Olivia
Online
pritch
@elpritchos
just wanna htp and control eip!
Tokyo-to, Japan
Joined September 2016
306 Following
147 Followers
158 Posts
Aaaand it's official! Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning a whooping $200,000 and 20 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
New blog post: Ruby Array Pack Bleed
PoC + breakdown of a simple out-of-bounds reads in Ruby's Array#pack
@camiaei Ah ok, thank you. I'll keep chatting to you on the PR then.
As an engineer, I ❤️ clever engineering.
Ruby on Rails relies on signed sessions (AES GCM). They are secure, but there is a catch: you cannot invalidate them early. You have to wait for expiry. Workarounds exist, like caching sessions you want to kill, but nothing universal.
Who to follow
elttam
@elttam
Expert-led penetration testing, supported by AI-assisted analysis, to uncover real weaknesses and strengthen systems against real-world threats.
ss23
@ss2342
I annoy people on the IRC and Twitter
Michael Gianarakis
@mgianarakis
co-founder/CEO @Assetnote. Organiser of @sectalks_BNE & @tuskcon. @[email protected]
We are cooked.
Google DeepMind Genie 3 just broke the internet.
10 wild examples
1. Nothing feels real anymore
If you’re on twitch you can now follow me there, username is nastystereo
The channel will be focused on hacking, link in the next tweet
This is absolutely the greatest recognition for a researcher. Thank you all!
The Fetch API supports Blob objects as request bodies, not just strings!
Blobs can omit a type, enabling cross-site POST requests without a Content-Type header.
Even with non-empty bodies, the Blob's data becomes the request body!
(credit: @lukejahnke)
The detailed version of our #WorstFit attack is available now! 🔥
Check it out! 👉 https://t.co/EWlBSgXhpx
cc: @_splitline_
🧵My latest blog post is live 🔥 Read it to learn what SafeMarshal is and *two* very different ways to escape and get RCE!
https://t.co/OxRAkwhFp7
Probably my last CVE for the year: JWT Algorithm Confusion in a C library...
https://t.co/43WTiBq2JM
🧵New blog post! Introducing the _json juggling attack in Ruby on Rails
🧵Can you work out how to bypass this vulnerable CSRF protection? Read all about this gotcha in my latest blog post
🧵I just published a new blog post, this time about vulnerabilities in a web framework written in the R programming language!
https://t.co/xI316Irhsu - Where reporting the vulnerabilities is left as an exercise for the reader
Want to provide feedback on upcoming posts before they’re published? Drop me a DM!
Last Seen Users on Sotwe
mandroo
Seen from Indonesia
Bambi 
Seen from United Kingdom
브이브이커플
Seen from Korea
AFRO WORLD🍆💦🔞
Seen from South Africa
kesedapan malam
Seen from Netherlands
balak anak ikan
Seen from Malaysia
اليمن من إب
Futbolistas Desnudos
Seen from Ecuador
Edark (05-22 junio GDL ✈️)
Seen from Mexico
호아루
Seen from Korea
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers