Olivia
Online
BugBot
@BugBot4
CyberSecurity
The Netherlands
Joined November 2017
254 Following
440 Followers
201 Posts
ย Pinned Tweet
After waiting for 90 days, I am finally disclosing a bug in a popular forum platform that leads to email disclosure & FULL access to the forum's SMTP. https://t.co/3AId0WLphX
@IceSolst You forgot the third alert being their custom logic triggering on the same thing ;)
@wbmmfq Nooo don't do something new, think of the poor detection engineers!
Who to follow
Julien | MrTuxracer ๐ช๐บ
@MrTuxracer
Founder of @rcesecurity | #BugBounty | @Hacker0x01 MVH && H1-Elite | $1,5+ Mio in Bounties | Mobile Hacker | @[email protected]
Brandon Rossi
@0xConda
Healthcare Security Leader | Pentester & Security Researcher | OSCP โข CRTP โข OSEP
Rahul Maini
@iamnoooob
Research at @httpvoid0x2f @HacktronAI, before @pdiscoveryio
@snehalantani When SOC analysts detect a breached device in their environment, they may very well choose to observe a threat before isolating a device, or otherwise taking action.
Given that Huntress is a managed EDR solution, you could very well compare all on-boarded clients as "their env"
@apiratemoo He deserved what he had coming to him, smh
@SwiftOnSecurity You're right.
@vxunderground When you accidentally press the termite-disk-wiping button
Iconv, set the charset to RCE: in the first blog post of this series, @cfreal_ will show a new exploitation vector to get RCE in PHP from a file read primitive, using a bug in iconv() (CVE-2024-2961) https://t.co/7GQvKPszrl
Is your concern about groups vs users accounts for break glass accounts in CA policies?
Here are more things to be concerned about (read to the end, I have an answer).
๐ Someone forgets to exclude the BG user/group from a CA policy
๐ Someone is doing a clean-up and accidentally deletes the BG user/group
๐ Someone removes the GA role from the BG user/group
๐ Someone removes the auth method of the BG account
๐ Your BG uses FIDO2 and someone sets up an auth method policy that blocks the FIDO2 AAGUID (ps. this happened to me)
Anything else you can think of or comment below?
The solution, set up https://t.co/QbUp63ffXf to monitor your tenant for these critical config items. Even if something gets changed years later it will get picked up.
@fabian_bader wrote a bunch of tests for CA including one to check for BG exclusion on each policy.
The best part is you can write your own tenant specific test and have them monitored daily and alert you.
It costs $0 and less than half an hour to set up the automation.
im pirating Ableton Live suite 12
the .NFO has an interesting tidbit:
"does not modify any original binaries".
How does it work? lets find out. live reversing thread lets go
This is a blessing words can't describe.
๐ looks like Microsoft started with rolling out the Conditional Access features for controlling device code flow auth that I mentioned in my last blog https://t.co/jDPKPeRhpl. Seems to be in preview, not in all tenants yet.
@SwiftOnSecurity always deletes their hardest tweets :(
It's finally happening! pbctf 2023 is here
๐๏ธ Feb 18th, 14:00 UTC to Feb 20th 02:00 UTC (36 hours)
๐ A $10,000 prize pool
Proudly sponsored by @Zellic_io
https://t.co/EOKVUMmTBP
More car hacking!
Earlier this year, we were able to remotely unlock, start, locate, flash, and honk any remotely connected Honda, Nissan, Infiniti, and Acura vehicles, completely unauthorized, knowing only the VIN number of the car.
Here's how we found it, and how it works:
Since Elon Musk refuses to stop talking about free speech, letโs look at his actual record on the topic.
Thread ๐งต
New: here is the user manual for a mass surveillance tool that U.S. local cops are actively using. Based on location data harvested from ordinary apps installed on peoples' phones. No warrant needed, just login and search https://t.co/QUyLB3RwaZ
Company is ran by great people! 10/10 recommend
We are hiring :)
Are you an experienced vulnerability researcher or senior auditooor? We pay what you deserve!
@ur_ghostess @syndrowm @DefconParrot @defcon @viktoredstrom @patriksletmo @WhNdsSlp It was a good idea and you know it!
@gf_256 This put all other parties to shame ๐
Last Seen Users on Sotwe
SANGEEEAN
Seen from Japan
German Voyeur
Seen from Belgium
Camille009
Seen from Philippines
teroretjink
Seen from Singapore
Sange ga si Lu ?
Seen from Indonesia
lovely granny fukes
Seen from Turkey
Bella๐
Seen from United States
suka colmek
Seen from Indonesia
lililili
Seen from Turkey
blackecho 
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.4M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.7M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers