Olivia
Online
putsi
@putsi
White hat hacking in Team ROT. Also, hacker-for-hire & bug bounty hunter --
Tampere, Finland
Joined September 2015
2.6K Following
2.9K Followers
940 Posts
Pinned Tweet
Wrote a blog post about how to host private Burp collaborator instance. It also has some scripts to make it a bit easier and faster.
https://t.co/YQc2mbNcNg
Modifying Burp Collaborator config file every time you need to host a new payload takes too much time.
If self-hosted Burp collaborator could serve files from a web root directory like Nginx does, would you use it? (I’m gathering votes for a support case)
As promised, here's the first sneak peek into our new AI-powered features coming to Burp Suite Professional next month... 👀 🤫
First up, we have Explain This.
#BurpAI #BurpSuite
The results are in! We're proud to announce the Top ten web hacking techniques of 2024! https://t.co/XHPEeqPQLR
Spamming "hi" at every LLM: a thread.
Can LLMs find vulns? Here’s what Project Zero found
https://t.co/lH6lksfTwR
I bet a song composed and performed by an AI will be a Top 40 hit during this year.
Video of the Keynote talk from last T2 infosec conference in history:
𝒮𝒴𝒮𝒯𝐸𝑀𝒮 𝒜𝐿𝒞𝐻𝐸𝑀𝒴. By @thegrugq.
https://t.co/5NrHNuNAmA
This is how tears look like under the microscope. Insane
The first two weeks of the Vision Pro were absolutely insane.
Here are 13 examples that prove the Vision Pro is the best piece of tech ever invented.
1) Real-time 3D surgery
https://t.co/DdQOZlnDV0
Check out our new blog post! We hacked into Apple Travel Portal (yes, again!) using a 0-day Remote Code Execution exploit. Part 1 is live now, stay tuned for the follow-up on another RCE worth a total bounty of $40k!
https://t.co/az4wNhDYyO
The SSRF/auth bypass affecting Ivanti Pulse Connect Secure (CVE-2024-21893), is a great example of what can be achieved with a fully blind SSRF vulnerability (RCE).
Read the @assetnote blog here which includes a reliable payload and generation steps: https://t.co/cOYpmbWHrS
I've made $500k+ from SSRF vulnerabilities.
Here are my tricks:
PortSwigger Web Security disclosed a bug submitted by @mattaustin: https://t.co/2eqUVAsOLn - Bounty: $3,000 #hackerone #bugbounty
Hackers, an important one. e.g.: we heard that CVSS "PR" is handled inconsistently (should be PR:None for self-sign-up). We're transparently listing a set of Detailed Platform Standards for consistency across programs. Need your help -- what to cover next? https://t.co/sCmLSLJUnn
Web Security vs. Binary Exploitation
As promised: Here's the first $10,000 @Intel bug (aka CVE-2022-33942) that allows to bypass the authentication of Intel's DCM by spoofing Kerberos and LDAP responses.
Exploit inside, enjoy 🥳
https://t.co/PmK0Xq2T4o
#BugBounty #security
Earlier this year, the Paranoids Vulnerability Research team disclosed a critical remote code execution (RCE) vulnerability in @GoIvanti’s endpoint management product: https://t.co/CMIktsDTH8.
CVE-2023-21939 - Code Exec - PoC
https://t.co/f1fpkVMRWR
Here's a write-up on a Browser-Powered Desync bug that I discovered in the Azure CDN service known as Front Door. The entire concept is built upon the excellent research by @albinowax. Initially identified within the @intigriti program.
https://t.co/sgpXEFVxzm
#bugbounty
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers