Olivia
Online
Synack Red Team
@SynackRedTeam
The power behind the @Synack platform is an elite team of the world's top cybersecurity researchers. Our best are honored at
Redwood City, CA
Joined May 2014
616 Following
48.6K Followers
2.8K Posts
"What's one thing you wish customers knew about the Synack Red Team?"
According to @AnInsiderThreat Ty Bross, it's the SRT's ability to contextualize.
Listen to his full WE'RE IN episode here: https://t.co/eg4arKg1hL
When the frontend is doing the auth check, the frontend is the attack surface.
In our latest Exploits Explained, SRT Researcher @kuldeepdotexe breaks down three client-side authentication bypasses he found on real assessments:
1) Forging a JWT and expiry into localStorage after spotting an authRequired: !0 route guard
2) Flipping a sessionStorage loggedIn flag and setting userInfo to {} to satisfy a truthy check
3) Toggling is_active from false to true in an API response to unlock a hidden webhook flow for an inactive user
https://t.co/GMXehXStqU
"Vetted" shows up on nearly every pentest vendor's site. But what does it actually mean? Too often, it means the vendor ran their own screening and called it a day.
The Synack Red Team holds itself to a higher bar, and we recognize researchers who do the same. That's why we've expanded our CREST partnership and added two additional CREST certifications to SRT Pathways:
✓ CREST Certified Tester Infrastructure (CCT INF)
✓ CREST Certified Tester Application (CCT APP)
Read more: https://t.co/nnM43Q1yiN
New Exploits Explained from SRT member John K.: 3 real postMessage handlers, 3 different ways the origin check failed → https://t.co/1zSlYKTawQ
Who to follow
PortSwigger Research
@PortSwiggerRes
Web security research from the team at @PortSwigger
bugcrowd
@Bugcrowd
The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
Google VRP (Google Bug Hunters)
@GoogleVRP
We ❤️ 🐜🐞🦗🦟🦋.
{echo,{{{Google,Chrome,Android,Abuse,Mobile,OSS,Cloud}Vulnerability,Patch}Reward,VulnerabilityResearchGrants}Program}
"I'm still not an automation guy...it's not my style." - @ozgur_bbh
Ozgur Alp joins WE'RE IN to share his views on AI and how he became a full-time independent security researcher: https://t.co/todSbWxK3V
"Admin / Admin." Two words you never want to find hardcoded in production firmware. 😱
SRT researcher @daemon_user gives a full technical write-up on how a simple directory listing can lead to the keys to the kingdom: https://t.co/9GxFZVMasR
Is your checkout logic costing you? 💸
In our Exploits Explained blog, SRT member Tubagus Fahrudiansyah exposes a critical business logic flaw that turned a standard checkout into a free-for-all.
By exploiting a synchronization gap between the payment gateway and the shopping cart, this researcher successfully finalized high-value orders for the price of a single, cheap item.
Read the full breakdown & remediation steps: https://t.co/gvN2Y7nDRf
DEF CON is less than two weeks away! ⚡ We're a proud sponsor of this year's Bug Bounty Village 🐞, where you can expect to meet many of the world's top ethical hackers. Best of all, they'll be sharing their #cybersecurity insights. Hope to see you there:
https://t.co/qeHe8al4Nw
Synack Red Team member Yeasir “zy1l0i2u” Arafat discovered a cross-site scripting vulnerability in SAP Concur Open that could be exploited to hijack sessions, exfiltrate data and more. Follow along as he walks us through his discovery of this vuln → https://t.co/KzR2rdhpW3
💭 It all started during an assessment of a web application. In the latest Exploits Explained, Synack Red Team member "nerrorsec" recounts the discovery of a DOM-based XSS vulnerability that was patched…and then found in another product from the same company a year later. Interested in reading more? Follow along → https://t.co/JxFKqEJgc5
#cybersecurity #pentesting #infosec
👀 Synack Red Team member Busra (@turakbusra) walks us through her discovery of an access control violation vulnerability that led to account takeover. Follow along → https://t.co/32p1uBG4no
��� From military to private sector cybersecurity, Synack Director of Infrastructure and Security Operations Todd Humes brought his unique skill set to the table when he joined the team in 2018 to further strengthen Synack’s systems globally. The innovative vision behind Synack and the vision of aligning the power of highly skilled and vetted researchers on a single platform deeply resonated with him.
Why should veterans with cybersecurity experience consider joining the Synack Red Team (SRT)? Read on → https://t.co/eW7CDkgPmd
Apply to the SRT today → https://t.co/a2wOgBJtFp
👾 The OWASP Foundation introduced a new version of the OWASP Top 10 for Large Language Model Apps. While there’s no one-size-fits-all solution for security, having the @SynackRedTeam on your side certainly helps. Read on → https://t.co/6nEYlzIYSk.
💭 Default credentials are a thing of the past, right? Wrong. Follow along as Popeax, a Synack Red Team member, explains why they still plague organizations today and how the Synack Platform can help discover these vulnerabilities in ways that cannot be replicated by scanner or automated solutions.
Check out this previous Exploits Explained here → https://t.co/KQs6Kiyf3g
☃️ Synack wishes you and yours a wonderful holiday season filled with festive cheer, loved ones, family and friends! We’re proud to keep our customers secure this season as people unwind, relax and ring in the new year. Happy holidays!
Happy Thanksgiving! Whether you’re gathering with loved ones, friends or family, we hope your holiday is filled with fantastic food and memories. At Synack, we’re thankful for all of our incredible employees, customers, partners, Synack Red Team and more.
👀 SRT member William W. (@phyr3wall) discusses his discovery of a notable problem in a chatbot deployed on a platform associated with a large healthcare insurance company. Read on for an in-depth analysis of the techniques used to uncover this vuln → https://t.co/CbVkLMnag5
👩🏽💻 The Synack Red Team’s very own Jennifer Villarreal joined the latest installment of the WE’RE IN! podcast, sharing her personal journey into the world of ethical hacking. Give it a listen → https://t.co/rMLhU2XS9U
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers