Olivia
Online
scryh
@scryh_
Cloud Vulnerability Research at Google. Opinions are my own.
Joined May 2018
247 Following
1.7K Followers
125 Posts
This was a fun one to discover!
SQL syntax can be ambiguous, and MySQL anticipated this a long time ago. Other SQL dialects stuck to the spec, leading to SQL injection when the right stars align:
What a year! We look back and summarize our security research highlights of 2024:
🪲 Vulnerabilities in Jenkins, SourceForge, Joomla, and much more
🎙️ 7 talks, including DEF CON and Hexacon
🏆 5 nominations and 1 award
https://t.co/EYfGfOn9ni
#research #vulnerability #appsec
Introducing InternetCTF! 🤯 Earn up to $10,000 for finding RCE vulnerabilities in open-source software AND creating Tsunami plugin patches. Make the internet safer and get rewarded! 🤑
For details on the program, see our latest blog post:
https://t.co/kKqWjJTBO3
CORS misconfigurations are definitely not good, but how bad can they get? 🧐
Our latest blog post discusses how an origin reflection issue detected by SonarQube leads to code execution in a real-world application:
https://t.co/XfL853VqM0
#appsec #security #vulnerability
Who to follow
Donghyun Lee
@donghyunlee00
CS & Bio @SeoulNatlUni | Research intern @gladyshev_lab
Jazzy 
@ret2jazzy
solving problems @zellic_io @v12sec and challenges @pb_ctf
Tanto Security
@TantoSecurity
Tanto Security is a leading provider of advanced offensive cyber security services to leading organisations across Australia, New Zealand and North America.
We’re finally live! You can now watch “Listen to the whispers: web timing attacks that actually work” on YouTube: https://t.co/x9HO9KUWS0
Recordings of the #HEXACON2024 talks have been uploaded to our YouTube channel 🎬
https://t.co/JAquA5BJea
See you next year!
JS engine pwning, the old-school way!
For this year's Hacklu CTF, I wrote a challenge about exploiting a SpiderMonkey version from 2007. I'm usually not a pwner, but it was very fun to learn about all this stuff. Read the write-up here:
https://t.co/f3VBJxkSSK
Absolutely stunning work from @pspaul95 on this CSS Injection - > text node exfil technique.
https://t.co/UYPfAZWhk7
A blog post with the technical details of my @hexacon_fr talk is now live. Thank you all for the positive feedback on the talk :)
From HTTP request to ROP chain in Node.js! 🔥
Our latest blog post explains how to turn a file write vulnerability in a Node.js application into RCE – even though the target's file system is read-only:
https://t.co/Yw89oZhv32
@SinSinology Thank you very much! 🙏
Having trouble exploiting a file write vulnerability?
Don't miss our @hexacon_fr talk to learn more about unconventional attack surfaces that can turn a file write into code execution – even in hardened environments!
We'll follow up with a related blog post later.
#HEXACON2024
Join us at OWASP SF for our talk, "Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail" to discover why client-side sanitization is crucial for a secure web. Can't make it? Stay tuned for our upcoming blog post.
#OWASP #GlobalAppSecSanFran
You can find all the talks announced on the agenda: https://t.co/u4aKeGa7ac
Again, a big thanks to the review committee for their contribution as well as everyone who took the time to submit a talk. 🙏
As promised, Exchange PowerShell research is getting published in a form of blog posts. Part 1/4 describes two RCEs: MultiValuedProperty internal deserialization + a chain with Command gadget.
A recording of our @WEareTROOPERS talk "From ASCII to UTF-16: Leveraging Encodings to Break Software" is now available!
The talk covers basic knowledge of character encodings and explains various vulnerability types and exploitation techniques:
https://t.co/NPzyqoxU6w
"Exploiting File Writes in Hardened Environments - From HTTP Request to ROP Chain in Node.js" 📝
by Stefan Schiller (@scryh_)
Last Seen Users on Sotwe
Pemuas Mahasiswi Malang 👌
Seen from Singapore
Turkvideo
Seen from Greece
مح
Seen from France
Anal_Desire_🤤
Seen from Turkey
BOB.26
cockflash
Seen from Switzerland
İlhan tabanca
Seen from Germany
Mau Mau
Seen from Italy
حساوي
Seen from Saudi Arabia
นันท์แหวนชนะศรี รับเปิดกล้องคลอเสียวนะคะสนใจทัก
Seen from Thailand
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers