-
Tweets77
-
Followers34
-
Following527
-
Likes484
I've been looking at source code review and had trouble finding real world vulns that link to the problematic source code. Ended up building a quick tool to parse //osv.dev and make the data more searchable. Data is refreshed every 6 hours. oss-vulns.alecmaly.com
TLDR: Don't accept Power Apps / Power Platform permissions prompts unless you trust the source. Blog post: alecmaly.com/blog/2024/02/2… YouTube POC: youtu.be/lNHcZscX5Uw?si… #m365 #powerplatform #powerapps #powerautomate #hacking #infosec
I found 2 stored XSS vulnerabilities in ChatGPT. The XSS bug was the easy part, but sharing it required bypassing CSP, leveraging a mass assignment issue for client-side path traversal (thanks @ctbbpodcast) to force a request to a BFLA endpoint. 🧵 [1/5]
Ok fam. I’m giving away TWO free tickets to my course which takes place in two/three weeks. All you have to do to win is like, retweet this tweet, and reply with “tbhmlive.com!” I’ll pick winners next week! If you haven’t seen my course, check out the link!
🪐 Cantina Code Demo Release 🪐 A new era for security reviews is starting. We will continue to roll out updates and features to make this the best code review experience across any industry. Available to all Cantina researchers to explore below👇
Plenty of big news coming this week with our first competition only 1 week away 👀 What better way to kick off Monday than with a classic Cantina Cipher 🪐 - Prizes - • 1st Correct Answer: $250 USDC • Random Retweet Raffle: Cantina T-shirt (Want a hint? See Below 👇)
This was a fun high severity bug. If you rely on gps spoofing browser extensions for physical security, this may be worth a read. Grateful to ExpressVPN for allowing disclosure. Blog: alecmaly.com/blog/2023/08/2… #BugBounty #bugcrowd #cybersecurity #cybersec
NEW VIDEO!: I was told this was simple - AMD $5,000 Ultimate Tech Upgrade youtu.be/qdoOwCXuePg Enter the giveaway for three AMD Ryzen™ 7 7800X3D CPUs below! lmg.gg/7800x3d-giveaw… #sponsoredby @AMD
We are giving away 5 FREE enrollments for our signature course: *Practical Windows Forensics* on the @TCMSecurity Academy! Retweet and follow @bluecapesec for a chance to win - we'll pick the winners on Friday 5pm EST! #forensics #dfir #giveaway
1,000,000 people use TryHackMe!🔥 🎉 We're giving away a bunch of year-long subscriptions to TryHackMe, plus limited edition t-shirts! Share this post and leave us a comment to enter👇 Here's our journey, the launch of new training labs, and a thank you! tryhackme.com/resources/blog…
Just got worked exploit PoC for path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) with my collab again @yabeow #bugbountytips 👀
Binary exploitation / reverse engineering course github.com/guyinatuxedo/n… A collection of resources for linux reverse engineering github.com/michalmalik/li… A tool to fastly get all javascript sources/files github.com/003random/getJS #bugbounty,#bugbountytips
New blog post outlining how to use my .NET RPC Client tooling from PowerShell and C# to test and exploit local RPC security vulnerabilities. Also an early xmas present for those who enjoy long standing design flaws in UAC :-) googleprojectzero.blogspot.com/2019/12/callin…
Four years ago, we officially announced PentesterLab PRO (after a soft-launch late November)... What a journey! Thanks everyone for your support!
Four years ago, we officially announced PentesterLab PRO (after a soft-launch late November)... What a journey! Thanks everyone for your support!
We promised something awesome, so here you go! Kali 2019.4 is live! kali.org/news/kali-linu… New theme and desktop environment, new Kali Undercover mode, updated way of doing documentation, package your own tools, full Kali desktop on NetHunter, and more!
Defenders should deploy this settings: HKLM\SYSTEM\CurrentControlSet\Control\Lsa Dword: RunAsPPL Value: 1 Protects dumping of Lsass with a simple registry value. Encountered that on an engagement recently. 🤯 Mimikatz driver needed to bypass Details docs.microsoft.com/en-us/windows-…
Everyone knows Driver Signature Enforcement.... 🙃 The problem is: Attackers can load any signed driver and abuse its functionality. For example, the process hacker driver can be abused to dump the memory of lsass.exe. Read about it in my blog😋 repnz.github.io/posts/abusing-…
I'm publishing my work on the practical testing and breaking of JWT authentication. mazinahmed.net/blog/breaking-… The scripts that can make your JWT testing easier: github.com/mazen160/jwt-p… Feedback are always welcome!
VINCHI @iamvinchi
322 Followers 2K Following Learning @CyfrinUpdraft | Web3 security researcher | Smart contract Auditor in progress.
🅿️kkontheway @zzzkkk12355
182 Followers 2K Following CRTO/Cloud Security/CKA/CKS/Web3Sec/Learning Rust🦀️/Web3Wiki https://t.co/FlMIWTFB9w
brendan @shankshaft_
1K Followers 674 Following Building @GuardianAudits | Prev. cofounder @audit_wizard | also @Filecoin, @CryptexFinance, @ZFellows_
Lord0xShield @Lord0xShield
110 Followers 1K Following Security researcher👨🔬 Busy finding vulnerabilities⚡️in Web2 & Web3 to make the digital world a more safe and secure space🛡️🇫🇷
Alexander.de.Korn @AlexanderdeKor1
5 Followers 641 Following
Tadev @0xtadev
337 Followers 1K Following
TradMod @TheTradMod
576 Followers 1K Following Blockchain Security Researcher ⚔️ | SR @block_apex | Hunter @immuenfi
0xvangrim @0xvangrim_
886 Followers 948 Following Securing smart contracts @midgarxyz 🧑🚀 | Cursor Ambassador | DM for private audits
Audinarey @Audinarey
386 Followers 457 Following Smart Contract Security Researcher. Reach out for a smart contract security review
nisedo @nisedo_
4K Followers 2K Following I stare at smart contracts until one of us breaks @trailofbits | @soliditors 🇫🇷
cergyk @cergyk1337
3K Followers 818 Following Gerber image security researcher | Creator of https://t.co/pVs04C2qW9 | LSR @ Spearbit, Sherlock | https://t.co/hS6ELCXyjg
Leah @ormsbyleah36
246 Followers 3K Following
100proof.org @1_00_proof
4K Followers 518 Following Interested in software correctness. Cryptocurrency security researcher - https://t.co/eZHZozB05V - https://t.co/bLGkkx5E0e
cRat1st0s @cRat1st0s
204 Followers 1K Following Web3 Security Research | @code4rena backstage warden | @codeHawks hawk | Casual #trader
Scarlett🔥🌸 READ... @_orangera1n
3K Followers 1K Following I like to post about tech things, mostly apple. Sometimes #appleinternal (sorry), genshin (also sorry). Opinions might not be 100% mine. She/her, minor
G3C @G3CUK
413 Followers 354 Following Glasgow Caledonian Cyber Conference (G3C) is West of Scotland's first student-led Cyber security convention. 💻🏴
ZeroSecurity @Zer0Security
11K Followers 1K Following Stay updated with the latest in #InfoSec & #Blockchain news along with the threat trends impacting both sectors.
Joe B. - BlindHacker ... @TheBlindHacker
13K Followers 3K Following | #Hacker | #Speaker | #Mentor | #BlindGuy | #LHON | #a11y | #988 | 💀🧪⚗️ | @DeadPixelSec @NovaHackers @hacknotcrime Advocate @_MentorVillage @NextGenRedTeam
Cyber Startup Observa... @CyberSecOb
14K Followers 10K Following The largest global Cyber Security Research & Innovation Platform. On a mission to foster Innovation, share high-quality Insight and promote Leadership.
Erika Noerenberg gutt... @gutterchurl
3K Followers 3K Following malware and kittens, basically. she/her
MZ @MZ_CoolLab365
78 Followers 397 Following Consultant #Office365 Collaboration #SharePoint #MicrosoftTeams
Drew @ToDrawPastTense
0 Followers 28 Following
HUH corporate @Huhcorporate
8K Followers 9K Following Designed to change company culture. HUH corporate offers unique technology to inspire employees and create dedicated solutions for companies' needs.
Kickstarter Forum @kickstartforum
25K Followers 26K Following Share your #Kickstarter on our forum! Also, find useful #crowdfunding tips and cool projects to support. Not affiliated with Kickstarter. Managed by @sbriggman
Leo Vela @LeoVela
48 Followers 734 Following
Eva Kendall @Eva5starbdght
115 Followers 667 Following
Olga @olgavanbolt
10 Followers 107 Following
clearbluejar @clearbluejar
2K Followers 360 Following Security Researcher | Founder @clearseclabs | Research | Learn | Write | Code | Repeat | https://t.co/0lF2NPtj5H | Author of #ghidriff | #patchdiffing
Soroush Dalili @irsdl
20K Followers 909 Following Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker, @SecProjectLtd founder 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐
RyotaK @ryotkak
7K Followers 662 Following Security researcher? | Icon: @MelvilleTw | Private: @RyotaK_Private | Misskey: https://t.co/63E5Rpv2pk | Blog: https://t.co/c7NFQXhV90
Japz 🕷️🏴�... @japzdivino
5K Followers 1K Following Bug Bounty Hunter | OSCP | CBBH | https://t.co/ceCcrmIzOp
pwning.eth | Offside ... @PwningEth
6K Followers 21 Following the newest pwn star on the block(chain)! won $8M+ bounty✨ for protecting $300M+ funds at risk🔥| Whitehat @Immunefi Hall of Fame 🏆| @Offside_Labs CTO
vx-underground @vxunderground
368K Followers 290 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Chris Wysopal @WeldPond
55K Followers 1K Following Hacker. Co-founder/CTO Veracode. Former L0pht security researcher. GenAI Auto-repair of vulns is the future @weld.bsky.social @[email protected]
REcon @reconmtl
17K Followers 693 Following REcon: Annual reverse engineering and security conference held in Montreal.
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
sorryNotsorry @0xSorryNotSorry
3K Followers 520 Following Member of @0xDup1337 || Judge at @code4rena & @cantinaxyz || SR @SecurityOak & @zenith256 Portfolio: https://t.co/G6d6gAbsQb
Theo - t3.gg @theo
244K Followers 4K Following Full time CEO @t3dotchat. Part time YouTuber, investor, and developer
Lupin @0xLupin
17K Followers 678 Following Roni Carta alias Lupin. Co-Founder of Lupin & Holmes. R&D. Red Teamer. Bug Hunter. Musician 🤘
RareSkills @RareSkills_io
13K Followers 0 Following ZK: https://t.co/mRKtMB6drC Rust: https://t.co/FnOBJDlYuI Solidity: https://t.co/KBSAmRZZF6 @RareCodeAI | @RareTalent_xyz
Andy Nguyen @theflow0
61K Followers 446 Following The opinions stated here are my own, not those of my company.
Eldar @PikuHaku
2K Followers 223 Following Full-time security researcher and bug bounty hunter | CTF player @KalmarunionenDM | Researcher for @ctbbpodcast lab | Opinions are mine and mine only
David Bombal @davidbombal
170K Followers 690 Following YouTube: https://t.co/xGPVEj6ULN Discord: https://t.co/GZI30F45va Website: https://t.co/MpcS9ylBrV
deliriusz @deliriusz_eth
2K Followers 768 Following Security Researcher | Bounty Hunting on @code4rena | @0xDup1337 proud member | For team audit requests: https://t.co/jtCu75hMhJ
Marques Brownlee @MKBHD
6.2M Followers 480 Following Web Video Producer | ⋈ | Pro Ultimate Frisbee Player | Host of @WVFRM @TheStudio
Casey Muratori @cmuratori
61K Followers 145 Following Programming: https://t.co/Bdh1Xj2PpV Comics: https://t.co/fmdjK9HFxW
Bloqarl | Zealynx @TheBlockChainer
5K Followers 724 Following Smart Contract Auditor & Founder of @ZealynxSecurity 🔗 https://t.co/7CtyPunYeu Request an audit → https://t.co/eBXtj1puND
MetaTrust Labs @MetaTrustLabs
22K Followers 280 Following Builder-first Web3 AI Security | Building @Agent_Layer @MetaTrustAlert | 1st AI Auditor Aegis https://t.co/rjn9kualgt | https://t.co/1c3iYFOY9G
The DFIR Report @TheDFIRReport
62K Followers 0 Following Real Intrusions by Real Attackers, the Truth Behind the Intrusion. Services: https://t.co/XW613EKt2w
13Cubed @13CubedDFIR
7K Followers 0 Following The official Twitter account for 13Cubed. Follow @davisrichardg for my personal account.
Johan Carlsson @joaxcar
6K Followers 181 Following Father and full time bug hunter 🐞 currently on https://t.co/CMDtCLppy8
Ron Masas @RonMasas
1K Followers 217 Following trying to predict the next token to make you think i’m a security researcher.
Antonio Viggiano @agfviggiano
3K Followers 1K Following views are my own building @SizeCredit cofounder @getreconxyz auditor @spearbit @SecurityOak
EV_om @0xEV_om
2K Followers 587 Following #1 @ https://t.co/9638c4D0zh w/ Radiant Labs | Audits @zenith256 @CertoraInc | Judge @code4rena @cantinaxyz | Solidity, Cairo, Rust
Renascence @RenascenceLabs
892 Followers 4 Following Providing premium security services. A team of security experts with 14 first-place finishes on Code4rena/Sherlock
Mint Club @MintClubPro
77K Followers 572 Following Grow your child tokens in Mint Club - https://t.co/u3VugkPNBb
assume_breach @assume_breach
4K Followers 140 Following Why yall have so many calculators in your screenshots? | QAnon Red Team | Labeled Misinformation Propagandist
Joel Margolis (teknog... @0xteknogeek
16K Followers 1K Following AppSec by day, Hacker by night || Puzzle addict
Auditware @audit_wizard
3K Followers 497 Following Industry leading OpSec audits, security tools, and code reviews performed by true security wizards
Karan @0xDISREL
3K Followers 662 Following CTI Analyst & Malware Researcher | Staff at @vxunderground | PTC
Mr Anon @ShieldifyAnon
6K Followers 486 Following Founder of @ShieldifySec🛡️ Blockchain security audits. Your security partner, for the long term.
LonelySloth @lonelysloth_sec
3K Followers 267 Following @Immunefi Elite All Star. https://t.co/p5mT2Rz3iS
cergyk @cergyk1337
3K Followers 818 Following Gerber image security researcher | Creator of https://t.co/pVs04C2qW9 | LSR @ Spearbit, Sherlock | https://t.co/hS6ELCXyjg
gmhacker @realgmhacker
6K Followers 619 Following aerospace engineer 🚀 Head of Security @immunefi 🪲 Security Council @arbitrum 🔑 Advisory @felixprotocol 🐱 Taught @RareSkills_io 😎 views are my own, NFA 🇵🇹
deadrosesxyz @deadrosesxyz
9K Followers 450 Following i find bugs for a living | Foundoooor @YieldoorFi
Haifei Li @HaifeiLi
8K Followers 151 Following For contact in the security community. NOTE: All the tweets are totally my personal opinions, not about any of my current employer stuff.
Vladimir S. | Officer... @officer_cia
50K Followers 228 Following Threat Researcher • OpSec Guru • Admin @10b57e6da0
Justin Gardner @Rhynorater
35K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
Xiaoming9090 @xiaoming9090
2K Followers 2K Following Founding Security Researcher @blackthornxyz | Lead Senior Watson @sherlockdefi | Security Researcher @SpearbitDAO | Portfolio: https://t.co/sg2mgn4ZkMTrends for United States
You might like
