have a free option) and there's more high quality material here than anybody realistically has the time to complete ⏳ https://t.co/yh5z0Iu9VS](https://pbs.twimg.com/media/F212Li5WMAAeJCt.png)
@NahamSec Niceeee!
🎯 Black Friday Special+ Giveaway:
Get the full course for just $29 (reg. $119) at with code 'FRIDAY2024'! https://t.co/xWSuabTpZ2
Includes: 15+ Hours of content + 100+ labs!
🎁 BONUS: reply & retweet - one lucky winner gets 2 FREE course coupons (keep one, gift one)!
We’re finally live! You can now watch “Listen to the whispers: web timing attacks that actually work” on YouTube: https://t.co/x9HO9KUWS0
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.6M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.5M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.9M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.6M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers