Olivia
Online
ISEC.pl
@isec_pl
Warsaw, PL
Joined November 2017
46 Following
301 Followers
105 Posts
@isec_pl @oss_security The timing wasn't planned, but the tribute was. His work continues to influence the research community 17 years on.
@oss_security @qualys Thank you @Qualys for remembering Wojciech, especially since today marks the 17th anniversary of his death, May 20, 2009.
For a Fistful of Dollars: Less than $100 of Compute Surfaces Pre-auth RCE in Apache httpd
Write-up: https://t.co/583opeDZbJ
CVE-2026-23918 - a pre-auth RCE in Apache httpd's mod_http2, found by Striga during our open-source research.
The bug triggers on a single HTTP/2 connection sending HEADERS followed by RST_STREAM with a non-zero error code. Two nghttp2 callbacks both push the same stream pointer onto the cleanup array, and the second pool_destroy hits already-freed memory.
We built a working RCE on x86_64 using mmap reuse and Apache's scoreboard memory as a stable container for fake cleanup structures.
Affects Apache httpd 2.4.66 with mod_http2 and a multi-threaded MPM.
Full technical writeup coming soon.
https://t.co/SI7p0zQToj
https://t.co/DcQSMnwhPx
Who to follow
OpenSecurity.pl
@OpensecurityP
Kuba - piszę o bezpieczeństwie, uczę bezpieczeństwa, testuję bezpieczeństwo. Chcesz być na bieżąco, zapisz się na newsletter: https://t.co/UequF4eIry
Fundacja Bezpieczna Cyberprzestrzeń
@cybsecurity_org
Celem Fundacji jest praca nad poprawą poziomu bezpieczeństwa w polskiej cyberprzestrzeni. Organizator Ligi CyberBastion i konferencji @SCSconference.
RIFFSEC 
@getriffsec
Threat Detection & Response Solutions
Kontakt: hello/at/riffsec.com
Unauthenticated RCE in Apache Tomcat (CVE-2026-34486)
The EncryptInterceptor was supposed to protect cluster communication. A fix for a padding oracle vulnerability moved one line outside a try block, and the encryption layer silently started forwarding every failed decryption straight into unfiltered Java deserialization.
We found it with Striga, built the exploit, and reported it to The Apache Software Foundation.
https://t.co/cygPWfXCnB
We used Striga to discover a high-severity vulnerability in axios, the most downloaded HTTP client in JavaScript. Any Node.js service that forwards user-controlled JSON through axios can be crashed with a single request. CVE-2026-25639. Patched in 1.13.5.
https://t.co/b2r8Ta5POy
https://t.co/aUpO9h4ag7
First public finding from Striga. Two vulnerabilities in n8n's expression engine chained into remote code execution.
230K+ active users, nearly 200M Docker pulls. CVE-2026-27577, CVSSv4.0 9.4 Critical.
https://t.co/seYI29mDpO
I'm super excited that my research: "Disguises Zip Past Path Traversal" has been nominated to PortSwigger's Top 10 web hacking techniques of 2025.
If you've enjoyed the read, a vote would mean a lot!
Link to vote in the replay below 👇
It's Black Friday! 🎉
Get FREE recurring API credits if you like + retweet this tweet (must be following @securitytrails).
If we get up to 100 RTs everyone gets 100 recurring monthly API credits. If we get over 100 RTs, everyone gets the # of API credits in the amount of RTs.
For the 2nd year in a row, my research was chosen for 'Top 10 web hacking techniques'. It's very encouraging that my 'WAF evasion techniques' is among other awesome researches and that I'm able to share my security thoughts with the #infosec community! https://t.co/PEoXZXKXDD
During that overwhelming time of 2020, I managed to research two #websec topics: "WAF evasion techniques" and "XSS fun with animated SVG". I'm glad they are both nominated by @PortSwigger for 'Top 10 web hacking techniques of 2020' https://t.co/L9gGdKGK7G
Our researcher @phaldrzynski reviewed some of the known and less-known WAF evasion techniques. In this article he presents a few approaches to deal with WAFs: https://t.co/NB4Duk1CtQ
From #SSTI to #RCE - how we detected and exploited the #vulnerability in two CraftCMS plugins to get remote command execution. Read and learn :) https://t.co/wfRAF58FeH #security #netsec (discovered by @llamaonsecurity and @phaldrzynski)
It's official! Dragon CTF 2020 has started on time :)
https://t.co/gEVJvYCrTa
Enjoy! Have Fun! Good Luck!
P.S. 47h 43m left...
Major vulnerabilities in #Cisco SD-WAN discovered by @isec_pl team. Discovered, fixed and published.
https://t.co/5UD7WyO8eK #netsec #cybersecurity #Vulnerability
👋 Piotr Szeptyński
Na co dzień realizuje projekty dotyczące bezpieczeństwa IT w Polsce i za granicą.
Na Oh My H@ck! 2020 przygotował temat:
🟪 W internecie nikt nie wie, że jesteś niedźwiedziem, czyli jak Rosja atakuje i broni się w Sieci 🟪
Więcej ▶️ https://t.co/Hypp7Fozgp
When writing a pentest tool leads to the discovery of a Windows 0-day... 😎
As promised, here is my latest blog post where I discuss this finding in detail. 🧐
Windows RpcEptMapper Service Insecure Registry Permissions EoP
https://t.co/v0lJGLNfML
Last Seen Users on Sotwe
Maen Santai
Seen from Indonesia
Bangladeshi old man video
propeler
Seen from Indonesia
الدلوعه
Seen from Algeria
Khing
Seen from Thailand
▌│█║▌║▌║ ░武░祖░ ░A░L░L░ ░D░O░N░G░H░U░A░ ║▌║▌║█│▌
Seen from United States
PEACHBUTT🍑
Seen from Italy
El Jr 👾🎮🔞
Seen from Switzerland
Hex Fetish
Seen from India
Verano
Seen from Germany
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers