Sam Thomas @_s_n_t
Security researcher at Oracle. Speaker at Blackhat USA 2018, Successful entries at pwn2own IOT/Mobile 2021,2022,2023,2024, ICS 2022. Opinions are my own etc.. eshu.co.uk Joined September 2008-
Tweets211
-
Followers2K
-
Following86
-
Likes713
Continuing the series of "chase my idols for a selfie", look who's here! The legends Matthias (@matthias_kaiser) and Sam (@_s_n_t), but we are missing @chudyPB and @steventseeley to have a full chain,we miss you guys!
[ZDI-24-088|CVE-2023-22819] (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Uncontrolled Resource Consumption Denial-of-Service Vulnerability (CVSS 5.3; Credit: @_s_n_t of @pentestltd) zerodayinitiative.com/advisories/ZDI…
[ZDI-24-087|CVE-2023-22817] (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability (CVSS 6.3; Credit: @_s_n_t of @pentestltd) zerodayinitiative.com/advisories/ZDI…
Success! Pentest Limited was able to execute an Improper Input Validation against the Samsung Galaxy S23. They earn $50,000 and 5 Master of Pwn points. #Pwn2Own
Success! Pentest Limited was able to execute their 2-bug chain against the My Cloud Pro Series PR4100 using a DoS and SSRF. They earn $40,000 and 4 Master of Pwn points. #Pwn2Own
[ZDI-23-852|CVE-2022-29842] (Pwn2Own) Western Digital MyCloud PR4100 account_mgr Command Injection Remote Code Execution Vulnerability (CVSS 7.5; Credit: Sam Thomas (@_s_n_t) of Pentest Ltd (@pentestltd)) zerodayinitiative.com/advisories/ZDI…
[ZDI-23-851|CVE-2022-36326] (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Uncontrolled Resource Consumption Denial-of-Service Vulnerability (CVSS 6.5; Credit: Sam Thomas (@_s_n_t) of Pentest Ltd (@pentestltd)) zerodayinitiative.com/advisories/ZDI…
[ZDI-23-850|CVE-2022-29840] (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability (CVSS 7.3; Credit: Sam Thomas (@_s_n_t) of Pentest Ltd (@pentestltd)) zerodayinitiative.com/advisories/ZDI…
[ZDI-23-774|CVE-2023-21516] (Pwn2Own) Samsung Galaxy S22 McsWebViewActivity Permissive List of Allowed Inputs Remote Code Execution Vulnerability (CVSS 8.8; Credit: Sam Thomas (@_s_n_t) of Pentest Ltd (@pentestltd)) zerodayinitiative.com/advisories/ZDI…
Our own @kreepsec has been exploring Remote Procedure Call (RPC) vulnerabilities. He shares his insights on setting up a research environment and starting the bug-hunting journey. buff.ly/3M6hLvV
Highlights from Day 3 of #Pwn2Own Toronto: Pentest Limited targeting the Samsung Galaxy S22
He’s only gone and done it again!!! @_s_n_t has successfully compromised the Samsung Galaxy S22, earning 5 MoP points and $25k. That takes his overall #Pwn2Own Toronto 2022 total to 9 MoP points and $45k in prize money! Huge congrats Sam, proud of you! 🎉🥳🎉 #P2OToronto
He’s only gone and done it again!!! @_s_n_t has successfully compromised the Samsung Galaxy S22, earning 5 MoP points and $25k. That takes his overall #Pwn2Own Toronto 2022 total to 9 MoP points and $45k in prize money! Huge congrats Sam, proud of you! 🎉🥳🎉 #P2OToronto
And the last Samsung Galaxy S22 attempt for the competition was a success for the team @ #P2OToronto ! #Pwn2Own
The result is in, NO DUPLICATIONS! 🎉🥳🎉🥳🎉 Well done @_s_n_t, 4 MoP points and $20k for successfully pwning the WD My Cloud Pro Series PR4100! On to the Samsung Galaxy S22 at 10.30pm (GMT) #Pwn2Own #P20Toronto
The result is in, NO DUPLICATIONS! 🎉🥳🎉🥳🎉 Well done @_s_n_t, 4 MoP points and $20k for successfully pwning the WD My Cloud Pro Series PR4100! On to the Samsung Galaxy S22 at 10.30pm (GMT) #Pwn2Own #P20Toronto
Our #Pwn2Own attempt on the WD My Cloud Pro Series PR4100 (NAS category) went through 1st time🎉🥳🎉. Now the wait - please don't be a duplication, please don't be a duplication.
