-
Tweets41
-
Followers10
-
Following138
-
Likes239
New write-up on an Intel Ice Lake CPU vulnerability, we can effectively corrupt the RoB with redundant prefixes! 🔥 An updated microcode is available today for all affected products, cloud providers should patch ASAP. lock.cmpxchg8b.com/reptar.html
Brilliant work by our cyber security operations centre: digital.nhs.uk/cyber-alerts/2…
Want to know if someone dumped lsass.exe? Maybe your NTFS journal keeps some #DFIR traces about *lsass*.dmp. Simple, but working! Fully functional PoC C source code (and the compiled exe) as usual: github.com/gtworek/PSBits…
SSRF to RCE with Jolokia and MBeans... thinkloveshare.com/hacking/ssrf_t…
Finally had a moment to test Winlogon password leaking (a.k.a. notifying) on Windows 11. No big surprise. And the flow is: -user enters password -winlogon loads mpnotify.exe -mpnotify opens RPC channel -winlogon sends pass via RPC -mpnotify forwards to DLL -DLL stores it on disk
We wanted to fuzz all 0x10ffff characters in unicode for various CSS keywords. So we built a cool fuzzer! Want to know what characters break out of CSS strings? portswigger-labs.net/css-fuzzer/ind…
Hello, I now have a streaming schedule. I'll have two educational days, and one random hacking days. There may be other unscheduled streams, but this is what the people want! twitch.tv/gamozo/schedule Tomorrow we start by getting Rust running on NT3.5 for MIPS and start hacking!
No one told me I couldn't, so I'm running a free Cloud Attack and Response workshop on 11/10 using 3 modules and 3 labs from SANS SEC504 Hacker Tools, Techniques, and Incident Response. Even if you can't attend, sign up to access the lab resources! sans.org/webcasts/tech-…
Added a maldoc that downloads formbook 👉 github.com/jstrosch/malwa…
I’ve been getting quite a few inquiries about the next Advanced Fuzzing and Crash Analysis class. The next one (and last one of 2021) is November 21-24 on US Pacific time. If you can’t make it, I will continue to offer training in 2022 as well! sectrain.hitb.org/courses/advanc…
Confirmed! The @Synacktiv team leveraged a configuration error bug to get code execution on the PR411. They earn $40,000 and 4 Master of Pwn points. They are now in a tie for 3rd in Master of Pwn standings. #Pwn2Own #P2OAustin
Success! Q. Kaiser & T. Shiomitsu from IoT Inspector Research Lab were able to get code execution on the LAN interface of the Cisco RV340 router. They head off to the disclosure call to provide the details. #Pwn2Own #P2OAustin
Success! The @Synacktiv team didn't take long getting their root shell on the WD My Cloud Series PR4100 NAS. The head off to the disclosure Zoom to provide the details. #Pwn2Own #P2OAustin
Confirmed! @theori_io used a stack-based buffer overflow to get code execution on the 3TB My Cloud Home Personal Cloud from WD. This earns them $40,000 and 4 Master of Pwn points, giving them a 1 day total of $80K and 8 points. #Pwn2Own #P2OAustin
Confirmed! The THEORI team combined an OOB Read and a stack-based overflow to take over the WD My Cloud Pro Series PR4100. It's a unique bug chain, so they win the full $40,000 and 4 Master of Pwn points. #Pwn2Own #P2OAustin
Confirmed! The Synacktiv team used a heap overflow to take over the #Canon ImageCLASS MF644Cdw printer. In doing so, they win $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OAustin
The full schedule for #Pwn2Own Austin is now live! We had to deconflict many attempts and work around some logistical challenges, but we aren't complaining about 58 entries. See the schedule at zerodayinitiative.com/blog/2021/11/1… and watch the attempts live on YouTube and Twitch.
Registration for #Pwn2Own Austin is closed, and it's going to be our biggest ever with more than 55 entries. We'll be paying full price for all unique exploit chains. It's going to be an amazing contest full of exploits and intrigue. #P2OAustin #HaveFun
Two more Chrome zero-days detected in the wild, let’s find out where is the Internet Explorer and start to use it. chromereleases.googleblog.com/2021/10/stable…
Mitchel Murphy @MurphyMitc97705
1 Followers 174 Following Recruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/fy8W8yaJjQ
Tyloseau @tyloseau35173
46 Followers 1K Following I live alone now and enjoy business, traveling, shopping, food and music. I have a calm personality and I hope we can be friends.
Salome @Sheau23944
25 Followers 2K Following Getting better slowly is the best gift you can give yourself.
Resilience Cloud @ResilienceCloud
288 Followers 537 Following We're better together. Resilience Cloud is a global community of risk/resilience industry service providers. 20 specialties under one roof. No more silos.
🇺🇦Mike Saunders @hardwaterhacker
3K Followers 2K Following Fishing, hiking, photography, music, & cigars. Principal Consultant @RedSiege so I can pay for my hobbies. @hardwaterhacker.bsky.social
Pokeskins @jkritter1
85 Followers 346 Following
Army Cyber Institute @ArmyCyberInst
13K Followers 4K Following Research|Educate|Advise| ACI is a Cyber Think Tank that connects change makers to meet our nation's global cyber challenges.
Austin Gossmeyer @geekthattweaks
356 Followers 2K Following Cyber security enthusiast who enjoys reading, diving, rock climbing, martial arts, and long walks on the beach......
Dr. Nighthawk @N1ghtHawk1
302 Followers 413 Following
Alex Plaskett @alexjplaskett
12K Followers 571 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
Kαι @0xUrbanWolf
17K Followers 276 Following I never brag how real I keep it, cuz it's the best secret — Nas, Take It In Blood
rootsecdev @rootsecdev
26K Followers 1K Following Senior Security Consultant @TrustedSec | Military grade meme poster, researcher, cloud penetration tester, voider of warranties. My thoughts are my own.
Grzegorz Tworek @0gtweet
36K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
[email protected] @Zardus
7K Followers 88 Following Retired @DEFCON CTF org, @Shellphish Captain Emeritus, @ASU Prof, @angrdothorse hacker, @pwncollege sensei, @ACE_Inst Director.
Zhenpeng Lin @Markak_
3K Followers 384 Following Ph.D., CTF player @Nu1L_team, now @StrawHat_CTF. #Pwn2Own winner. Author of #DirtyCred #Badiouring
kylebot @ky1ebot
6K Followers 319 Following CTF player @Shellphish | PhD Student @ASU | @angrdothorse dev | Author of how2heap | Vulnerability Research Hobbyist | @[email protected]
mr.d0x @mrd0x
44K Followers 296 Following Security researcher | Co-founder https://t.co/QxBlzp9A8w | https://t.co/zqMXQRZjQN | https://t.co/Fq7WSqTBva | https://t.co/eKezFcO6nd
Sam Curry @samwcyo
97K Followers 1K Following Hacker, bug bounty hunter. Run a blog to better explain web application security.
Alvaro Muñoz 🇺�... @pwntester
13K Followers 514 Following Security Researcher with @XBOW. CTF #int3pids. Opinions here are mine! bluesky: https://t.co/9HRRzpBECt
CCob🏴�... @_EthicalChaos_
9K Followers 437 Following Ceri Coburn: Hacker | R̷u̷n̷n̷e̷r̷ DIYer| Vizsla Fanboy and a Little Welsh Bull apparently 🏴 Author of poorly coded tools: https://t.co/P6tT2qQksC
Antonio Cocomazzi @splinter_code
9K Followers 327 Following offensive security - windows internals | BlueSky: https://t.co/ytvJCoaF2c | Mastodon: https://t.co/hNIHa6L14d
Andrea P @decoder_it
8K Followers 290 Following Security Consultant @semperistech . Independent Security Researcher. Cyclist & Scubadiver. MSRC MVR 2022. "So di non sapere"
James Forshaw @tiraniddo
49K Followers 339 Following Security researcher in Google Project Zero. Author of Attacking Network Protocols. Tweets are my own etc. Mastodon: @[email protected]
DirectoryRanger @DirectoryRanger
35K Followers 96 Following This account assembles and disseminates information related to Active Directory and Windows security.
Seismic Dance Event @SeismicTX
9K Followers 401 Following A premier boutique festival catering to the house music & techno enthusiast. 🏴
Phan Thanh Duy 🇻�... @PTDuy
1K Followers 682 Following https://t.co/3ErsOXnHtJ | https://t.co/YffDAg1BZe
Ramdhan @n0psledbyte
2K Followers 786 Following CTF @SuperGuesser (pwn), Security Researcher @starlabs_sg
Thach Nguyen Hoang �... @hi_im_d4rkn3ss
3K Followers 337 Following Security Researcher @starlabs_sg. Pwn2Own Mobile 2020, 2021, 2022, 2023. Pwn2Own Vancouver 2022, 2023, 2024, 2025.
Billy @st424204
1K Followers 95 Following Security Researcher @starlabs_sg Pwn2Own Vancouver 2024,2023,2022,2021 Pwn2Own Austin 2023,2021 Pwn2Own Berlin 2025
starlabs @starlabs_sg
9K Followers 20 Following A Singapore company that discovers vulnerabilities to help customers mitigate the risks of cyber attacks. Organisers of @offbyoneconf
White House Office of... @ONCD
23K Followers 74 Following ONCD’s mission is to advance national security, economic prosperity, and technological innovation through cybersecurity policy leadership.
vx-underground @vxunderground
368K Followers 290 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Brandon Falk @gamozolabs
21K Followers 278 Following I find and exploit 0day, develop OSes, hypervisors and emulators, design massively parallel data structures and code, and do precision machining! Optimization❤️
The Dustin Childs @dustin_childs
2K Followers 352 Following Parked account. I usually post stuff over where the sky is blue.
Bien 🇻🇳 @bienpnn
4K Followers 479 Following P (Million Live!) hackerman at @qriousec & @seasecresponse & @ProjectSEKAIctf Tiếng Việt / English / 日本語 范阮玉邊
Gaurav Baruah @_gauravb_
512 Followers 613 Following vuln excavationist | Pwn2Own (partial) winner 😜
Angelboy @scwuaptx
5K Followers 932 Following Senior Security Researcher at @d3vc0r3 MSRC 2024/2025 MVR Top 100
j00ru//vx @j00ru
37K Followers 826 Following (Mostly) Windows hacker & vulnerability researcher. Google Project Zero. @DragonSectorCTF
Tavis Ormandy @taviso
130K Followers 631 Following Vulnerability researcher at Google. This is a personal stream, opinions expressed are mine. I'm also @[email protected]
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Rémi J. @netsecurity1
996 Followers 611 Following Security engineer interested in reverse engineering, vulnerability exploitation & low level stuff. Working at @Synacktiv. Techno music enthusiast 🎧
Florian Hansemann @CyberWarship
84K Followers 47 Following Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98M
David Weston (DWIZZZL... @dwizzzleMSFT
25K Followers 2K Following Corporate Vice President, OS Security and Enterprise @Microsoft
Austin Gossmeyer @geekthattweaks
356 Followers 2K Following Cyber security enthusiast who enjoys reading, diving, rock climbing, martial arts, and long walks on the beach......
Grifter @Grifter801
19K Followers 537 Following Threat Hunting & DFIR, Hacker, Geek, DEF CON & Black Hat CFP Review Board Member, DEF CON Contest/Events/Demo Labs Dept. Head, Black Hat Staff, DC801 Founder
Microsoft Security Re... @msftsecresponse
145K Followers 215 Following We are the Microsoft Security Response Center. To report security vulnerabilities or abuse in Microsoft products, visit https://t.co/kxEbdfMny1.
spaceraccoon | Eugene... @spaceraccoonsec
25K Followers 302 Following Here to learn! Infosec@Open Government Products | White Hat && SecOps
Haifei Li @HaifeiLi
8K Followers 151 Following For contact in the security community. NOTE: All the tweets are totally my personal opinions, not about any of my current employer stuff.
North Central CCDC @NC_CCDC
319 Followers 7 Following DSU Security Weekend! North Central CCDC & @DakotaCON. Mark off March 31- April 1, 2017. See you on the DSU campus!
Trends for United States
You might like
