Rojan Rijal
@mallocsys
Offensive security research & building @OphionSecurity
You might like
I just got access to an attacker's daily diary. Here is what I learned 👇 🕘 9:00 AM: Clock in. 🔎 9:12 AM: Google Dork says dev-login.company.com is still alive. 😎 9:30 AM: No rate limits, no auth. Just vibes. 🗃 10:00 AM: Dumped staging DB from test-api-v2.company.net.…
It was amazing to present at @_kernelcon_ today. Thank you for the gift KernelCon team! #kernelcon #offensivesecurity #researchontheroad
💥 Q1 Update from the Field: Real-World Hacking with Orion 💥 In Q1, we pointed Orion, our offensive Attack Surface Management platform, at a large enterprise to see what it could uncover. The results speak for themselves: 🔍 𝟵 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗿𝗲𝗽𝗼𝗿𝘁𝗲𝗱…
Not yet a full multiplayer but doing some basic "Simon Says" style game with increasing difficulties. Will add leaderboard style system soon. Open to ideas to improve it further @levelsio taptastic.app
taptastic.app
Taptastic
Test your memory with Taptastic!
tj-actions compromise is a great reminder that pinning the action/dependency to a commit SHA instead of a version tag is safer and securer. We monitor repositories of some public organizations, and most of them are safe because they use a SHA like…
stepsecurity.io
Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity
tj-actions/changed-files
Oh wow, a popular GitHub Action (tj-actions/changed-files) was fully compromised. Someone committed a base64-encoded payload that runs a script that in turn prints out encoded secrets… Stay safe out there!
🚨 Continuous Monitoring Prevents Million-Dollar Breaches 🚨 In cybersecurity, threats evolve but so should our defenses. At Ophion Security, we continuously monitor Fortune 500 companies’ public assets not just domains and IPs, but also SaaS services, cloud assets, and web…
I reached level 11 in Taptastic! 🎮 Final speed: Super Fast Tiles: 9 The pattern that defeated me: 🟩 🟨 🟨 🟨 🟦 🟦 🟦 🟨 🟦 🟩 🟩 🟨 Can you beat my score? #Taptastic #memorygame #challenge taptastic.app/?score=11
taptastic.app
Taptastic
Can you beat the Taptastic score of 11?
🧵 Securing Your @DecagonAI Chat Bot 🧵 We've seen a growing number of organizations using Decagon.ai's chat bot to enhance customer support with AI. A quick post on how to make sure you deploy it securely based on a recent issue we saw. 🚨 The issue? If…
Announcing: Ask Us Anything Security - A free security advisory for startups Security often gets pushed to the back burner at startups until something breaks or a big deal requires it. But what if you could get expert security guidance without the overhead? At Ophion…
Live chat histories contain treasure trove of data. From answers to security questions to credentials and more. We found a way to access it all in Cisco's Webex Connect. Read here: ophionsecurity.com/post/cisco-web… #vulnerability #vulnerabilitydisclosure #attacksurfacemanagement
As we build Orion actively, we run it against real world targets with disclosure policy. We did the same for Microsoft. Checkout the demo page to see how we are monitoring more than 4,000 users and 160,000 repositories of Microsoft and other organizations. app.storylane.io/share/uj1vg9vo……
app.storylane.io
Feature Highlight: GitHub Monitoring with Orion
I looked at all the AWS OIDC integrations I could find to identify how they might be misconfigured and to understand the variations that different vendors have in how they set these up. wiz.io/blog/avoiding-…
🦊🌊 Proud to have contributed to a safer digital world in 2024! 23 vulnerabilities reported, including 9 critical findings. Special thanks to @Hacker0x01 for providing the platform to make this impact possible. Here's to more secure systems in 2025! 🔒 #BugBounty #CyberSecurity…
Ahhh yeah the classic top tier boxing move...the hug is back. #NetflixFight #TysonPaul
With HackerOne's Scotland Live Hacking Event now slowly wrapping up, I am excited to have had the opportunity to participate this time. I focused primarily on hacking AWS while collaborating on it with @itscachemoney. Currently, we are ranked in the top 10 for AWS based on our…
One of the best part of security research that I love is that it exposes you to learn about different technologies. Randomly, I have learned about different techs that I can reference and help tell organizations how to setup the product like I am an expert on it.…
United States Trends
- 1. Cowboys 66K posts
- 2. Cardinals 29.2K posts
- 3. Nick Smith 4,735 posts
- 4. #WWERaw 58.3K posts
- 5. Jerry 44.4K posts
- 6. Kyler 7,889 posts
- 7. Logan Paul 9,549 posts
- 8. Jacoby Brissett 5,034 posts
- 9. Pickens 6,466 posts
- 10. Koa Peat 5,975 posts
- 11. Javonte 4,036 posts
- 12. Cuomo 163K posts
- 13. Jonathan Bailey 10.4K posts
- 14. Bland 11.7K posts
- 15. AJ Dybantsa 1,309 posts
- 16. Pacers 11.4K posts
- 17. Keba Keita N/A
- 18. Dak Prescott 4,588 posts
- 19. Walter Nolen 1,752 posts
- 20. Villanova 2,039 posts
You might like
-
Tanner
@itscachemoney -
Sajeeb Lohani (prodigysml / sml555)
@sml555_ -
Joel Margolis (teknogeek)
@0xteknogeek -
Jun Kokatsu
@shhnjk -
streaak
@streaak -
Imran Huda(Ahhad)
@imranHudaA -
Prasoon Gupta
@0xdekster -
Ananda Dhakal
@dhakal_ananda -
Michael Blake
@Michael1026H1 -
Luke Tucker
@luketucker -
Smaran Chand
@smaranchand -
Jon Colston
@colston3000 -
d3fp4r4m
@defparam -
Abdelrhman Adel
@K4r1it0 -
Scalar
@Scalar360
Something went wrong.
Something went wrong.