Olivia
Online
HolyBugx
@HolyBugx
AppSec, and Automation.
Joined July 2020
557 Following
12K Followers
511 Posts
Don't rely on WAFs.
@infosec_au @assetnote DM’d you. You have a working repro for bypassing Cloudflare but not Vercel. Would love to correct the record or see the evidence.
@rez0__ Lots of contradiction & speculation with little data.
- "Hackbots find 1 % of vulns" → How was this measured?
- 2 → 3 → 4 % isn't a law; one jump ≠ trend.
- "Hackbot singularity this year" clashes with your "slow hand-off"
Where are the citations? Evidence or just vibes?
The results are in! We're proud to announce the Top ten web hacking techniques of 2024! https://t.co/XHPEeqPQLR
@SinSinology Beautiful, very well done! ���🏽
Who to follow
Youssef Sammouda (sam0)
@samm0uda
Security Researcher/Hacker
1st in Meta bug bounty program for 6 years
Opinions are my own and not my employer's.
The Bug Bounty Hunter 
@tbbhunter
Promotions or business ✉️[email protected]
ProjectDiscovery
@pdiscoveryio
Real, exploitable vulnerabilities. No noise. Nuclei scans fast. Neo closes the loop. @pdnuclei × @neo_ai_engineer
New blog post with @infosec_au:
We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.
The issue was reported and patched.
Full post here: https://t.co/QPzRIqqx9t
Introducing the Cookie Sandwich, a tasty technique to steal HttpOnly cookies using legacy RFC features: https://t.co/kellcWkFoL
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵
Research into a unique 0-click deanonymization exploit targeting Signal, Discord and hundreds of platform 🧵
Did you know you can use an ancient magic cookie to downgrade parsers and bypass WAFs?! Neither did we. Enjoy!
https://t.co/Hv62isyGNn
Check out our latest blog post! We dive into GitHub Enterprise’s SAML implementation and explore an authentication bypass in encrypted assertion mode.
CVE-2024-4985 / CVE-2024-9487: GitHub Enterprise SAML Authentication Bypass.
https://t.co/mFOE6GGkhO
1 Bug, $50K+ in bounties: how Zendesk left a backdoor in hundreds of companies #bugbountytips
https://t.co/8pkfFsXRWR
Attacking UNIX Systems via CUPS, Part I
https://t.co/T6SqraB5nh
@evilsocket Beautiful finding and writeup!
Love a good client-side exploit chain! This crazy cross-product chain targeting Google by @rebane2001 is a great example of the type of exploit that gets easier the longer you spend targeting a single company
https://t.co/mxhH2N7teW
In August, watchTowr Labs hijacked parts of the global .mobi TLD - and went on to discover the mayhem that we could cause.
Enjoy....
https://t.co/maUn3dHnee
In April, @samwcyo and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfortunately, DHS ghosted us after we disclosed the issue, and the TSA attempted to cover up what we found.
Here is our writeup:
https://t.co/g9orwwgoxt
Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! https://t.co/7ygwWXY0pd
Highlights include:
⚡ Escaping from DocumentRoot to System Root
⚡ Bypassing built-in ACL/Auth with just a '?'
⚡ Turning XSS into RCE with legacy code from 1996
Everyone knows that the RFCs for email addresses are crazy. This post will show without doubt that you should not be following the RFC.
https://t.co/HL0g9f7QEA
The whitepaper is live! Listen to the whispers: web timing attacks that actually work. Read it here ->
https://t.co/cBRLNpOZ6y
I recently developed and posted about a technique called "First sequence sync", expanding @albinowax's single packet attack.
This technique allowed me to send 10,000 requests in 166ms, which breaks the packet size limitation of the single packet attack.
https://t.co/puM7hZWIlE
Last Seen Users on Sotwe
Gizli Zevk Erkegi
Seen from Turkey
Big Chests
Seen from United States
𝕓𝕠𝕪
Seen from Malaysia
Sandara Inaka
Seen from Indonesia
love guys
Seen from United States
الزب العراقي
John Orbit's RMRL
Seen from United States
Parasi
Seen from Turkey
Yerli Gizli
Seen from Turkey
À la lanterne!
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers