Olivia
Online
Philippe Arteau
@h3xstream
Security Researcher, interested in web security, crypto, pentest, static analysis but most of all, samy is my hero.
Montréal, Canada
Joined September 2011
215 Following
2.5K Followers
418 Posts
We’re finally live! You can now watch “Listen to the whispers: web timing attacks that actually work” on YouTube: https://t.co/x9HO9KUWS0
Did you know that the CPU vuln "Zenbleed" 🩸 (CVE-2023-20593) was found through fuzzing?
I was able to talk to @taviso and learned about his novel approach 🤯 it is so clever!!
🎯 "After some research; [...] we had to conclude that this was unknown to the public and that it could potentially be an unintentional bug in MSSQL."
Read our latest blog ⬇
https://t.co/UppnOYryxE
#cybersecurity #AWS #Amazon #EthicalHacking
![GoSecure_Inc's tweet photo. 🎯 "After some research; [...] we had to conclude that this was unknown to the public and that it could potentially be an unintentional bug in MSSQL."
Read our latest blog ⬇
https://t.co/UppnOYryxE
#cybersecurity #AWS #Amazon #EthicalHacking https://t.co/i5n1xBoSRA](https://pbs.twimg.com/media/FzJqNznWIAMPBC-.jpg)
Achieved first blood jackpotting the ATM at @NorthSec_io #nsec2023 CTF this weekend! The most insane and thrilling hack I've pulled off at a CTF so far, it certainly caught the eyes of everyone in the room and the event organizers, describing it "straight out of a movie"!
Who to follow
xer0dayz
@xer0dayz
Founder of @Sn1perSecurity. Creator of Sn1per and @SILENTCHAINAI. Top 20 worldwide on @bugcrowd in 2016. OSCE/OSCP - https://t.co/iqw8gBpkKb
Soroush Dalili 
@irsdl
Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐
Mr.Un1k0d3r
@MrUn1k0d3r
I don't know how to search on Google so I do research on my own and tweet about it. Hacking as a life style
https://t.co/a05mevChzu
It's now to late to register (the training session started today) but here's a funny video @h3xstream made about my training...
https://t.co/CHARfxjvnx
Fun fact: during my first @NorthSec_io training session years ago, both @h3xstream and @el_d33 were in the room! 😓
Today, I learned that Express returns a Refer*r*er header via `req.get('referer')`
code: https://t.co/WfbXfTBn5P
Java doesn’t stop to amaze me. CVE-2022-45146 is one of the most bizarre bugs I’ve seen lately. https://t.co/z7Y1QxJXlZ
Had some fun with OGNL sandboxes last year. Read how I bypassed Atlassian Confluence and Struts ones in my latest blog post https://t.co/SyMtMMhhPv
Chrome has removed the path property from events in version 109. We've updated our article about bypassing CSP with AngularJS to reflect this. The workaround is to use the composedPath() function.
https://t.co/vPcoz9c4Go
Nominations are now open for the Top 10 web hacking techniques of 2022! You can view the current nomination list and submit your favourite new techniques here:
https://t.co/w8BO7NgAE2
Another SAML bug to wrap up the year: https://t.co/CBVI65lfIi.
I just published Exploring the World of ESI Injection
Feedbacks are appreciated , let me know if you liked it or not :)
Special thanks to @nytr0gen_
https://t.co/DE2uH3Lp4c
Are you using the browser’s autofill feature to log in? See how it can be used to steal your credentials with an XSS in this blog post by @mo_bergeron: https://t.co/NGT2ukmURt #GoSecureTitanLabs #browser #xss #cybersecurity
Over a month ago Apache Struts submitted fixes for
CVE-2021-31805. Not sure everyone noticed, but there were multiple RCEs fixed in this. Here was another: https://t.co/LfCbUnMZi8
"Abusing HTTP hop-by-hop request headers" by @nj_dav was nominated as a top web hacking technique back in 2019, and has just blossomed into an F5 BIG-IP unauth RCE!
https://t.co/8WYT6JNOhh
https://t.co/tdQzM1OG5L
https://t.co/ZPVrMVxDkr
Finding #Java gadgets chains has never been so easy with the help of #CodeQL. Checkout our latest article, in which @hugow_vincent demonstrates a new technique to leverage the power of CodeQL to find new gadgets:
https://t.co/RJTzjJTufH
QLinspector:
https://t.co/PeqYoaaQUl
I wrote an article about small privacy leaks prevalent in web applications. These are not the most critical vulnerability patterns, but it was still a lot of fun to document.
Are you aware of these common pitfalls that can compromise #applicationsecurity and leak private user information? Our latest blog illustrates 6 hard to find but important #privacy risks for developers to consider. https://t.co/7yw38uSReG #appsec
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers