Olivia
Online
Alexander Mironov
@sh1yo_
playing ctf with @C4TBuTS4D
Russia
Joined August 2019
114 Following
1.2K Followers
392 Posts
Pinned Tweet
I did a writeup for Real World CTF The cult of 8 bit challenge. I solved it in an unintended way with the Same Origin Method Execution attack. In the writeup, you can find a simple example of the attack and how it can be used on live targets.
https://t.co/pIxOUAfRQR
MXSS Explained Part 1: Why Server-Side HTML Sanitizers Are Doomed to Fail with this XSS!
In this video, I dive into how sanitizers work, discuss the first known MXSS in IE, and showcase an MXSS vulnerability in the popular Node.js module, sanitize-html.
https://t.co/4kghaCIYBc
Neplox' first Web3 public audit results 🚀 Thank you @immunefi for great support along the way with all the issues we encountered. This was definitely one of the most comfortable bugbounty experiences for us.
Here's to more productive audits with Immunefi! 🍾
If you're new to bug bounty, you should not learn recon.
Everyone knows that the RFCs for email addresses are crazy. This post will show without doubt that you should not be following the RFC.
https://t.co/HL0g9f7QEA
The whitepaper is live! Listen to the whispers: web timing attacks that actually work. Read it here ->
https://t.co/cBRLNpOZ6y
I recently developed and posted about a technique called "First sequence sync", expanding @albinowax's single packet attack.
This technique allowed me to send 10,000 requests in 166ms, which breaks the packet size limitation of the single packet attack.
https://t.co/puM7hZWIlE
Any ideas on how to make this js valid?
--
first_word second_word: "user_input";
alert();//"
--
Because of space between first two words JS file throws an error.
Great research from @scryh_!
I was keeping it for a CTF challenge, but it's probably too late now :p
This trick is so powerful that it can be used to bypass most (if not all) server-side HTML sanitizers in the absence of a charset within the Content-Type response header 🤯
🔥 XSS on any website with missing charset information? 😳
Attackers may leverage the ISO-2022-JP character encoding to inject arbitrary JavaScript code into a website. Read more in our latest blog post:
https://t.co/Ji3V0fK5b6
#appsec #security #vulnerability
Just released my blog post "Bidding Like a Billionaire - Stealing NFTs With 4-Char CSTIs"! It's about a very impactful and technically interesting client-side bug I found in a major NFT site.
https://t.co/Jjrbwjhtcy
After months of work (and bugs), @maxenceschmitt has finally released his fabulous research. Exploiting Client-Side Path Traversal to Perform Cross-Site Request Forgery or #CSPT2CSRF.
Full paper here: https://t.co/vXjkZBq35Q
Summary in https://t.co/aOQfr6qD8s
happy to release my new article entitled:
Next.js and cache poisoning: a quest for the black hole
https://t.co/v7aqiYJjyX
good reading;
The simple <script> XSS didn’t work? Don’t give up before trying some mXSS magic🪄.
Get to know the fundamentals of this bug class on your way to becoming a master of sanitizer bypasses:
https://t.co/ZBzN4g0o3s
#appsec #security #vulnerability #mXSS
Hunting bugs in Nginx JavaScript engine (njs)
https://t.co/zLkM6B9Y5n
When I first started out in V8 / Chrome exploitation I spent quite a bit of time in writing a custom shellcode templating engine, and shellcode payloads to go along with it. A couple of years later and this investment has more than paid for itself (literally).
Almost 700 hours into bug bounties. Out of 40 programs I spent time on, I only got paid on 5.
There's a pattern I noticed and I think it's worth sharing.
Here's my analysis: (a thread - 1/x)
#bugbounty #bugbountytips
My new Research
Email attacks.
- C# 0day
- spoofing emails
e.t.c.
https://t.co/H6tFbZy9CI
🧧 Our researcher Igor Sak-Sakovskiy has discovered an XXE in Chrome and Safari by ChatGPT!
Bounty: $28,000 💸
Here is the write-up 👉
https://t.co/EMnydNEoed
Last Seen Users on Sotwe
𝑫𝒆𝒔𝒊 𝑩𝑩𝑪 𝑨𝒓𝒄𝒉𝒊𝒗𝒆
Seen from Pakistan
IES 
Seen from Korea
NIPSLIP \ NIPPLE \ LIVE\ INSTAGRAM / TIKTOK TEEN
Seen from Egypt
dood blue sukjep VIRAL
Seen from Indonesia
abinabel
Seen from India
Ercan Karatas
Seen from Turkey
𝕃𝕒 𝕊𝕥𝕠𝕣𝕚𝕒 𝓮 𝓵𝓮 𝓘𝓭𝓮𝓮
Seen from Austria
فطوم الورفلي ❤️🇱🇾
Seen from Germany
turban ayak fetis 😋
Seen from Turkey
Türbanlı İfşa
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers