![shockwave_sec's tweet photo. Scan, Detect and work on mitigation within any of the Polyfill[.]io backdoor leftovers across your externally Attack Surface in a matter of 2 clicks.
We're thrilled that our product makes it as-simple as it gets to do these actions, and offer assistance in our website.
#ASM https://t.co/nqBbsvAiV1](https://pbs.twimg.com/media/GRCQXQvXQAARg4N.jpg)
![galnagli's tweet photo. The Polyfill[.]io backdoor is wild! from what I read all over on Twitter the person who was in charge of the domain sold it to rogue actors back in February and ever since it served as backdoor to hundreds of thousands major websites that had it referenced within a script tag, pretty insane universal XSS with real-world impact.
I've created Nuclei Template to detect the existence of the script, please note that its already fixed (@Namecheap nuked the domain) so the backdoor is no longer a threat, but still good to know and remove the reference.
Nuclei Template:
https://t.co/KoNUfq8aoH
LinkedIn with a little more details:
https://t.co/iZqOA9VUhu](https://pbs.twimg.com/media/GRCKQIlWIAAnlaZ.jpg)
Olivia
Online
Shockwave - External Attack Surface Management.
@shockwave_sec
We specialize in protecting businesses from externally facing threats through our advanced Attack Surface & Continuous Threat Exposure Management Platform.
Joined April 2022
2 Following
1.7K Followers
68 Posts
2024 was incredible โ grateful for everyone who made it special! ๐
๐ฐ $2,000,000 all-time bounties on @Hacker0x01
๐ธ 2 Mega bounties on @Bugcrowd โ $80,000 & $125,000
๐ Live Hacking Event Awards from Miami, Seattle, Paris, Gdansk, Las Vegas, and Edinburgh
๐ Back to full-time at @wiz_io in an exciting role after scaling my startup @shockwave_sec
๐ 40 flights and millions in miles โ fortunate enough to fly first class with @lufthansa ,@emirates & @SingaporeAir
Looking aheadโฆ
Shifting focus from bug bounty to deeper security & cloud risk research, I found some incredible bugs recently that I canโt wait to share with the community.
Thereโs a lot more to come! ๐
Excited to share some big personal news today, I have joined @wiz_io to enhance their Risk & Threat Exposure Management and build a new disruptive Risk MDR offering.
It's been quite a ride working on @shockwave_sec for the past couple of years as a solopreneur and as a bootstrap company in a crowded Attack Surface Management space, yet to deliver immense value to our customers and partners.
I'm pretty proud of our achievements - dozens of clients, 6 digits ARR and hundreds of critical issues identified and mitigated at industry-leading pace.
Wiz is the perfect place to execute my original mission that started with Bug Bounties and https://t.co/mpkMShIrn2 by scaling to a massive audience and deliver Invaluable impact globally.
Thrilled to get started and looking forward to what's to come : )
Scan, Detect and work on mitigation within any of the Polyfill[.]io backdoor leftovers across your externally Attack Surface in a matter of 2 clicks.
We're thrilled that our product makes it as-simple as it gets to do these actions, and offer assistance in our website.
#ASM
![shockwave_sec's tweet photo. Scan, Detect and work on mitigation within any of the Polyfill[.]io backdoor leftovers across your externally Attack Surface in a matter of 2 clicks.
We're thrilled that our product makes it as-simple as it gets to do these actions, and offer assistance in our website.
#ASM https://t.co/nqBbsvAiV1](https://pbs.twimg.com/media/GRCQXQ1XwAAr47S.jpg)
The Polyfill[.]io backdoor is wild! from what I read all over on Twitter the person who was in charge of the domain sold it to rogue actors back in February and ever since it served as backdoor to hundreds of thousands major websites that had it referenced within a script tag, pretty insane universal XSS with real-world impact.
I've created Nuclei Template to detect the existence of the script, please note that its already fixed (@Namecheap nuked the domain) so the backdoor is no longer a threat, but still good to know and remove the reference.
Nuclei Template:
https://t.co/KoNUfq8aoH
LinkedIn with a little more details:
https://t.co/iZqOA9VUhu
![galnagli's tweet photo. The Polyfill[.]io backdoor is wild! from what I read all over on Twitter the person who was in charge of the domain sold it to rogue actors back in February and ever since it served as backdoor to hundreds of thousands major websites that had it referenced within a script tag, pretty insane universal XSS with real-world impact.
I've created Nuclei Template to detect the existence of the script, please note that its already fixed (@Namecheap nuked the domain) so the backdoor is no longer a threat, but still good to know and remove the reference.
Nuclei Template:
https://t.co/KoNUfq8aoH
LinkedIn with a little more details:
https://t.co/iZqOA9VUhu](https://pbs.twimg.com/media/GRCKYb0XMAAx65w.jpg)
Who to follow
mohammed eldeeb 
@malcolmx0x
Bug Bounty Hunter & security engineer
Iยฏ\_(ใ)_/ยฏI \ (โขโกโข) /
@BountyOverflow
BBH ( อกยฐ อส อกยฐ) ๐ฐ @Bugcrowd Top 50 \o/ โ๏ธ MVPโ๏ธ
I am here to learn/share application security stuff โ๏ธ
I enjoy finding auth bypass bugs ๐
Bogdan Tcaciuc
@bogdantcaciuc7
Just got awarded the prestigious P1 Warrior Belt by @Bugcrowd for submitting over 100 valid critical submissions to companies on their platform, manually and using https://t.co/mpkMShIrn2 automation engine.
Among the companies that I worked with to remediate critical, exploitable vulnerabilities are @OpenAI, @Tesla, @TMobile, @Atlassian and many more.
Thankful for the opportunities and excited for what the future holds!
#BugBounty
Working on @shockwave_sec in my Self Driving Waymo around RSA with @iangcarroll and @samwcyo - we have fantastic driver on board ๐ค๐
Weโre excited to be around @RSAsecurity and @BSidesSF next week! โ๏ธ
At Shockwave, we're open to explore partnerships in the Attack Surface & Threat Exposure Management space, Vendors / Companies - Letโs catch up on-site! ๐ค
BTW, New feature alert ๐จ:
https://t.co/izLCXD9tWZ
CVE-2024-29059 describes a .NET Remote Code Execution vulnerability, we have created nuclei template and were able to identify vulnerable BBP programs with @ctbbpodcast, check out below ๐
https://t.co/9k53EHLI5F
Excited to launch https://t.co/n2d7IeCpBV's โก new website & branding today, we've come a long way beyond traditional Attack Surface solutions with our Continuous Threat Exposure Management platform.
Learn more on our website ๐
#CTEM #ASM #BugBounty
๐
Alert with Externally Facing Valid POC -> Remediation -> Retest, that's how its done.
Our Attack Surface & Threat Exposure modules are continuously evolving, exciting features are on their way.
#CTEM #BugBounty
Excited to finally cross the 40,000 reputation points mark on @HackerOne with 2x $5,000 bounties for RCE's, this time it was directly streamlined from https://t.co/B3ho4sTwFC, grateful to see the hard work paying off!
#BugBounty
Had a blast this week hacking on @Bugcrowd's @TMobile BugBash, we have scooped $80,000 bounty over one submission, crazy web & mobile findings and even an Apple Vision Pro Show & Tell.
Kudos to the folks @samwcyo @iangcarroll @d0nutptr and everyone who helped running the event!
Super Stoked to win the Eradicator award and scoop $24,170 together with @hacker_ @m0chan98 by finding a critical vulnerability on-site at @Hacker0x01's Miami Beach Live Hacking Event targeting @CapitalOne ๐ด
A Perfect way to wrap up a Fantastic event!
#BugBounty #H1305
ื/
External Attack Surface Management (EASM)
ืืื ื ืฉื ื ืงืืืืช ืชืืจืคื/ืชืงืืคื ืฉื ื ืืกืื ืืจืืื ืืื ืื ืงืืืช ืืื *ืืืฆืื ืืช* ืฉื ืชืืงืฃ (ืกืจืืงืืช ืืืฆืื ืืืช) โ
ืืืืฉืืช, ืืืกืงืื ืคืืืืจืฆืืืช, ืกืืืืืืืื ืื ืขืืืืื, leaked creds ืืขืื
@rapid7 (IntSights), @CyCognito, @IONIX_io, @shockwave_sec, @flaresystems
Apart from #BugBounty, professionally, this year has been a tremendous one as entrepreneur for https://t.co/mpkMShIrn2's Bootstrapped Attack Surface Platform.
* 0 -> Double Digits Paying Customers
* 0 -> ๐ฐ๐ฐ๐ฐ๐ฐ๐ฐ๐ฐ 6 Digits Revenue
* Traveled across 17 countries ( ๐บ๐ธ ๐ฆ๐ช ๐ฌ๐ง ๐ฐ๐ท ๐ฆ๐น ๐ฏ๐ต ๐ฌ๐ท ๐ต๐น ๐ฆ๐ท ๐ง๐ธ ) within 5 continents to conduct business globally with partners from wide variety of industries.
* AI, Responsible Disclosure, Integrations with the world leading security products (@wiz_io , @AxoniusInc, and more), Industry-leading continuous monitoring capabilities.
* 0 Lines of Code -> Over 10,000 Lines of Code.
I want to thank https://t.co/mpkMShIrn2's clients and partners and all the people I collaborated with in this year's day-to-day Bug Bounty engagements and Live Hacking Events.
We have delivered extraordinary findings throughout the year and eager to see what's coming in 2024.
Happy New Year!
We want to thank our clients for choosing our platform and being ๐ฏ collaborators on the joint journey in protecting your externally facing assets.
2023 as been full of extraordinary findings and platform enhancements, and eager to see what's coming in 2024.
Happy New Year!
Our Attack Surface Management all-in-one solution helps mature Bug Bounty programs and more throughly our clients with continuous monitoring at all times, we only alert for exploitable risks.
https://www.shockwave[.]cloud
Happy Holidays! ๐๐
@Tesla @samwcyo @iangcarroll Had a nice 5 digits payday today while Skiing at Lake Tahoe with @samwcyo โท๏ธ
Been pretty distracted / vacationing / @shockwave_sec biz stuff lately but officially completed the challenge โ
Happy Holidays! ๐๐
Our team are at the #LasVegasGP @F1 ๐บ๐ธ to meet with clients and prospects.
Interested in the latest from https://t.co/n2d7IeCpBV, including innovative AI-based features for securing your external assets?
Don't hesitate to reach out and connect for a drink!
AI helps greatly translating JavaScript to "Human Readable Language", here's how I found a very straight forward DOM Based XSS in 2 minutes.
#BugBounty
๐ Big News! We've just launched our brand new website at https://t.co/yUE2KC1Z96.
New features, Brand Identity, Transparent pricing and exciting updates to follow soon as we are closing on celebrating our 1-year anniversary in a couple of weeks
#BugBounty #AttackSurface
Last Seen Users on Sotwe
Lux - seoul J
Seen from Korea
Kontol bapak indo
Seen from Indonesia
Hugo Duprรฉ
Seen from France
Sevdanฤฑn son vuruลu
Seen from Germany
Can ve Selen รงifti Ortak Hesap
Seen from Turkey
Silent Jack๐DenverFanExpo
Seen from Philippines
ุณู
ุงุญุชู ุฎุงุชู
ู ู
ุณุชูุฌู
Seen from Egypt
JariiColi
Seen from Indonesia
๐ฆRINCON DEL CORNUDO๐
Seen from Mexico
ุงุนุชุฑุงูุงุช ุณุฑูู ููุณุทูู ๐คค๐คค๐คค
Seen from Egypt
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.3M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers