English
English Indonesia Türkçe Deutsch Español Português Pусский Français Italiano Nederlands Polski العربية ไทย Tiếng Việt 繁體中文 简体中文 日本語 한국어
_lely___'s profile picture. Manager, Product Security @Okta

Olga Barinova

@_lely___

Manager, Product Security @Okta

82Posts 827Followers 310Following
You might like
Olga Barinova reposted
PortSwiggerRes's profile picture.
PortSwigger Research
 @PortSwiggerRes
Apr 1, 2021

The comprehensive list of today's emerging threats, nOtWASP bottom 10: vulnerabilities that make you cry by @albinowax, @artsploit and @garethheyes portswigger.net/research/notwa…

PortSwiggerRes's tweet card. Everyone's heard of the OWASP Top 10 - the often-cited list of major threats that every web developer should be conscious of. But if you cast your gaze across pentest reports and bug bounty findings,
nOtWASP bottom 10: vulnerabilities that make you cry
Source: portswigger.net
4
124
251
39
0
Olga Barinova reposted
PortSwiggerRes's profile picture.
PortSwigger Research
 @PortSwiggerRes
Mar 24, 2021

New attacks on OAuth: SSRF by design and Session Poisoning by @artsploit portswigger.net/research/hidde…

PortSwiggerRes's tweet card. Intro The OAuth2 authorization protocol has been under fire for the past ten years. You've probably already heard about plenty of "return_uri" tricks, token leakages, CSRF-style attacks on clients, an
Hidden OAuth attack vectors
Source: portswigger.net
8
429
890
225
0
Olga Barinova reposted
PortSwiggerRes's profile picture.
PortSwigger Research
 @PortSwiggerRes
Feb 24, 2021

The top 10 web hacking techniques of 2020, by @albinowax with help from @filedescriptor, @irsdl, @Agarri_FR and the entire community portswigger.net/research/top-1…

PortSwiggerRes's tweet card. Welcome to the Top 10 (novel) Web Hacking Techniques of 2020, our annual community-powered effort to identify the must-read web security research released in the previous year. Over the past few weeks
Top 10 web hacking techniques of 2020
Source: portswigger.net
4
241
502
88
0
Olga Barinova reposted
WebSecAcademy's profile picture.
Web Security Academy
@WebSecAcademy
Dec 17, 2020

Power up the Burp Suite and get stuck into our latest Web Security Academy topic! We've designed a whole new set of labs on OAuth Authentication for your password-avoiding pleasure. portswigger.net/web-security/o… #websecurityacademy #burpsuite #OAuth2

6
72
282
40
0
Olga Barinova reposted
artsploit's profile picture.
Michael Stepankin
 @artsploit
Sep 4, 2020

Can you spot a critical vulnerability in this innocent code? Learn about Spring View Manipulation in our latest article github.com/veracode-resea… #java @springframework

artsploit's tweet image. Can you spot a critical vulnerability in this innocent code? Learn about Spring View Manipulation in our latest article github.com/veracode-resea… #java @springframework
17
250
667
123
0
Olga Barinova reposted
artsploit's profile picture.
Michael Stepankin
 @artsploit
Feb 18, 2020

Jolokia enhances JMX remoting with unique features like pre-auth RCE 🤔

disclosedh1's profile picture. This is an unofficial HackerOne public disclosure watcher who keeps you up to date about the recently disclosed bugs. By @NOBBD
publiclyDisclosed
 @disclosedh1
Feb 18, 2020

Mail.ru disclosed a bug submitted by johndoe1492: hackerone.com/reports/703910 - Bounty: $2,000 #hackerone #bugbounty

disclosedh1's tweet image. Mail.ru disclosed a bug submitted by johndoe1492: hackerone.com/reports/703910 - Bounty: $2,000 #hackerone #bugbounty
0
6
43
3
0
2
10
31
3
0
Olga Barinova reposted
thezdi's profile picture.
Trend Zero Day Initiative
@thezdi
Jan 23, 2020

We have confirmed the successful demonstration from @artsploit used a previously reported bug. This counts as a partial win, but does earn him 12.5 Master of Pwn points. #P2OMiami #S4x20

0
2
12
0
0
Olga Barinova reposted
thezdi's profile picture.
Trend Zero Day Initiative
@thezdi
Jan 23, 2020

Up next and making his #Pwn2Own debut, Michael Stepankin (@artsploit) of Veracode will be targeting a remote code execution with continuation against the Inductive Automation Ignition in the Control Server category. #P2OMiami #S4x20

0
3
16
0
0
Olga Barinova reposted
spaceraccoonsec's profile picture.
spaceraccoon | Eugene Lim
@spaceraccoonsec
Jan 12, 2020

Just posted Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2. Using a payload containing three different programming languages :) spaceraccoon.dev/remote-code-ex…

spaceraccoonsec's tweet card. The Spring Boot framework is one of the most popular Java-based microservice frameworks that helps developers quickly and easily deploy Java applications. With its focus on developer-friendly tools...
Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring...
Source: spaceraccoon.dev
9
281
558
115
0
Olga Barinova reposted
steventseeley's profile picture.
ϻг_ϻε
 @steventseeley
Jan 14, 2020

I'm excited to share my post about discovering & exploiting multiple critical vulnerabilities in Cisco's DCNM. Busting Cisco's Beans :: Hardcoding Your Way to Hell srcincite.io/blog/2020/01/1… PoC exploit code: srcincite.io/pocs/cve-2019-… srcincite.io/pocs/cve-2019-… srcincite.io/pocs/cve-2019-…

16
291
566
78
0
Olga Barinova reposted
securitum_com's profile picture.
Securitum
 @securitum_com
Oct 16, 2019

Our guy, @SecurityMB, had a presentation at OWASP Poland Day about exploiting prototype pollution to RCE on the example of Kibana, by abusing environmental variables in node. The slides are here: slides.com/securitymb/pro… We will also release a writeup soon so stay in touch!

securitum_com's tweet card. Presentation I did for OWASP Poland Day, 14th October 2019
Prototype Pollution in Kibana
Source: slides.com
4
120
256
38
0
Olga Barinova reposted
garethheyes's profile picture.
Gareth Heyes \u2028
 @garethheyes
Sep 26, 2019

Here are my slides from XSS magic tricks slideshare.net/GarethHeyes/xs…

7
224
499
101
0
_lely___'s profile picture.
Olga Barinova
 @_lely___
Sep 26, 2019

On the volunteering side this time at #GlobalAppSec #Amsterdam @AppSecEU

_lely___'s tweet image. On the volunteering side this time at #GlobalAppSec #Amsterdam @AppSecEU
1
0
15
0
0
Olga Barinova reposted
artsploit's profile picture.
Michael Stepankin
 @artsploit
Aug 11, 2019

Apache Solr Injection whitepaper is now available at github.com/artsploit/solr… Thanks everyone who attended my #defcon talk!

artsploit's tweet card. Apache Solr Injection Research. Contribute to veracode-research/solr-injection development by creating an account on GitHub.
GitHub - veracode-research/solr-injection: Apache Solr Injection Research
Source: github.com
5
236
452
56
0
Olga Barinova reposted
artsploit's profile picture.
Michael Stepankin
 @artsploit
Jul 12, 2019

Apache Solr research is completed and I'm happy to present some ways to RCE in this innocent looking search engine. See you @ #defcon27 @defcon defcon.org/html/defcon-27…

artsploit's tweet image. Apache Solr research is completed and I'm happy to present some ways to RCE in this innocent looking search engine. See you @ #defcon27 @defcon defcon.org/html/defcon-27… …
2
68
224
9
0
Olga Barinova reposted
mogwailabs's profile picture.
MOGWAI LABS GmbH
 @mogwailabs
Apr 29, 2019

In our latest blog post we show you various ways how to attack RMI based JMX services. We also release our fork of sJET, which is called MJET (obviously). mogwailabs.de/blog/2019/04/a…

0
30
46
3
0
_lely___'s profile picture.
Olga Barinova
 @_lely___
Jun 4, 2019

Expression Injection in Qlik Products (CVE-2019-11628). The fresh advisory has been published just now. trustwave.com/en-us/resource…

1
9
26
1
0
Olga Barinova reposted
mogwailabs's profile picture.
MOGWAI LABS GmbH
 @mogwailabs
Mar 26, 2019

Blog post about attacking Java RMI services, a extension to the talk from Hans-Martin Münch at this years Bsides Munich mogwailabs.de/blog/2019/03/a…. You can also find the slides/material on our GitHub account #BSidesMUC19

2
54
77
6
0
_lely___'s profile picture.
Olga Barinova
 @_lely___
Mar 18, 2019

heh :D

artsploit's profile picture. Security Researcher at @GHSecurityLab
Michael Stepankin
 @artsploit
Mar 18, 2019

What a neat 'Function.prototype.toString()' implementation in modern javascript! If you can control the key of a class object to be returned, 'constructor'.toString() returns the whole class Source code.

artsploit's tweet image. What a neat 'Function.prototype.toString()' implementation in modern javascript! If you can control the key of a class object to be returned, 'constructor'.toString() returns the whole class Source code.
0
30
89
7
0
0
0
1
0
0
NahamSec's profile picture. Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷

Ben Sadeghipour

@NahamSec
thezdi's profile picture. Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.

Trend Zero Day Initiative

@thezdi
Agarri_FR's profile picture. Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks

Nicolas Grégoire

@Agarri_FR
disclosedh1's profile picture. This is an unofficial HackerOne public disclosure watcher who keeps you up to date about the recently disclosed bugs. By @NOBBD

publiclyDisclosed

@disclosedh1
Bugcrowd's profile picture. The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™

bugcrowd

@Bugcrowd
garethheyes's profile picture. JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5

Gareth Heyes \u2028

@garethheyes
fransrosen's profile picture. Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.

Frans Rosén

@fransrosen
steventseeley's profile picture. Artist disguised as a logician. Pwn2Own Winner. Spiritual Alchemy. Divine Science.

ϻг_ϻε

@steventseeley
binitamshah's profile picture. Linux Evangelist, Malwares, Security enthusiast , Investor, Contrarian , Philanthropist , Reformist , Sigma female 🦋 https://t.co/WOvf41tMKV

Binni Shah

@binitamshah
cyb3rops's profile picture. Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim

Florian Roth ⚡️

@cyb3rops
irsdl's profile picture. Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐

Soroush Dalili

@irsdl
WebSecAcademy's profile picture. Free web security training from @PortSwigger

Web Security Academy

@WebSecAcademy
orange_8361's profile picture. This is 🍊

Orange Tsai 🍊

@orange_8361
antyurin's profile picture. Security Researcher | @greendog@infosec.exchange

Aleksei Tiurin

@antyurin
zseano's profile picture. team "crits&highsonly" with @jonathanbouman @fransrosen @avlidienbrunn. #1 Amazon bug bounty hunter

zseano

@zseano
BugBountyHQ's profile picture.

BugBountyHQ

@BugBountyHQ
TheHackersNews's profile picture. The #1 trusted source for cybersecurity news, insights, and analysis — built for defenders and trusted by decision-makers.

The Hacker News

@TheHackersNews
alisaesage's profile picture. Independent hacker, solo owner of Zero Day Engineering @zerodaytraining • aka badd1e, a non-state cybersecurity power

Alisa Esage Шевченко

@alisaesage
albinowax's profile picture. Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3

James Kettle

@albinowax
jobertabma's profile picture. I tweet about security and my experience as a hacker. Co-founder of HackerOne (@Hacker0x01).

Jobert Abma

@jobertabma
defconch's profile picture.

DC4131 - DEFCON CH

@defconch
_atorralba's profile picture. Breaking builds and building breakages. He/him. ProdSec Engineer @okta. Opinions are my own. Mastodon: https://t.co/oFZdTxYDMJ

Tony Torralba

@_atorralba
ekoparty's profile picture. The coolest #hacking conference and meeting point in LATAM since 2001 🏴‍☠️

Ekoparty | Hacking everything

@ekoparty
jaysonstreet's profile picture. ➡️Hacker - Helper - Human ⬅️ . . . Also Author. Speaker & Scientific Hooligan! A bona fide teachable moment for hire! he/him

Jayson E. Street 💙 🤗💛

@jaysonstreet
shehackspurple's profile picture. Secure Coding Trainer, Best-selling author of Alice and Bob Learn Secure Coding & Alice and Bob Learn Application Security. #AppSec she/her 🌻

Tanya Janca | Shehackspurple

@shehackspurple
sagar38's profile picture. Security Researcher (posts & opinions are my own)

Esteban Guillardoy

@sagar38
tldrnewsletter's profile picture. Startups, Tech & Programming Newsletter: https://t.co/7gjBLYeOxY | Crypto Newsletter: https://t.co/4Xa63QkGMf | AI Newsletter: https://t.co/UsowDlp8JM | Curated by @tldrdan

TLDR Newsletter

@tldrnewsletter
zebasquared's profile picture. App Sec @doordash former @okta @thezdi @TrendMicroRSRCH

Siva Siva

@zebasquared
noordinarypark's profile picture. Be Inspired, Be Amazed, Be Here. Immerse in world-class culture, sport & iconic architecture. 🎤 Stunning parklands & great food in the heart of east London. 🌲

Queen Elizabeth Olympic Park

@noordinarypark
dmi3sh's profile picture.

Dmitriy Shagov

@dmi3sh
ukhomeoffice's profile picture. We are the lead UK government department for immigration & passports, crime & policing, homeland security and protecting vulnerable people.

Home Office

@ukhomeoffice
pritipatel's profile picture. Conservative Party Shadow Foreign Secretary and Member of Parliament for Witham. Promoted by Priti Patel of WCCA, Essex House, 21 Eastways, Witham, CM8 3YQ

Priti Patel MP

@pritipatel
marinarodrubio's profile picture.

Marina Rodriguez

@marinarodrubio
wallarm's profile picture. Wallarm is the fastest, easiest, most effective way to block API attacks in real-time

Wallarm

@wallarm
neurvanna's profile picture. Postdoc in David Ginty lab at Harvard Medical School.

Anna Lebedeva

@neurvanna
chamath's profile picture. God is in the details.

Chamath Palihapitiya

@chamath
ShackSpac's profile picture. SPAC musings, watch lists, viz, polls, and other nuggets. Evening and weekend warrior. Definitely NOT a financial advisor so don’t listen to me.

SPAC Shack

@ShackSpac
spac_watch's profile picture. Definitive agreement alerts sent via SMS and email.

SPACWatch.com

@spac_watch
Trading212's profile picture. Build wealth every day. When investing, your capital is at risk. For support: @Trading212Help

Trading 212

@Trading212
CathieDWood's profile picture. Founder, CEO and CIO @ARKinvest. Thematic portfolio manager for disruptive innovation, mom, economist, and women's advocate. Disclosure: https://t.co/chxRD4oWOd

Cathie Wood

@CathieDWood
hacknotcrime's profile picture. A nonprofit organization demanding the decriminalization of hacking through privacy and security hacktivism. #HackingIsNotACrime

Hacking is NOT a Crime

@hacknotcrime
shvetsovalex007's profile picture. Penetration Tester at @ptsecurity

Alexandr Shvetsov

@shvetsovalex007
x0rz's profile picture. Cybersecurity & Threat Intelligence. Knowledge is power, France is bacon 🥓

x0rz

@x0rz
theBumbleSec's profile picture. Web Security Researcher | h2c smuggling, JSON Interop vulns, RMIScout, GadgetProbe, Server-side Spreadsheet Injection | AppSec @BrexHQ; formerly @BishopFox

Jake Miller

@theBumbleSec
GHSecurityLab's profile picture. GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on.

GitHub Security Lab

@GHSecurityLab
terjanq's profile picture. security enthusiast that loves hunting for bugs in the wild. co-founder and player of @justCatTheFish. infosec at @google. opinions are mine.

terjanq

@terjanq
i41nbeer's profile picture.

Ian Beer

@i41nbeer
sniperscandy's profile picture. We snipe memes :)

CandyCoin

@sniperscandy
thedarktangent's profile picture. https://t.co/fgXNGNt7gm Abandoned this site in 2022 but hopeful for the future of social media. Consider migrating to DEFCON.socal

Jeff Moss

@thedarktangent
lorentzenman's profile picture. 10011011 00111100 11100111 11111111

Matt

@lorentzenman
hackerscrolls's profile picture. for hackers by hackers Contact: hackerscrolls@gmail.com

Hack3rScr0lls

@hackerscrolls
ScepticCtf's profile picture. Embedded Firmware Fuzzing at https://t.co/h3RnGfm20g. Ph.D. student. Working on advancing embedded systems software security.

Tobias Scharnowski

@ScepticCtf
trendaisecurity's profile picture. A global AI security leader making the world safer for digital information exchange. AI Fearlessly.

TrendAI

@trendaisecurity
spaceraccoonsec's profile picture. Author of "From Day Zero to Zero Day" - No Starch Press. Every day is 0day!

spaceraccoon | Eugene Lim

@spaceraccoonsec
mwulftange's profile picture. Principal Security Researcher and Pâtissier at @codewhitesec

Markus Wulftange

@mwulftange
liamsomerville's profile picture. Learn more, do more.

liam

@liamsomerville
k8em0's profile picture. @LutaSecurity CEO @payequitynow MIT&Harvard visiting scholar, @MasonNatSec fellow, 1/2 Chamoru, hacker @k8em0.bsky.social Legacy blue check

Katie🌻Moussouris (she/her/she-ra/she-hulk) 🪷

@k8em0
ally_o_malley's profile picture. Ethical hacker with a focus on iOS, web, and API security. https://t.co/UEAHujr2mj

Allyson O'Malley

@ally_o_malley
kellthenoise's profile picture. Previously Red team @ Salesforce, SpecterOps & Big4 | Interested in security, puns, and mountains | Opinions my own @kellthenoise@infosec.exchange

Kelly Villanueva

@kellthenoise
vickieli7's profile picture. Infosec nerd. Hacks and secures. Creates god awful infographics. Author of #BugBountyBootcamp. Security @instacart.

Vickie Li

@vickieli7
kbatygin's profile picture. Planetary Science Prof at @Caltech | Vox & Guitar at https://t.co/EH8ewMgoDz

Konstantin Batygin

@kbatygin
RachelTobac's profile picture. Friendly Hacker & CEO @SocialProofSec security awareness/social engineering prevention Training, Videos, Talks | 3X @DEFCON🥈| Ex CISA gov Tech Advisory Council

Rachel Tobac

@RachelTobac
alphasnupe's profile picture. 90s Hacker; Chief Scientist at STR

Curtis Walker

@alphasnupe
otavorteppesuig's profile picture. Security Researcher @ Veracode ... [... your usual company disclaimer here ...]

Giuseppe Trovato

@otavorteppesuig
sberbank's profile picture.

Сбер

@sberbank

United States Trends

You might like

Something went wrong.


Something went wrong.