Olivia
Online
Rezy Dev 🇳🇵
@RezyDev
Security Researcher | HTB CPTS | Penetration Tester | Open To Work
Kathmandu, Nepal
Joined October 2021
129 Following
246 Followers
272 Posts
Pinned Tweet
Certified Hacker!! :D
@OreoB1scuit Very much yes. I have alot of reports pending with no reply and is killing motivation slightly.
Who to follow
Amit Jha 
@amit_code
Building myself mind, body & code 💻
Anshul Wadhwa
@Anshul_439
Backend Engineer | Building Scalable & Distributed Systems | Cloud & Infrastructure | Ex-Lua AI (YC F25)
Nuel
@_Bullish_trader
👨💻 Dr. (Optometrist) || AI/ML || Data Science || Data Engineering || Cloud || Data Analysis || Nma forever ❤️💔🙏😭
@wanahmadqais007 🔥 thanks
I have just completed the Attacking GraphQL module on HTB Academy!
Short yet perfect module. ;)
https://t.co/ndRaPxqHYo
#hackthebox @hackthebox_eu #webhacking
seems like using claude opus 4.6 is becoming new flex
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest [email protected] now pulls in [email protected], a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
@AlfinCodes For a single year, GoDaddy is pretty good with their first year discounts. For long term like 10 years, Cloudflare wins easy.
Quick tip for bug bounty hunters:
Use https://t.co/caxQhhxk4N to quickly extract interesting endpoints with a single click. It’s especially useful for finding API endpoints in large JavaScript files.
#BugBounty #BugBountyTips
@Ruturaj_04 Yes available in my github. Dm me I'll send you the link.
@EvanKlein338226 I tried techniques like case manipulation of event handlers and null bytes. Mixing tricks made some payloads work. One simple XSS payload I found on Twitter months ago still bypasses the Cloudflare WAF. Surprisingly, it still works! Haha.
Just found a simple Cloudflare WAF bypass 👀
<img src=x onerror=alert()> → blocked by Cloudflare
<Img Src=OnXSS OnError=alert(document.domain)> → bypasses the WAF and triggers the alert.
#BugBounty #BugBountyTips #WAFBypass
If you haven't sent 200 modified requests, you haven't tested anything yet.
#BugBounty
Another fun web hacking challenge I made for @hackinghub_io
Chain and pwn. :)
Link:
https://t.co/7F83RNCNGZ
@leroibull @hackinghub_io Hello @leroibull.
I can give you a hint or narrow things for you. Stay at is_admin_username(...) function properly. You should be able to solve it.
I just published a new Web CTF challenge: SmallMart 🛒
It’s all about source code review → find the bug → exploit it.
Try it on @hackinghub_io: https://t.co/yDXX99bIpu
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.3M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers