phd student @ucberkeley working on security (#fuzzing #plse #llm) / intern @hackthedefi
Apr 14 • 9 tweets • 3 min read
Technical details on how we made $10k/hr by mining $ORE via @bloXrouteLabs @jito_sol and GPUs.
[1/8] 🧵
@bloXrouteLabs @jito_sol [2/8] WTF is $ORE
ORE is a token on Solana with a mining program. One can claim ORE from the mining program by sending correct nonces (calculated by trying hashes) to it.
A mining tx looks like this:
Dec 13, 2023 • 7 tweets • 4 min read
😝 Here is the full disclosure of the Twitter XSS + CSRF vulnerability.
Clicking a crafted link or going to some crafted web pages would allow attackers to take over your account (posting, liking, updating your profile, deleting your account, etc.)
On 12/11, @rabbit_2333 posted details about an XSS on the Twitter subdomain .
1. The attacker uses "oowner" to define the owner so that analysis considers the contract has no owner -- really benign in the eye of static analysis! twitter.com/i/web/status/1…