Olivia
Online
Null Spect0r
@nullspec7or
Pentesting (Network || Web || Api || Kubernetes || Containers & Docker )
Currently working as a Jr. IT Security Engineer
Hobbyist Bug Hunter
Joined June 2025
575 Following
23 Followers
169 Posts
Just rolled out a new portfolio + blog website.
Will try to put the past web vulns chains , ethically hacking and securing different governments, militaries , VDPs and anything "cool" would be updated here. Till then, pls have this cat pic for your time reading this. Thanks!!
> fable has heavy guardrails
> Fable processed my request to find bugs with a little twisted prompt
> Fable gave results in my mentioned format
> Fable has heavy guardrails
Not sure about the "heavy guardrails" lol
@TwoSevenOneT This is really awesome and most importantly turns it's own functionality on its own lmao. Great work as always!
A recruiter from Big 4, called and rejected my profile for which was asked by linkedin inmail. My skills and resume was 1:1 match , maybe overkill, but fall short on experience. Don't know how to cover this one ๐ฅฒ๐น
Shouldn't skills take priority than having "experience" ๐
Chinese Hackers Have Intruded Into Western mobile networks and the results can be devastating!
https://t.co/79Ri0Lp8xx
@_aircorridor @three_cube @DI0256 @IamSmouk @co11ateral The most useful thing I can say for these resources is 1. Sourced from/ inspired from real life 2. Applicability of this in real life
This becomes significant for things like , SCADA, SDR, Satellite and stuff.
@ni5arga Excellent work!! The only time I got the fast response is through, nciipc and in that , specifically fast for PII data leak of Indian Army.
An old tale but maybe relevant.
In 1984 Ken Thompson, one of the creators of Unix, gave his Turing Award acceptance speech and used it to demonstrate something that most people in security still have not fully thought through.
He showed that you can modify a C compiler to automatically insert a backdoor into any program it compiles, including the login system. Then you can teach that same compiler to insert the backdoor into future versions of itself, even after you remove all traces of the malicious code from the source.
So you clean the source. You recompile. The backdoor is still there. Because the compiler itself is compromised and the compiler is what turns your clean source into a running program.
The question he left the audience with was simple. How do you verify that the compiler you are using to build secure software has not already been tampered with?
You cannot read machine code the way you read source. And if the tool you use to check is also compiled by the same compiler, you are trusting a chain that could be poisoned anywhere.
This was 1984. People thought he was being theoretical.
Then SolarWinds happened in 2020. Then the XZ Utils backdoor in 2024.
https://t.co/faEqmYM2H8
#InfoSec #Hacking #SupplyChain #CyberSecurity
Yup most direct shortest summary for HTTP return codes ๐
@0day_ninja Honest reaction could be like ๐
@0day_ninja Almost every CISO & compliance teams after they "ticked everything in compliance checklist" lol
@attackndefense Oh, they were so close ๐
This is really cracked at this point ๐
But anyway, serious efforts by some of the best minds and innovative techniques, both who got the chance and who didn't!
Need to continue learning a lot ๐ฎโ๐จ๐
What an exciting Day! After Day One, we awarded $523,000 for 24 unique 0-days! DEVCORE (@d3vc0r3) is currently in the lead for Master of Pwn, but a pack of teams are right on their heels. Stay tuned tomorrow for more results and surprises. #Pwn2Own #P2OBerlin
What just happened? Are my eyes deceiving me?
Unexpectedly pleasant surprise though.
Thanks chief @the_IDORminator !
Winners of the May 14th course giveaway have been picked by Grok! Congrats, and I will message you a code shortly!
@ch0mpaa
@the_jacked_dev
@readerhash707
@nullspec7or
@GroovySolutionz
A while back @harmj0y released Koh, which keeps logon sessions alive after a user logs off - letting an attacker reuse their credentials after the session ended.
Poking around today - I found event 6182 in the LSASRV ETW provider, which fires when this is detected.
This is a timer-based event, not real-time, with the default timer being set to 30 seconds after logoff
RCEliteLLM - Chaining an Environment Variable Leak with Jinja2 SSTI for Remote Code Execution
https://t.co/ak9bOVRG0N
PoCs for Apache Tomcat Unauth RCE (CVE-2026-34486) and Apache httpd Pre-auth RCE (CVE-2026-23918) are now public on our Github.
Tomcat exploit is fully reliable. httpd chain works in a controlled lab setup with a known info leak.
https://t.co/D3dg5iTuwP
https://t.co/2zyr1ds4Mo
Last Seen Users on Sotwe
ู
ูุฑุง
Seen from Netherlands
Baramos68๐น๐ญ 
Seen from Thailand
็ไธฝ็
Seen from United States
BDSM'in JOKERฤฐ
Seen from Canada
BALIKESฤฐR olgun kapalฤฑ kadฤฑn siker
Seen from Turkey
Underwear Hunter
Seen from United States
Tรผrk Porno +18
Seen from Turkey
Anh Trฦฐแปng
Seen from Vietnam
ุงูุง ุตุงุญุจ ุงูุณุนุงุฏู
Seen from Egypt
SNAPSTUDIO
Seen from United Kingdom
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers