0xcyborg @user_cyborg - Twitter Profile

0xcyborg @user_cyborg

4 days ago

The golden era of the Hacktivity page on HackerOne

6

126

7

20

16K

0xcyborg @user_cyborg

6 days ago

ChatGPT is getting so good at creating YouTube thumbnails

0

1

0

1

251

0xcyborg @user_cyborg

7 days ago

@Tur24Tur @kalilinux @PlayStation 🔥🔥

1

0

184

0xcyborg @user_cyborg

7 days ago

@minfrin @IamAroke Thank you for the correction

0

41

0xcyborg @user_cyborg

10 days ago

Useful in restricted environments where only web traffic is allowed out

0

7

0

4

618

0xcyborg @user_cyborg

14 days ago

@xhacking_z @instagram No, they have their own platform even at the time when I reported this (2023). They used HackerOne/Bugcrowd to make paying bounties easier

0

1

0

74

0xcyborg @user_cyborg

15 days ago

A vulnerability I discovered in @instagram in 2023 allowed an attacker to determine whether private account A follows private account B (and vice versa) directly, without having access to the followers/following lists of either account.

user_cyborg's tweet photo. A vulnerability I discovered in @instagram in 2023 allowed an attacker to determine whether private account A follows private account B (and vice versa) directly, without having access to the followers/following lists of either account. https://t.co/pJMQsiLGtz

3

126

1

42

9K

0xcyborg @user_cyborg

15 days ago

@Cachorroexausto @instagram No, it took months

0

1

0

979

0xcyborg @user_cyborg

17 days ago

@skraft09 Thank you 👋

0

36

0xcyborg @user_cyborg

17 days ago

Another two 🏆

1

61

1

7

2K

0xcyborg @user_cyborg

18 days ago

@tpiliposian 👏👏

1

0

16

0xcyborg @user_cyborg

18 days ago

By 'blocked by default' I mean explicit authorization would be required between two origins to allow framing, similar to how SOP works where a CORS header is needed for cross-origin requests

0

1

0

1

96

0xcyborg @user_cyborg

18 days ago

If browsers were designed today from scratch, cross-origin framing would very likely be blocked by default, greatly reducing clickjacking vulnerabilities, and the only reason I see that it is still allowed by default in today's browsers is backward compatibility

user_cyborg's tweet photo. If browsers were designed today from scratch, cross-origin framing would very likely be blocked by default, greatly reducing clickjacking vulnerabilities, and the only reason I see that it is still allowed by default in today's browsers is backward compatibility https://t.co/cNhBbV7Bgo

1

3

0

2

191

0xcyborg @user_cyborg

20 days ago

@ZohairAtique @javarevisited No, in https the entire http request is encrypted, including the path and query parameters ISP know the website you are visiting through: - DNS queries - SNI during the TLS handshake - Destination IP address

1

0

27

0xcyborg @user_cyborg

21 days ago

According to this BBP logic, it is okay for someone to add a reaction on your behalf since document admins -might- notice that in version history (which is private logs for the document) lol.