Olivia
Online
Novran.
@xchopath
Not your favourite infosec guy. Full-time Father.
/dev/null
Joined July 2019
71 Following
1.5K Followers
162 Posts
Account Takeover through XSS on websites is nothing new. But does the same attack vector exist on Android?
This was one of the most complex findings we came across in 2025.
https://t.co/x3sGhc8Fg4
Just organizing some notes, other write-ups are in progress. Hope it's helpful.
https://t.co/7BLwrETgMj
HTML Injection That Paid $3K
Main issue: most websites only rely on SameSite cookies for CSRF protection.
No XSS? No problem.
HTML Injection + <form> can still trigger sensitive actions.
Hope this helps!
Honorable mention to my bug bounty partner @fariqfgi π
@Masonhck3571 Thank you man!
I am actually taking a break, but out of nowhere, an old report got paid "again."
Alhamdulillah.
Who to follow
YoKo Kho
@YoKoAcc
Independent | Top 60 Bugcrowd | OSCP, CRTO, eWPTX, eCPTX | https://t.co/VA42ZpFqGJ | https://t.co/yHuJFexKd1 (Bahasa Indonesia) Free!
Bogdan Bodisteanu
@xalerafera
@hackenclub Offensive Security Engineer
dirty0124
@dirtycoder0124
A positive, never give up person. Founder of https://t.co/2H0KjZ5riG
Telegram group
https://t.co/bjQUMjI9Lh
@fteagleeye1 Thank you brother.
@MAbdullah78619 Thank you!
@devmuzzaiyyan Thank you!
@LocalHost31337 That's pretty new for me mas, thanks for the reference.
Quick track Next.js target front-end endpoints using browser devtool, maybe some are missing from your HTTP history.
window.__BUILD_MANIFEST
βCurse of knowledgeβ is real π«
@ramizwebti Action Bias, being too focused on finding bugs instead of learning how the app works. Also tends to switch programs too often.
Once, a friend told me, "If you know how to hack but still struggle with dupes or informatives, stop asking for technical advice, start asking for psychological advice instead."
Now, my ChatGPT is basically my personal psychiatrist π
@OriginalSicksec Was* π
For a naturally lazy and moody person, this felt like a significant achievement, lol π
@wearehackerone It's pretty normal to be a young dad in my country, lol.
π―
When I was a teenager about 6 years ago, it hit me hard... made me quit hunting, and now, in the middle of this year, I'm starting again from zero.
Just enjoy your hundred rejections/duplicates/informative. But don't stop.
Bug Bounty Tip:
Don't compare your day-to-day with someone else's wins.
Behind every $10K bug post are dozens of duplicates, N/As, and dead ends.
Stay consistent; that's what really counts.
@wearehackerone Thanks man!
20s π
@amansmughal Thanks man! But I still don't have much experience, gotta put in more grind.
@get_root1 @Troll_13 Lol, but healing takes time. My friend once said, "Don't fall in love with one finding. Submit it, report it, and move on."
@Troll_13 It was in scope, but suddenly oos.
But forget it, it was 6 years ago.
Last Seen Users on Sotwe
James Woods 
Seen from United Kingdom
nα»©ng lα»n cΓ³ chα»n lα»c
Seen from Vietnam
sofiea adam
Seen from Indonesia
ED BORDEN
Seen from United States
novinhsxl
Seen from Brazil
ALΔ° TΓRK
Seen from Turkey
ππ£ππ πΈππ€π₯πππ₯ππ
Seen from Canada
ζ£θ±θ±ovo
Exploited Black Wives 2
TANTE STW
Seen from Singapore
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers