Olivia
Online
Jay ツ 🇮🇳
@jay_yaml
DevOps | Security Analyst | @nullahm
India
Joined September 2016
972 Following
455 Followers
2.5K Posts
Dalfox v3 has been released🔥
I've been rewriting it in Rust since August last year, and it's finally done.
The biggest change is the engine. v3 no longer depends on a headless browser like v2 did. Instead, it uses DOM/AST analysis to check whether an XSS finding is actually valid.
Tested on xssmaze, various challenge sites, and real-world targets, it reduces false negatives and false positives more effectively while scanning faster than v2.
https://t.co/maZDqTQPqs
Seneca hits you with a brick.
Pay attention to your life.
Stop blaming AI slop for what bug bounty platforms did to themselves.
👇 wrote down some thoughts about the state of triage
https://t.co/0dq1I61YGd
Who to follow
Kuldeep Pandya
@kuldeepdotexe
OSINT | Web | Binary | [email protected] | @SynackRedTeam Envoy && Hero
null Ahmedabad (n|u Ahmedabad)
@NullAhm
Ahmedabad chapter of India's largest open security community - null(@null0x00). Chapter Leads @parthiv_dudhat @m0dAshwa @bhanushali424 @jayvin_1244
Bhashit Pandya
@x30r_
@nullahm | Infosec guy and a scriptologist https://t.co/U34ZKYeEKS
When the frontend is doing the auth check, the frontend is the attack surface.
In our latest Exploits Explained, SRT Researcher @kuldeepdotexe breaks down three client-side authentication bypasses he found on real assessments:
1) Forging a JWT and expiry into localStorage after spotting an authRequired: !0 route guard
2) Flipping a sessionStorage loggedIn flag and setting userInfo to {} to satisfy a truthy check
3) Toggling is_active from false to true in an API response to unlock a hidden webhook flow for an inactive user
https://t.co/GMXehXStqU
Here’s the sauce:
- agent md file with lots of disclaimers about how it’s approved testing
- a bunch of hacking skills
- /goal find a crit on target . com
That’s literally 90% of the way there and enough to blow anyone’s mind who hasn’t been convinced yet.
when react2shell hit last year, i think vercel handled it brilliantly.
to protect their users, they paid $50,000 for every bypass researchers could find. we decided to participate, and ended up earning $170,000.
read how we did it here: https://t.co/2dM6Mf9PHU
Earlier this year @SLCyberSec’s research team disclosed a vulnerability that allowed us to leak PII and emails stored inside Salesforce Marketing Cloud instances, for any customer, without authentication. You can read more about our research here: https://t.co/Og4HoMPAFM
I developed this to save my time and stay updated with the latest in cyber security. It collect resources live through AI daily. I know it still has room for improvement, but I am sharing it with you all.
Have a wonderful Sunday!
https://t.co/7cGIl4bstf
@win3zz Nostalgic 😄
I pointed claude opus at chrome and told it to build a full v8 exploit for discord.
A week of back-and-forth pulling it out of dead ends. 2.3B tokens. $2,283 in API costs, and it popped a shell.
https://t.co/vwj9d33Bvq
26 LLM routers are secretly injecting malicious tool calls and stealing creds. One drained our client $500k wallet.
We also managed to poison routers to forward traffic to us. Within several hours, we can directly take over ~400 hosts.
Check our paper: https://t.co/zyWz25CDpl
Security Researcher in your bio?
Time to prove it.
Barracks Live Hacking Event [WarGames] × @BsidesMussoorie.
April 4–7. Mussoorie. 🏔️
![BarracksArmy's tweet photo. Security Researcher in your bio?
Time to prove it.
Barracks Live Hacking Event [WarGames] × @BsidesMussoorie.
April 4–7. Mussoorie. 🏔️ https://t.co/aAcIrcksfF](https://pbs.twimg.com/media/HE0zFJTb0AASdvQ.jpg)
@avishiiiiiii Try Gidima for their Benne and even Gujju classic GHOTALO, one of the best in town.
https://t.co/VyI219VEmd
CTF khel ke khud ko hacker bolta hai?
WarZone try kar… sach samajh aa jayega.
Enter the arena:
#barracks #cybersecurity
🔥Happening this Saturday at NULL Ahmedabad.
How to actually find and report your first bug. Security of AI agents. P2P systems with live tools and demos.
📅 28 March | 10 AM
RSVP now 👉 https://t.co/M6fmUTG8P8
@null0x00 @OreoB1scuit @imhardikrathod @amanverasia
#nullAhm
🚨 BREAKING: Someone just open-sourced a full offline survival computer with AI, Wikipedia, and maps built in.
Project N.O.M.A.D. is an open-source offline survival computer.
Self-contained.
Zero internet required after install.
Zero telemetry. Everything runs locally on your hardware.
What it includes:
→ Full Wikipedia archives via Kiwix
→ Offline maps via OpenStreetMap
→ Local AI models via Ollama + Open WebUI
→ Calculators, reference tools, resource libraries
→ A management UI to control
everything from a browser
One curl command installs the entire system on any Debian-based machine.
Runs headless as a server so any device on your local network can access it.
Minimum specs to run the base system: dual-core processor, 4GB RAM, 5GB storage.
To run local LLMs offline, you want 32GB RAM and an NVIDIA RTX 3060 or better.
No accounts.
No authentication by default.
No cloud dependency.
No phone-home behavior.
Built to function when nothing else does.
The grid, the cloud, the API you depend on. None of it is guaranteed.
The people building local-first systems right now are the ones who won’t be asking for help when access disappears.
Most JWT content is stuck in 2015.
alg=none, weak secrets, basic misconfig screenshots.
That’s not where the interesting bugs are.
I usually keep this stuff private.
This time I’m dropping it publicly ↓
https://t.co/Sm0oiwjyxV
Super cool work by @s3bsrt
HTTP trailers can be a blind spot. Proxies usually ignore them, but backend servers will happily merge them into the main headers, letting you sneak payloads right past security filters.
Blog link 👇
https://t.co/gpLb4G2Ksm
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers