Olivia
Online
Himanshu J
@jhimansh
Strategy | Security. Recognized and awarded under responsible disclosure program by Microsoft, Google, Red Hat, Zoom and many more in the past.
Pune, India
Joined May 2015
352 Following
114 Followers
303 Posts
Pinned Tweet
Third security research report that I submitted got accepted by Microsoft.
Three cases in 1 year. Goal achieved.
Will be disclosing about the finding once I get a confirmation on the implementation of a fix.
#hacktosecure #responsibledisclosure #bugbounty #infosec #CyberSec
Need to extract API endpoints and the request body schema of each endpoint after supplying a web URL as input. Exploring Puppeteer and Cheerio library, but facing accuracy issues affecting data quality. Which library should I use? Suggestions?
#appsec #opensource #NodeJS #API
@airtelindia Your broadband is non-existent since last entire month in Pune and there is no way to contact the customer care. If you cannot fix the issue for a month, just inform the customers that you have given up so we can switch to a better internet service provider.
What happens to AppSec when moving to an API environment?
One of the things that I observed when trying to understand the difference between doing application security and API security, is that we're often pushing business logic out to the client.
This…https://t.co/MdncrBYAkK
Who to follow
Ved Parkash
@v3d_bug
Curious to Learn
naveen
@nvk0x
Bug Bounty Hunter • Microsoft MVR 2025
Web/AppSec • Supply Chain • Web3 Security
🏍️ Riding bikes & hacking stuff ⚡
Shivansh Kumar
@Mr_7i74N
Sovereign Individual | Aspiring Polymath | Engineer | Pro-Nuclear Fusion energy Environmentalist | Rational | Progressive | Pragmatic
Agentless vs. agent AppSec for SaaS startups
Let me start by saying - I know. I know the sound of the word agent probably gives you the shivers. Hear me out.
Agents have gotten a really bad reputation in the past years, and in most cases rightfully so…https://t.co/akInpxQ0vV
@ShubhamPargaon1 Thanks brother!!
Thrilled to get an invite to celebrate with Microsoft MSRC's most valuable security researchers and Microsoft employees in Las Vegas next month.
#SecurityResearch #infosec #responsibledisclosure #bugbounty #MSRC
Type: HTTP parameter pollution to horizontal privilege escalation.
Asset: Azure Active Directory
It's always a pleasure working with the amazing analysts at Microsoft Security Response Center.
#SecurityResearch #bugbounty #hacktosecure #infosec #MicrosoftSecurity
This is my 4th case with Microsoft's MSRC. This report got triaged in April and a fix was recently pushed. My 1st report was accepted in 2020, then 2 cases in 2021 and now another case in 2022. Happy to receive recognition from Microsoft 3 years in a row for 4 independent cases.
just because an exploit payload looks simple doesn’t mean it didn’t take a bajillion hours of source code auditing to find
A thread all about CSRF Tips
Pro tip : Bookmark and Retweet this Tweet!
Another security report triaged, accepted and resolved.
Program: Private.
Severity: Medium.
#cybersecurity #responsibledisclosure #hacktosecure
#informationsecurity
Thank you @GoogleVRP for the book! Looking forward to reading this one soon.
#InformationSecurity #Bugbounty #hacktosecure
Happy birthday @stokfredrik!🎉
Thank you for the amazing work that you do! Wishing you a wonderful year of good health, happiness and success!
Hoping to see many more Bounty Thursdays in the future. Cheers!
Be humble. Be teachable. The universe is bigger than your view of the universe. There's always room for a new idea. Humility is necessary for growth. 🧠
One of the very first few reports that I submitted to Rockset on Hackerone just got disclosed. A non-admin user could access a page meant to be accessed only by the user with admin privileges.
Severity: Medium(4.3)
https://t.co/8nnY087VEC
#informationsecurity #infosec
A submission got accepted as a valid issue by Asana on Bugcrowd.
Vulnerability falls under broken access control to information disclosure.
Severity: P4
#hacktosecure #responsibledisclosure #bugbounty #infosec #CyberSec #informationsecurity
“Hacking cannot be taught. Hacking can only be learned.”
(based on a quote from Mikhail Botvinnik about Chess)
I’ve been doing a lot of offensive security source code auditing of enterprise apps over the last six months and every time I show my friends critical pre-auth PoCs they usually respond with “wow i can’t believe no else found that” - the magic is uncovering this attack surface
Last Seen Users on Sotwe
KAYALIZHI 🌻🌺🥰
Seen from India
オナ仁田アプシ‼︎‼︎‼︎‼︎‼︎‼︎‼︎
Seen from Netherlands
goddess ann 🩷
Seen from Spain
Indian femdom promoter
Seen from Belgium
Glasgow Tool Library
Seen from United States
cockkytaliban
Luna
Seen from Kuwait
ExAvocatine(DrEnMaturation) 
Seen from France
suka 69
Seen from Malaysia
April_Cy
Seen from France
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers