Twitter | Search | |
Alyssa Herrera
I'm a webapp security researcher, bug bounty hunter, , crowdsource, and Ambassador.
1,174
Tweets
810
Following
5,951
Followers
Tweets
Alyssa Herrera retweeted
André Baptista 22h
Just released viewgen, a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys or web.config files. All algorithms supported. TL;DR: Got a web.config file or LFI on ? Pop a shell!
Reply Retweet Like
Alyssa Herrera retweeted
Eric Johnson Apr 20
- A Super Serial Story is officially live. is showing how to wreck .NET apps using deserialization vulnerabilities.
Reply Retweet Like
Alyssa Herrera Apr 20
Replying to @IanColdwater
This was exactly how I felt when I did my first presentation.
Reply Retweet Like
Alyssa Herrera retweeted
Cyber Advising Apr 19
WebLogic Arbitrary File Read(CVE-2019-2615) & WebLogic File Upload(CVE-2019-2618)
Reply Retweet Like
Alyssa Herrera retweeted
Malware Unicorn Apr 20
When you catch your shiba being weird.
Reply Retweet Like
Alyssa Herrera retweeted
Chris Dale Apr 18
One of the best techniques for Intruder is using numbers 00-FF, prefix % then URL decode. Try with and without URL decode to conclude the applications behavior when receiving all possible characters. Record and analyze abnormal results. Battering ram works fine too!
Reply Retweet Like
Alyssa Herrera Apr 19
Awesome to hear.
Reply Retweet Like
Alyssa Herrera retweeted
Uranium238 Apr 19
One way ticket to all places: How we got into slack, JIRA and many internal domains for 20/25 companies:
Reply Retweet Like
Alyssa Herrera retweeted
Security Sandbox (prev Hacker Culture FM) Apr 15
Security Sandbox Episode 9! joins me to talk about how she advocates for equality in our cybersecurity world. We talk about her conference talk, , and her pup Sherlock!
Reply Retweet Like
Alyssa Herrera retweeted
patrick wardle Apr 18
Remember when Apple posted on their website that "It [Mac] doesn't get PC viruses?" 🤔 Of course that was never true, but it's somewhat ironic that they are now (silently) releasing signatures for macOS's built-in "AV" tool (XProtect) to detect "PC viruses" infecting macOS 🤣😂
Reply Retweet Like
Alyssa Herrera retweeted
security gremlin Apr 18
Hi new followers! All of you are welcome here, but here are some things that aren’t welcome: - Nazis - harassing/gatekeeping other folk - tHeRe’S oNlY tWo GeNdErS - “lol stop using your disability as an excuse” 😒 If I ain’t your cup of tea, find another brew somewhere else. ❤️
Reply Retweet Like
Alyssa Herrera retweeted
\u2028\u2029 Apr 18
RCE via AngularJS sandbox escape
Reply Retweet Like
Alyssa Herrera retweeted
James Kettle Apr 18
The team at are developing automatic detection of image processing memory disclosure, for 's Upload Scanner extension! Looks awesome.
Reply Retweet Like
Alyssa Herrera retweeted
InfoSec Community Apr 18
New Write-up on InfoSec Write-ups publication : "HackInterview with Chloé — There is nothing more intimidating than a woman who is empowered"
Reply Retweet Like
Alyssa Herrera retweeted
Detectify Apr 18
It's official. We are sponsoring 2019 in Gothenburg! Come meet the team including one of our co-founders Fredrik N. Almroth and let's talk about automated crowdsourced security!
Reply Retweet Like
Alyssa Herrera retweeted
Synacktiv Apr 16
(Un)authenticated deserialization on Sitecore CMS led and to RCE (CVE-2019-9874 and CVE-2019-9875)
Reply Retweet Like
Alyssa Herrera Apr 17
This is rather interesting method for performing error based sql injection using polygons
Reply Retweet Like
Alyssa Herrera retweeted
publiclyDisclosed Apr 17
Shopify disclosed a bug submitted by filedescriptor: - Bounty: $5,000
Reply Retweet Like
Alyssa Herrera retweeted
SwiftOnSecurity Apr 17
Replying to @hacks4pancakes
how to uwu
Reply Retweet Like
Alyssa Herrera retweeted
DC3 Cyber Crime Center Apr 16
Calling All : We Want To Work With You-
Reply Retweet Like