3 unique bugs net Pentest Limited $20K and 4 MoP points @ #P2OToronto. #Pwn2Own
We're on the lookout for penetration testers to join our expanding team. Sound like you or someone you know? Take a look at the role and show us what you got! buff.ly/38vJwXS
Confirmed! Sam Thomas (@_s_n_t) from @pentestltd combined an auth bypass and a deserialization bug to get code execution. They win $20,000 and 20 points towards Master of Pwn. #Pwn2Own #P2O
James Kettle @albinowax
79K Followers 92 Following Director of Research at PortSwigger aka Burp Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
LiveOverflow 🔴 @LiveOverflow
155K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
Gareth Heyes \u2028 @garethheyes
37K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
Adam Chester 🏴�... @_xpn_
36K Followers 501 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Will Dormann is on Ma... @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
SinSinology @SinSinology
13K Followers 674 Following Pwn2Own 20{22,23,24,24.5,25,25.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
ℙ𝕒𝕦𝕝 ℝ�... @cornerpirate
2K Followers 1K Following Pentester, guitarist, and optimist. Builder of teams @pentestltd. Words are mine and are not those of my employer. AEAAS (Acronym Expander As A Service)
Justin Gardner @Rhynorater
35K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
Soroush Dalili @irsdl
20K Followers 909 Following Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker, @SecProjectLtd founder 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐
Backd00r🐳 $XTER♦... @TTByaw
199 Followers 2K Following Just a n00b,Just 4 fun Retweeter of InfoSec/Offsec/Pentest/Red Team/DFIR web3 newbee
Gabriel Geraldino @ggs2__
13 Followers 447 Following
munsiwoo @munsiwoo
210 Followers 267 Following web bug bounties / security researcher at @samsungsds
Swan Htet Naing @SwanNaing51575
1 Followers 69 Following
Advance-sec @advance_sec0
763 Followers 705 Following Advance-sec platform: is one of the top leaders in research and acquisition of vulnerabilities and 0day exploits. Email: [email protected] Wire: @advance_sec
Nada Mohamed @NadaMoh90175070
18 Followers 393 Following On fire for uncovering the mysterious and the exciting.🥷🏻
arip petits @AripPetits
6 Followers 1K Following
zein @ZElN_7
1K Followers 381 Following web pentester | bug hunter بحب الانمي والقهوة والقطط وبحب اطبخ
Esteban Guillardoy @sagar38
1K Followers 2K Following Security Researcher (posts & opinions are my own)
Christian Franz Lehne... @reallehnert
833 Followers 1K Following Self-hosting | Breaking things in C/C++ since 2014 | Debian daily driver | i3wm | Cybersecurity nerd | Low patience for idiots | Jewish | HHKB | 🇮🇱 🇨🇭
Kiows ✡︎ @zzzenkay
13 Followers 386 Following
vedicgold @scribie_com
5 Followers 119 Following
Mohsen Ahmadi @pwnslinger
809 Followers 4K Following Security Researcher, MS CS @ASU, @Shellphish, @riscure, @apple, @cisco; Entrepreneur @plugandplaytc 🇮🇷|🇺🇸
Ojaswi Kumar Mishra�... @0xojaxwi
75 Followers 2K Following Old-school Malware & Offensive Security REsearcher | ⚡Kernel Pwner⚡
Amina Djellal @AminaDjell84415
3 Followers 121 Following
Marc Montpas @marcS0H
1K Followers 903 Following Software Entomologist focusing on dangerous species.
Xploit34 @sm_sunny67076
28 Followers 906 Following 🛡️ Bug Bounty Hunter | 💻 Ethical Hacker | 🕷️ Web App Security | Burp Suite & Recon Addict | Break n build the Code | Tweets = Vulns, Tips & Tricks🔥
Carlos Mayorga @Sud0Chul0
599 Followers 6K Following System Administrator | Fortinet | Azure | Entra | #cybersecurity
Daniel Mercado @daniel_mercado
8 Followers 289 Following
Pedro Ribeiro @pedrib1337
9K Followers 342 Following Reverse Engineer | Director @ https://t.co/KuU3tiG1Om | Exploit Chef @FlashbackPwn
Alison Nascimento @AlkatraZ2323
2 Followers 57 Following
Mr.254 @MrHacks254
46 Followers 334 Following Hacktivitst, cyber security enthusiast, digital forensics investigator , security consultant.
Gabriela Lopez @Gaby_Bytes_Back
57 Followers 347 Following Fighting evil by moonlight. Security Researcher
~/leo @uint16_
23 Followers 300 Following Cybersecurity enthusiast • art passionate • psychology enjoyer • philosophy appreciator
Sameh Malak @s4muii
110 Followers 893 Following Reverse Engineer | Malware Analyst | CTF player@L3ak
Patrick Ventuzelo @Pat_Ventuzelo
4K Followers 1K Following Founder & CEO of @FuzzingLabs | Security Researcher focused on Fuzzing & Vulnerability Research | Rust, Go, Wasm, Browser, Telecom, Blockchain & web3 Security
Hugow @hugow_vincent
913 Followers 975 Following Red Team and research @synacktiv @rustyphasm.bsky.social
Silvio Cesare @silviocesare
11K Followers 1K Following CTO of @infosectcbr. Co-founder of @bsidescbr. Still hacking.
Moritz Sanft @stdoutput
658 Followers 623 Following student, security software engineer, ctf @fluxfingers @[email protected]
ksecurity @ksecurity45
211 Followers 387 Following Security Researcher & Pentester aka Exploit Developer
Splintersfury @Splintersfury
205 Followers 1K Following Malware analyst and cybersecurity professional focused on Windows kernel internals and reverse engineering.
Nitesh Surana @_niteshsurana
689 Followers 1K Following Cloud Research w/ Trend Micro | Opinions/retweets are personal reflections | Metalhead | If you can, be kind.
Freddo Espresso 🧊 @2039User
81 Followers 333 Following A bit of CTFs, Fuzzing, Exploits, Bug Bounties, Conferences, Go, Traveling and Running. Thus, a byte.
tlk @tlk___
799 Followers 1K Following
James Kettle @albinowax
79K Followers 92 Following Director of Research at PortSwigger aka Burp Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Adam Chester 🏴�... @_xpn_
36K Followers 501 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
SinSinology @SinSinology
13K Followers 674 Following Pwn2Own 20{22,23,24,24.5,25,25.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊
ℙ𝕒𝕦𝕝 ℝ�... @cornerpirate
2K Followers 1K Following Pentester, guitarist, and optimist. Builder of teams @pentestltd. Words are mine and are not those of my employer. AEAAS (Acronym Expander As A Service)
Pedro Ribeiro @pedrib1337
9K Followers 342 Following Reverse Engineer | Director @ https://t.co/KuU3tiG1Om | Exploit Chef @FlashbackPwn
h0wl @h0wlu
4K Followers 2K Following 🛡️@redteampl Co-founder 🦉@BlackOwlSec Founder 🧜♀️@WarConPL Co-founder 👨🔬Fuzzing 🕵️Web2 & Web3 Security 🪽Angel Investor
G. Geshev @munmap
4K Followers 360 Following Skating fraud and bug preservationist. Shell smuggling business in the past. I once had a Pwnie. Bon pour l'Orient. New(er) Labour.
Michael DePlante @izobashi
4K Followers 739 Following Security Researcher at the Zero Day Initiative. DMs open.
kreep @kreepsec
153 Followers 264 Following Red Team 📕, Windows 🪟, Maldev 🦠 If people didn't write bad code, I wouldn't have a job.
Piotr Bazydło @chudyPB
4K Followers 307 Following Principal Vulnerability Researcher at watchTowr | Previously: Zero Day Initiative | @[email protected]
Connor Jones @ConnorLBJones
433 Followers 523 Following Cybersecurity Reporter @TheRegister. Ex-@ITPro. Send tips. I love tips. Be generous with them in my DMs (no PRs) or ask for Signal
Davey Winder @happygeek
15K Followers 3K Following Senior Contributor @Forbes Contributing Editor @pcpro - he/him - [email protected] - "All My Opinions Are Belong To Me"
The Dustin Childs @dustin_childs
2K Followers 352 Following Parked account. I usually post stuff over where the sky is blue.
sam ⌖ @sammooore
8 Followers 446 Following
North East Ladies Hac... @NorthEastLHS
583 Followers 583 Following 👩🏻💻 North East Chapter of @LHS_LON Cybersecurity meetup for women 💻 Sharing technical knowledge & skills #infosec #cybersecurity Register interest ⬇️
Lulu Eden @lulu_scarlett
110 Followers 381 Following
Pentest @pentestltd
1K Followers 368 Following We put your organisation's #Cybersecurity efforts to the test, providing you with the cybersecurity confidence you need. Part of Shearwater Group plc.
T. @trendytofu
861 Followers 636 Following something something Cyber, something something security something.
James Walker @jameswalk_er
646 Followers 1K Following Editor, journalist, author // Senior editor at Data Center Knowledge.
Brian Gorenc @MaliciousInput
3K Followers 495 Following Leader of the Zero Day Initiative. Pwn2Own organizer and adjudicator. Trafficker of export-controlled intrusion software. Bug Hunter.
Charles Fol @cfreal_
4K Followers 667 Following previously @ambionics @LexfoSecurite – blogs: https://t.co/cLoNdCGPU7 https://t.co/JVMLjUzTJU https://t.co/t9a5IcOXSU
Dominic Chell 👻 @domchell
18K Followers 540 Following Just your friendly neighbourhood red teamer @MDSecLabs | Creator of /r/redteamsec | https://t.co/3k3EBAZqGd | https://t.co/KwO2OwDOkl
Sebastián R. Castro @r4wd3r
1K Followers 446 Following Ph. D. wannabe at @UCSC. Security & AI at @amazon @awscloud
Mauro Paredes @mauroparedes
255 Followers 1K Following Security Enthusiast | PenTester | Cybersecurity Consultant | Security Architect #InfoSec #OffSec #Hacking #AppSec (My tweets are my own)
Ambionics Security @ambionics
2K Followers 92 Following A @LexfoSecurite service. Ambionics is combining the best of human intelligence and technology to continuously assess the security of your applications.
Micky Sung @DotBeepBoop
91 Followers 202 Following ╯°□°)╯︵ ┻━┻ Chinese born. Yorkshire bred. Not A Doctor. ┬──┬ ¯\_(ツ)
Giovanni Interi @GioInteri
19 Followers 88 Following
Black Hat @BlackHatEvents
420K Followers 2K Following The World's Premier Technical Cybersecurity Conference Series
Mitch Bradley @MJBradley5
105 Followers 245 Following
Matthias Kaiser @matthias_kaiser
6K Followers 1K Following Java/Android Vulnerability Researcher. 0xACED. Ex-Apple. Now @matthiaskaiser.bsky.social
HackSys Team @HackSysTeam
10K Followers 628 Following Vulnerability Research, Kernel Exploitation, Reverse Engineering, Exploit Development, Program Analysis, Malware Research, Web, Machine Learning
Noam Rathaus 🌪️ @nrathaus
1K Followers 18 Following Angel Investor, Founder at Beyond Security Seed Investor at Eclypsium Angel Investor at FLYTech Investor at ArcusTeam CTO at Beyond Security
Sam Houston @samhouston
9K Followers 3K Following Podcaster. Here to talk about @blink182, UAPs, cybersecurity 🤙
IoT Village @IoTvillage
14K Followers 834 Following The place for #iot hacking, workshops, talks, and contests. Organized by: @ISEsecurity
Ross @PwnDexter
1K Followers 297 Following Security Engineer | Ex Red Team Lead now turned Blue Team | Author of SharpEDRChecker | Build, Hack, Break, Fix, Learn, Repeat | Every day is a school day!
Mark @t1nfo1l_hat
59 Followers 175 Following
Nour @N_alomary
111 Followers 338 Following
Tom Langan @TomNLangan
56 Followers 751 Following
Mr.Hx0r @PRWHarris
2K Followers 508 Following
Clare Cavanagh @Clarecav01
96 Followers 301 Following
Craig Lawson @_craiglawson
399 Followers 1K Following
Charley @kibercthulhu
922 Followers 426 FollowingTrends for United States
You might like
