Olivia
Online
Shebiiiii
@xshebix
Cyber Security Researcher - Red Team Member at Synack
Joined November 2016
3.2K Following
667 Followers
4K Posts
Pinned Tweet
Hello all security enthusiasts!
During a recent security assessment for a private client, I came across a potential cross-site scripting (XSS) vulnerability that I wanted to share with you.
1/n
#security #cybersecurity #penetrationtesting #informationsecurity #bughunting #xss
Oh wow… this is actually insane 😵💫
https://t.co/iCiYD05eAW
$2000 for a web cache deception bug. As always I share my methodology 👇
Identifying a deception bug is always easy but exploiting it can be hard due to SameSite restrictions on victims cookie
I bypassed this to steal victim JWT. Read about it here:
🔗 https://t.co/CAxfKAC0eP
Who to follow
Japz (h4nt3rx) 🕷️🏴☠️ 
@japzdivino
Bug Bounty Hunter | OSCP | CWES | https://t.co/ceCcrmIzOp
Ifrah
@IfrahIman_
bug bounty hunter (HackerOne, Bugcrowd) & red teamer & pentester & oscp certified
Chevy Phillip
@chevyphillip
AppSec Engineer turned AI Builder. Maintaining GetWired (OSS QA agents) with a security-first lens. MSDS candidate. AI security, practical agents & secure code.
Found this very interesting article about SSRF and abusing microservices - maybe it's gonna help someone!
https://t.co/JKpbGRyfHa
@hetmehtaa Check their company emails on hunter io or check their employees on LinkedIn also check crunchbase for their company mail
@krishnsec Phishing 🔗🫣
@YShahinzadeh Great 👍
This is a very clever technique: Task Injection in AI Agents.
https://t.co/pr91ApL8zO
@mijanhaque_ Laravel debug mode enabled
Configuring Android Emulator with Burp Suite
https://t.co/fpDDlQ7Ek6
@GodfatherOrwa How can we exploit further ? is there a possibility to gain access to their current database?
This Writeup exaplains how we got ATO from Android Application
https://t.co/fGNdTIM8HA
#BugBounty #bugbountytip #cybersecuritytips #hackerone
@sw33tLie @ArmanSameer95 Could you provide any code samples or references? I saw your reply mentioning it's a JavaScript-based miner, so we should be able to locate it in the .js files. What kind of code or other indicators should we look for?
Bypass Reset Password Code Lead to Account Takeover
https://t.co/aHGsODSaJF
GitHub python script
https://t.co/4kIA4YFlsS
#bugbountytips #bugbounty
@TanmayLP7 If you are running automated scanners. This is about 95-98% of the things that are missed.
Also, if you want to make a name for yourself in BB or web app pentest world. Get really good at these.
@sherafzalmarwat Lanat iG and ssp pr
Check out my playlist: Road To Ethical Hacking https://t.co/OlKzqowoEz via @YouTube
Last Seen Users on Sotwe
JoLs
Seen from United States
jeff redd
Seen from Turkey
porn (+18)
Seen from Turkey
türbanlı modern
Seen from Canada
قـــاهـر الخــاضعــات - عـمــر 🇲🇦😈
Seen from Italy
rainmark
Seen from United States
Ven
Seen from Germany
Bảo Đình
Seen from Vietnam
Hijab NSFW
Seen from Indonesia
X boy
Seen from Pakistan
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.2M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers