Rojan Rijal

I just got access to an attacker's daily diary. Here is what I learned 👇 🕘 9:00 AM: Clock in. 🔎 9:12 AM: Google Dork says https://t.co/PpN8LQE7bz is still alive. 😎 9:30 AM: No rate limits, no auth. Just vibes. 🗃 10:00 AM: Dumped staging DB from https://t.co/aa8ZDOvcp3. 😬 10:20 AM: Reused creds work on prod. Consistency is key. 🛡 10:45 AM: Oh no… a WAF! 😈 10:46 AM: JK, it’s only on www. Your 12 forgotten subdomains are unprotected. 🥪 12:00 PM: Lunch break. Your asset inventory is crying is forgottenland. 💀 2:00 PM: You schedule a pentest. 📅 2:01 PM: For next quarter. 🪄 3:00 PM: Still pivoting. Still no alert. 🎯 4:30 PM: Internal Jenkins on an old subdomain. Secrets everywhere. 💰 4:45 PM: Got user data, employee data, AWS keys. It’s a buffet. 🕔 5:00 PM: Clock out. Easy day. jk..... Attackers don’t follow your IR plan. They don’t wait for your quarterly pentest. They don’t work 9–5. They hunt exposed assets, old creds, shadow subdomains, public GitHub leaks, leaked data in SaaS that will give away more information or give PII etc. They’re hacking every minute. Are you? #attacksurfacemanagement #offensivesecurity #cybersecurity #hacking #continuousmonitoring #assetinventory #offensivemonitoring

💥 Q1 Update from the Field: Real-World Hacking with Orion 💥 In Q1, we pointed Orion, our offensive Attack Surface Management platform, at a large enterprise to see what it could uncover. The results speak for themselves: 🔍 𝟵 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗿𝗲𝗽𝗼𝗿𝘁𝗲𝗱 🚨 𝟴 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹, 𝟭 𝗛𝗶𝗴𝗵 🤖 The High severity finding was discovered entirely by Orion with no human involvement 💰 Approximately $𝟰𝟱,𝟬𝟬𝟬 in rewards from responsible disclosure 🌐 Orion also surfaced multiple vulnerabilities in widely-used open-source software such as a supply chain vulnerability in a Microsoft repository The 9 issues had the potential to expose millions of users’ sensitive data including 𝗦𝗦𝗡𝘀, 𝗗𝗼𝗕𝘀, 𝗲𝗺𝗮𝗶𝗹𝘀, 𝗮𝗻𝗱 𝗮𝗱𝗱𝗿𝗲𝘀𝘀𝗲𝘀. If exploited, they could have led to major regulatory fines, incident costs, and increased insurance premiums. 𝗤𝟮 𝗴𝗼𝗮𝗹: 𝟱𝟬+ 𝗰𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗳𝗶𝗻𝗱𝗶𝗻𝗴𝘀 𝗮𝗰𝗿𝗼𝘀𝘀 𝗺𝘂𝗹𝘁𝗶𝗽𝗹𝗲 𝗼𝗿𝗴𝗮𝗻𝗶𝘇𝗮𝘁𝗶𝗼𝗻𝘀. 𝗟𝗲𝘁’𝘀 𝗴𝗼 🔍⚔️ #OffensiveSecurity #AppSec #RedTeam #SecurityAutomation #BugBounty #ASM

tj-actions compromise is a great reminder that pinning the action/dependency to a commit SHA instead of a version tag is safer and securer. We monitor repositories of some public organizations, and most of them are safe because they use a SHA like tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf. However, if an organization is pinning the malicious commit they are still vulnerable: 0e58ed8671d6b60d0890c21b07f8835ace038e67 https://t.co/QKhwswitVD #github #supplychain

🚨 Continuous Monitoring Prevents Million-Dollar Breaches 🚨 In cybersecurity, threats evolve but so should our defenses. At Ophion Security, we continuously monitor Fortune 500 companies’ public assets not just domains and IPs, but also SaaS services, cloud assets, and web applications that often slip under the radar. In October, we identified a vulnerability in a Fortune 500 subdomain that exposed highly sensitive PII (DoB, SSN, Addresses, Phone Numbers) to unauthenticated users. Fast forward a few months: Our continuous monitoring flagged a new but similar asset: a different domain, but familiar API patterns in its JavaScript. Recognizing the fingerprint of a shared infrastructure, we re-tested the vulnerability from October. It was still exploitable. We immediately reported it. 💡 Key takeaway? Cyber risks don’t end when you fix a single issue. Without continuous monitoring, this vulnerability could have gone unnoticed until an attacker found it first. 🛡️ Proactive security isn’t just an option it’s a necessity. If you’re not continuously monitoring your entire attack surface, someone else is. And they may not have your best interests in mind. #CyberSecurity #ContinuousMonitoring #BreachPrevention #AttackSurfaceManagement #CTEM #Pentest

Announcing: Ask Us Anything Security - A free security advisory for startups Security often gets pushed to the back burner at startups until something breaks or a big deal requires it. But what if you could get expert security guidance without the overhead? At Ophion Security, we have worked with startups and large enterprises to secure their products, cloud environments, and compliance posture without slowing down growth. As part of that mission, we’re offering free security advisory ask us anything, and we’ll personally reply with actionable advice. ✅ Worried about SOC 2, ISO 27001, or customer security questionnaires? ✅ Unsure if you’re protecting customer data correctly? ✅ Need guidance on securing your cloud infra, SaaS stack, or engineering workflows? ✅ Question about getting the right pentest done and what should be in scope? Drop your security questions here, and we’ll respond within 24 hrs, no strings attached: https://t.co/pNyBnLONfU #startupsecurity #growth #founders #security #TechStartups #CloudSecurity

As we build Orion actively, we run it against real world targets with disclosure policy. We did the same for Microsoft. Checkout the demo page to see how we are monitoring more than 4,000 users and 160,000 repositories of Microsoft and other organizations. https://t.co/1fRq4AfcjX #githubactions #githubsecurity #bugbounty #attacksurfacemanagement