Olivia
Online
İSHİKA ☆
@chmodx1sh
Learner | CyberSecurityEnthusiast | RHCSA | • Web App Pentester • | Core Team @BarracksArmy
Joined June 2020
174 Following
3.3K Followers
1.3K Posts
Pinned Tweet
They verify your login in client-side JavaScript, never on the server. So you can walk right in.
New write-up: Client-side Authentication Bypass. 4 real cases (one led to a $4,000 SQLi):
https://t.co/XYNTSx2t6q
#BugBounty #AppSec #InfoSec #BarracksArmy
When the frontend is doing the auth check, the frontend is the attack surface.
In our latest Exploits Explained, SRT Researcher @kuldeepdotexe breaks down three client-side authentication bypasses he found on real assessments:
1) Forging a JWT and expiry into localStorage after spotting an authRequired: !0 route guard
2) Flipping a sessionStorage loggedIn flag and setting userInfo to {} to satisfy a truthy check
3) Toggling is_active from false to true in an API response to unlock a hidden webhook flow for an inactive user
https://t.co/GMXehXStqU
One of our own just hit their first 3-digit bounty. 🛡️
Every bounty has a story behind it.
Late-night testing.
Duplicates.
Learning from labs.
Community support.
From learning web security fundamentals…
to solving labs…
to attending community events…
to facing multiple duplicates before finally landing a valid bounty.
This is the journey most researchers go through - persistence is the real skill.
Huge congratulations on the milestone and thank you for sharing the journey.
We’re proud to see members of the Barracks community turning learning into real impact.
Welcome to the growing list of Barracks Graduates.
Full story in the comments 👇
Who to follow
Godfather Orwa 🇯🇴
@GodfatherOrwa
Hacker | Bug Hunter | Cooker | Top 5 P1 Warrior On https://t.co/dzFQH75OWj | LevelUpX Champion | 10+ 0Days/CVEs
Ravindra Lakhara🇮🇳 
@RootxRavi
BSCP | CREST CPSA & CRT | OSCP | CRTA | CRTP | eJPT | eCPPTv2 | eWPTX | eMAPT | Yogosha 20 | Bugcrowd 200 | Open for freelance project
Imamul Mursalin
@inscryption1
Security enthusiast aka Cyber Security Researcher
For reference, I followed this: https://t.co/CIyVVv3GY2
🔥⚔️ BIG NEWS!
Barracks (@BarracksArmy ) joins BSides Mussoorie as our WarZone Partner!
Hyper-realistic WarZones. Real AppSec chaos. Adapt. Report. Thrive.
Get ready for intense simulations & battle-tested learning. 🚀💥
#BSidesMussoorie #Barracks #CyberSecurity #WarZone #AppSec #TrainingPartner
@Hacker0x01
@caseyjohnellis
@Bugcrowd
@MayhemSec
@intigriti
@Apple
@SentinelOne
@immunefi
Bsides Vadodara 2026 ⚡
@kuldeepdotexe Thankyouuuuuuuuuu ✨✨
Last Seen Users on Sotwe
👑The Real FloydJohnson👑
Seen from United Kingdom
Kween Hella
Seen from Greece
Budak nakal
Seen from Malaysia
tomnoon
Seen from Thailand
helenaejavi
Seen from Italy
Madison ivy
Seen from Ukraine
Hotwifesophie💋
Seen from Turkey
pasu3 sumut
Seen from Indonesia
How's she cuttin
Seen from Ireland
wolver_peen
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers