Olivia
Online
iQimpz
@iqimpz
Full-Time Bug Bounty | Christian |
Joined November 2020
236 Following
1.4K Followers
633 Posts
StubZero: $148,337 RCE in Google Cloud Production
https://t.co/m7cBnSTaj4
Our security research team discovered a pre-authentication arbitrary file read as root in cPanel (CVE-2026-29205) — a path traversal in cpdavd that we made exploitable by abusing Dovecot's + alias handling to create attacker-controlled directory names on disk.
We've updated cpanel2shell-scanner to cover both issues. Writeup and tool in replies.
👇
@monkehack Geez Monke, killing it🙏
Tomcat JMX Proxy exposed without auth?
Wrote a blog about how I got shell on a production Tomcat behind Cloudflare despite the deploy API being locked down, WAF blocking payloads, and CDN filtering template syntax.
8 dead ends. Then AccessLogValve + docBase + relaxedQueryChars + EL injection. 14 requests to RCE.
Tool + nuclei template included!
https://t.co/Ll5IkcnkDa
#bugbountytips #bugbounty
@ArchAngelDDay Option 1 💯. Option 2 doesn’t sound fun tbh👀
I’ve been digging into HTTP Trailers and found some new smuggling techniques:
https://t.co/gpaIiYkSHs
New: I'm sharing the @trailofbits Claude Code defaults. This is how we setup, configure, and use claude code:
https://t.co/aEIXdpCztt
Vulnerability-spoiler-alert has detected its first two live “negative-days” in Grafana! CVE-2025-41117 (XSS) and CVE-2026-21722 (Privesc) are still unpublished right now, but is detectable via commits in the open-source repo. That’s at least 1 hour early. PoCs and more at https://t.co/Tom5BRqpKA
Voting is now live for the top ten web hacking techniques of 2025! Grab a coffee, browse the 61 quality nominations and cast your vote on the most creative and ground-breaking techniques:
https://t.co/srZ9GhJgSN
.@trailofbits released our first batch of Claude Skills. Official announcement coming later.
https://t.co/vI4amorZrc
We've published a new blog post by RyotaK @ryotkak
He discovered 8 methods to bypass safety mechanisms in Claude Code, leading to arbitrary command execution.
We recommend updating to v1.0.93 or later to fix this vulnerability (CVE-2025-66032).
https://t.co/sNu7Z9QoXk
@monkehack We on the same page this week! I’ve been closing those “open loops” and figuring out where AI fits into my workflows.
Sharing my Burp Extension that earned me $200k in 2025 while API testing heavy JS-rich targets.
https://t.co/2ttRurgoPh
The tool helps find endpoints, files, internal emails, and some secrets from minified JS.
Its goal is to achieve maximum efficiency with reduced noise in results. Contributions and feedbacks are welcome.
@monkehack Killed it! Not suprised👌
Windows IPC Deep Dive, by @haider_kabibo
1 https://t.co/WXPXxYwT0U
2 https://t.co/vdZcjzyyyz
3 https://t.co/Xymk9LE0sp
4 https://t.co/zmAGonybBR
5 https://t.co/rUOLhwYzHZ
6 https://t.co/uKuSglYtJQ
7 https://t.co/pOmrJhf3kK
8 https://t.co/db882XQ5zo
9 https://t.co/5DomsZQ9co
@G0LDEN_infosec for GUNGNIR the crt log transparency monitor!
https://t.co/3XUEhOjKUL
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers