Olivia
Online
Harsh🧢
@harshinsecurity
Security Researcher / Engineer |Ex-@tekioncorp Ex- @synopsys | Cyber Security Enthusiast | Maximalist
/dev/null
Joined June 2016
801 Following
712 Followers
1.1K Posts
I've been doing bug bounty for years.
I just published a long piece on what it actually feels like in 2026, and why something fundamental has shifted.
https://t.co/bK0VS5VeAA
Would love to get your feedback on it here on X or directly on the blog
🚨 Sam Altman literally gave a 43-minute masterclass on turning ideas into billion-dollar companies.
Most people will never watch it.
And instead of hype, he broke down what actually makes startups work.
No fluff. Just reality.
He explained that ideas don’t matter nearly as much as execution. The difference between something small and something massive isn’t the idea it’s how relentlessly it’s built and improved over time.
He also emphasized that the best founders don’t chase everything. They focus on one thing that truly matters and push it forward with extreme clarity. Distraction kills more startups than competition ever will.
And then there’s scale. Truly big companies aren’t built for a niche they solve problems that millions of people care about. If the market isn’t large enough, the outcome won’t be either.
His biggest insight? Startups don’t win because they’re smarter they win because they stay in the game longer and iterate faster.
That’s why this masterclass stands out.
Because while most people are waiting for the perfect idea…
The best ones are already building.
@_jensec see you there.
Needle in the haystack: LLMs for vulnerability research
I've distilled my experience of sending thousands and thousands of prompts for using LLMs to discover vulnerabilities into a single write-up.
These are the conclusions I came to..
(link in comment)
Who to follow
🚀 Looking for a Backend Developer (Paid Internship)
Tech - Nodejs + MongoDB
🎓 2nd/3rd year college students preferred
👉 Drop your best project link + email in the replies.
I’ll reach out if it looks relevant!
#Internship #NodeJS #MongoDB #Backend
REGEXSS: How .* Turned Into over $6k in Bounties
Overly-greedy regex replacements can break HTML sanitisation & lead to XSS. Includes a live demo you can try exploiting it yourself!
https://t.co/xfN95R9dUo
#BugBounty #BugBountyTips #XSS #AppSec
2 AM in a Tokyo hotel room: @assetnote x Depi find a Dependency Confusion vuln that lands RCE on Netflix !
🚀 Shout-out to @infosec_au for the "keep digging" spark & Netflix security for stellar triage. Full write-up in thread 🧵
Things are happening soon… 👀 https://t.co/TDBsU2MeYv
@RayuduAmbati Bro, I had to control myself so much to not cuss you out
Excited to share How to find IDORs like a pro writeup
based on 5 real world findings🔥.
Here's the link:
https://t.co/a8G8crAzQV
#BugBounty #bugbountytips #infosec
Ok, so @slonser_, some of the folks in the CTBB discord, and I (@rhynorater) did a bit of follow-up on this and found a couple more useful primitives:
Today I used a technique that’s probably not widely known in the community.
In what cases could code like this lead to a vulnerability? ->
just wrote a blog post based on this technique and described the methodology to take advantage of it, the post also includes an easy-to-set-up testbed to practice with, hope you find it useful
https://t.co/iknDcYk6ps
it can also be used to leak the full URL of the parent by injecting it into the srcdoc of a sandboxed iframe
We’ve created a lab to demonstrate how an OAuth token can be leaked using a referrer policy override. Check out the article and try the lab here
https://t.co/xuy9Wr2Lx2
This is an oldie but a goldie.
If you want to learn more about SSRF, watch this @owasp talk by @NahamSec and @daeken!
This is a goldmine of SSRF nuggets including:
🪲 SSRF via URI Schemes
🐞 SSRF via Javascript (XSS)
🐛 SSRF via Styling
🐜 SSRF using (PDF Gen ‘0day’)
🪳 SSRF via DNS Rebinding
🦟 SSRF to XXE
And more! Watch now 👇
https://t.co/fZNdQ294Nt
Exciting News: My Second Write-Up is Now Available!
https://t.co/boOuuOMs63
Dive into the details of the bounty that ranks as the 3rd highest I’ve received on @Bugcrowd
"A Journey of Limited Path Traversal To RCE With $40,000 Bounty!"
Collaborated with @GodfatherOrwa ,
This Write-Up is not just informative but also a fun read.
Enjoy reading and happy hunting!
#BugBounty #BugBountyTip #BugBountyTips #Bugcrowd #HackerOne #SOC #CyberSecurity #infosec
I interviewed 57 security leaders to answer one question: What sucks in security right now? The answers were fascinating, frustrating, and occasionally funny 🧵
Cyber Security Interview Questions for Freshers
https://t.co/JWb9D65FEQ
Application Security Interview Preparation questions.
Credit - Internet
https://t.co/gpWbgCKdrY
https://t.co/jdQJtSYUjL
https://t.co/OyObbwSbwf
https://t.co/dDxC2TU0JW
https://t.co/AvuBAnXzqK
https://t.co/AvuBAnXzqK
https://t.co/ThxJIAyM4U
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers
✨
⭐
💫