Olivia
Online
Balazs Bucsay [EQ]
@xoreipeip
Never trade liberty for security. One is a right, the other is a myth.
My tweets are my own.
Joined June 2012
146 Following
1.5K Followers
1.2K Posts
@Tesco Tesco Extra @ New Malden is a disgrace. They don't care about families nor infants. Manager seems to be on holiday, staff is rude and non-caring. Thanks but no thanks. Just lost a customer, well four.
RT @irsdl: The https://t.co/OpFfwtJCLm post by @xorxoreip shows how prepared statements can be exploited in NodeJS using mysql and mysql2 p…
Who to follow
jamesjara 
@jamesjara
James Jara is a nearshoring and strategic staffing expert, author, and doer. Y Combinator (22), Crypto, AI, Longevity. #buildinpublic
kaijern (xwings)
@onlyxwings
Chief of Tools @CertiK, Founder @qiling_io, Coder @signalensradio, Crew @unicorn_engine @capstone_engine @keystone_engine
Moriarty
@Moriarty_Meng
Co-founder of eviloctal, Founder & CEO of DMZLab, security researcher, bug hunter, pentester, programmer
New blogpost: Prepared Statements? Prepared to Be Vulnerable.
An interesting take on how vulnerable configurations can be exploited.
https://t.co/uZPpXOUeF8
Many thanks to @xoreipeip for presenting his talk "Server-Side Cross-Site Scripting" #XSS at the #OWASPLondon Chapter meetup last week!
The video recording of the talk is now available to watch on our YouTube channel 📺 [PLEASE SUBSCRIBE!]:
👇
https://t.co/kJSZXsOjdG
I hope the presentation was more attractive than this picture of me!
Our July meetup has started! We have @xoreipeip on stage right now speaking about Server-Side Cross-Site-Scripting.
Watch the live-stream 📺 here:
👇
https://t.co/ENiEQV0W6r
Put together a short blog post detailing a small Ghidra related fix I recently hacked together. Might save others some time.
NEW BLOG POST: Automated Function ID Database Generation in Ghidra on Windows - https://t.co/JZ85AUtdoJ
The next OWASP London Chapter in-person Meetup will take place on Thursday 17th July 2025 kindly hosted by Civo Tech Junction and kindly sponsored by @BlackDuck_SW
Talks from @xoreipeip and Matthew Brady
- Register to attend here:
👇
https://t.co/lziG3WzE0f
I've written a free book to help non-technical readers understand and avoid scams.
It's designed for friends, grandmas, moms&pops. Anyone who might be vulnerable to online or phone scams. Please help spread the word and protect your loved ones.
LINK: https://t.co/BBfKhwlb2R
#Workshop "Defeating #Encryption By Using Unicorn Engine" at #x33fcon by @xoreipeip - #reverseEngineering #hardwareHacking #red
Meta and Russian Yandex engaged in unprecedented internet tracking practices, likely illegal with EU data protection law. Companies designed tracking systems that exploited Android's localhost socket permissions to create covert communication channels between websites and native mobile apps, bypassing Android's app sandboxing protections. Android allows any app with internet permission to listen on localhost ports without user consent, and web browsers can access these localhost interfaces. When users visit websites containing Meta Pixel or Yandex Metrica scripts, the JavaScript tracking code sends data directly to specific localhost ports (Meta uses UDP ports 12580-12585 via WebRTC, Yandex uses TCP ports 29009-30103 via HTTP). Facebook, Instagram, and Yandex apps run background services that actively listen on these predetermined ports to receive tracking data, then link this anonymous web activity to authenticated user accounts and transmit the combined data to company servers.
This technique affects billions of Android users and renders privacy protections like incognito mode, VPNs, and cookie clearing completely ineffective. Meta Pixel attempted localhost communications on over 17,000 of the top 100,000 websites, with 78% doing so without user consent. The method allows comprehensive profile building linking anonymous browsing to real identities, tracking everything from shopping to sensitive site visits. It also creates vulnerabilities where malicious apps could eavesdrop on browsing history by listening on the same localhost ports.
This surveillance operated without disclosure. Following public disclosure, Meta immediately ceased the practice and removed related code while browser vendors scrambled to implement protections.
The practice violates multiple GDPR and ePrivacy principles. The technique transforms supposedly anonymous first-party cookies into cross-site tracking identifiers without explicit consent, violating ePrivacy Directive requirements for cookie consent and GDPR's lawful basis for processing. By secretly linking web browsing to app-based identities, it constitutes undisclosed profiling that undermines user expectations and data minimization principles. This is a material for max #GDPR fine. https://t.co/ktHWwllWr4
We've got two talks tomorrow evening at the Greene Man! @xoreipeip is talking about Cisco phones, and Nick Dunn https://t.co/14XyQwrk9b will explain SOSL injection #defcon #london
🚀 #x33fcon 2025 Onsite Workshop! 🚀
Join @xoreipeip to master software reverse-engineering with Unicorn Engine! Learn to dynamically execute and analyze code to crack encryption and obfuscation in binaries using Python and Ghidra. Perfect for #malwareanalysis, #vulnerabilityresearch, and #embeddeddevice hacking.
Details: https://t.co/UfBRtzpXDF
🎤 Speaker Announcement 🎤
We’re excited to welcome @xoreipeip to the stage!
His talk?
“Is Your Phone Spying on You? An In-Depth Analysis of Vulnerabilities in Cisco VoIP Phones”
Don’t miss this deep dive into device-level security.
#BSidesBirmingham #BSides
Please welcome Balazs Bucsay with their talk on 'Is Your Phone Spying on You?'
Sponsored by Optimising IT | B Corp™, CyberCX, Cydea and Orange Cyberdefense.
Grab your ticket today https://t.co/I0DdHrcHpi
#oooarrcyber
🔔 Hacktivity 2025 is calling—for papers, sponsors… you name it! 🎤💡 Want to speak, support, or engage? Now’s the time!📢 Be part of the community → Get in touch! https://t.co/XeRvsoiOX0
#Hacktivity2025 #CFP #CFS #Infosec #CyberSecurity
We’re thrilled to welcome Balazs Bucsay (@xoreipeip), Founder & CEO at Mantra Information Security, as a speaker at BSides Prague 2025. 🎤💻
#bsides #cybersecurity #conference #community #workshop
See you there!
Next stop: Prague, Czech Republic! Join us at our Unicorn Workshop at BSides Prague - solve our challenges and win a couple of pints! 🍻 @bsidesprg #bsidesprg #bsidesprague
Why would I use this after the free trial or over the quota? I'd rather pay for something decent than something annoying and unreliable.
Oracle cloud is a crime. You log in and the session times out after a while. You try to log in again, and when you log in, it logs you out. You log in again, but redirects you to a broken page. Log in again and finally work. 1/2
VM created. It runs, it works. SSH is available. 4hours later, the port is open, SSH is not working anymore. OCI used to reboot the machine, which gets stuck in the "stopping" state for hours. Wtf? 2/2
Last Seen Users on Sotwe
ยืนหนึ่ง
Seen from Thailand
Maddie Wren
Seen from India
matchalatteboys
Seen from Indonesia
허니커플
Seen from Korea
ความสุขในความลับ💗
Seen from Thailand
selmandilay3545
Seen from Italy
Pigboy
Seen from United States
Kelsey Kingston
Seen from Turkey
𝓣𝓱𝓮 𝓟𝓾𝓫𝓵𝓲𝓬 𝓟𝓮𝓪𝓬𝓱
Seen from United States
bulll22
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.3M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers