Olivia
Online
hakim
@hakivvi
web pentesting and low level stuff.
Joined June 2020
327 Following
467 Followers
276 Posts
Early this week, we had a meeting at Apple Park in Cupertino. While there, we also shared with Apple our latest vulnerability research report: the first public macOS kernel memory corruption exploit on M5 silicon, surviving MIE. It was laser printed, in honor of our hacker friends.
Full story: https://t.co/AmKMGUmWPt
Did you know that running Chromium with these two flags --disable-web-security & --single-process ANY website can access your local files.
https://t.co/N8OBX7Q2Hn
I am actually very interested in puzzle design! I spent some time a few years ago working on https://t.co/qkxvMNWCz1 which (I hoped) would help CTF authors write non-guessy challenges. So I decided to make a "exploratory" style challenge (a collection of a few easy problems) 7/🧵
So this happened a couple of months ago, but we reported an account takeover - in a multimillion users entertainment platform - that earned us $4,500 (Collaborated with @Mr_nyly & @S0nG0ku_H). since it's a private program, I can't disclose a thing, but here are some takeaways 👇
Who to follow
Tur.js 
@Tur24Tur
Interested in Application Security, Bug Bounty, Reverse Engineering, Frida & Ghidra @NoBugEscapes @BugBountyZip
https://t.co/bltifT1jkQ
VCSLab
@vcslab
This is the Twitter channel of VCSLab - the research team of Viettel Cyber Security
Alex Plaskett
@alexjplaskett
Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
IP whitelisting is fundamentally broken. At @assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: https://t.co/X3dkMz9gwK
CVE-2025-30466: Safari <18.4 UXSS to bypass Same-Origin Policy with CVSS of Critical 9.8 🔴 ;)
https://t.co/VyYEoj3L3G
@orange_8361 Congrats 🍊
Overflows? In my runtime? More likely than you think
https://t.co/T8cRl5r7M3
Launching a student-only free workshop: ".NET Exploitation Basics" 🪲
If you're a student (or know one), let's write some deserialization exploits, Manchester, July 12.
10 seats.
https://t.co/ZNdfB8R1pO
@S1r1u5_ spot on! makes it pretty easy to quickly test a wild idea in the most obscure programming language.
🔥 A new (more difficult) era for mXSS will come soon! If nothing breaks, Chromium will start escaping "<" and ">" in attributes starting with M138.
See https://t.co/lXfe86tpmd for details.
I'm thrilled to announce "HTTP/1 Must Die! The Desync Endgame", at #BHUSA! This is going to be epic, check out the abstract for a teaser ↓↓↓
this is sick!
Today I used a technique that’s probably not widely known in the community.
In what cases could code like this lead to a vulnerability? ->
New blogpost! Want to see how we exploited @Synology network-attached-storage devices at Pwn2Own Ireland?
RCE to root via out-of-bounds NULL-byte writes, click the embed for a fun little writeup of CVE-2024-10442 🔎🎉
https://t.co/VOhC5NSCat
Introducing Deep Research for arXiv
Ask questions like 'What are the latest breakthroughs in RL fine-tuning?' and get comprehensive lit reviews with trending papers automatically included
Turn hours of literature searches into seconds with AI-powered research context ⚡
I think everyone had enough fun with it that we can now remove this feature 😊
This is an excellent finding and analysis by @stephenfewer https://t.co/wouIEVa2V9. Reminds me of @orange_8361’s recent work. Poetic RCE.
Unrestrict the restricted mode for USB on iPhone. A first analysis @citizenlab #CVE-2025-24200 👉 https://t.co/CkqMPz2qEp
Just finished my writeup about CVE-2025-23369, an interesting SAML authentication bypass on GitHub Enterprise Server I reported last year. you can read about it here: https://t.co/Ee61EoACtE
I have posted a writeup for a challenge I authored recently that exploits Django's flatpages, read it here: https://t.co/uAA224dGnO
Last Seen Users on Sotwe
Xena⚜️
Seen from Indonesia
زوجه متحرره
ชอบเย็ดกับแม่ยาย
Seen from Thailand
dd664455
Seen from Thailand
some-swing vck
Seen from Vietnam
Ella Reese
Seen from Germany
Sasquadsaaaa
Seen from Indonesia
Прибрежный(Rezerv)
Seen from Belarus
Papua pegunungan
Seen from Indonesia
Chen Long
Seen from Indonesia
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers