Michael Stepankin @artsploit
Security Researcher at @GHSecurityLab artsploit.blogspot.com London, England Joined July 2014-
Tweets295
-
Followers7K
-
Following574
-
Likes1K
Prompt injections are a serious concern for VS Code Copilot Agent. Discover how attackers can create GitHub issues with harmful instructions and find out how to protect the coding agent effectively. github.blog/security/vulne…
0
6
9
1K
5
Michael Stepankin retweeted
The curious case of exploiting locally running web app securitylab.github.com/advisories/GHS…
Michael Stepankin retweeted
The industry is ablaze w speculation around yesterday's publicly disclosed Veeam Software Backup & Replication RCE vulnerabilities (CVE-2025-23120). We reported these vulnerabilities to Veeam in early February, tracked as WT-2025-0014 and WT-2025-0015. labs.watchtowr.com/by-executive-o…
Just submitted a CFP to @ekoparty where I want to talk about breaking Maven repository managers. This is the one of the craziest and fruitful research projects I've done in my career.
Michael Stepankin retweeted
So happy to had the chance to present for second time at #BlackHat USA! I’m already receiving a lot of messages from people using these techniques to get some nice bounties! If you want to learn more about cache exploitation, the research is available at portswigger.net/research/gotta…
Kafka UI can be a juicy target for bug hunters, here is why: github.blog/2024-07-22-3-w…
Michael Stepankin retweeted
Time to retire some content! JNDI Injection Remote Code Execution via Path Manipulation in MemoryUserDatabaseFactory: srcincite.io/blog/2024/07/2…
We take pet’s security seriously!
We take pet’s security seriously!
Michael Stepankin retweeted
🚨 New Blog Alert! 🚨 Can an attacker execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities in Ruby can be exploited and how they can be detected with CodeQL. 🔗 Read the full post: github.blog/2024-06-20-exe… Stay safe and code responsibly! 🛡️💻
Michael Stepankin retweeted
Michael Stepankin retweeted
In this post I'll use CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported last November to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled. github.blog/2024-03-18-gai…
Michael Stepankin retweeted
The SSRF/auth bypass affecting Ivanti Pulse Connect Secure (CVE-2024-21893), is a great example of what can be achieved with a fully blind SSRF vulnerability (RCE). Read the @assetnote blog here which includes a reliable payload and generation steps: assetnote.io/resources/rese…
Michael Stepankin retweeted
Discover the latest insights from our @GHSecurityLab team’s audit on @home_assistant security! 🛡️ github.blog/2023-11-30-sec… #CodeReview
Michael Stepankin retweeted
In this post I'll use CVE-2023-4069, a type confusion bug in the Maglev JIT compiler of Chrome that I reported in July, to gain RCE in the Chrome renderer sandbox: github.blog/2023-10-17-get…
Michael Stepankin retweeted
Video of my PoC for CVE-2023-43641: out-of-bounds array access in libcue. libcue is used by tracker-miners, which automatically scans new files in ~/Downloads, so the bug is triggered by downloading a file.
Michael Stepankin retweeted
#CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution
Some ideas on how to attack and protect mTLS and certificate authentication in my recent blogpost
Some ideas on how to attack and protect mTLS and certificate authentication in my recent blogpost
Ben Sadeghipour @NahamSec
233K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
Sam Curry @samwcyo
97K Followers 1K Following Hacker, bug bounty hunter. Run a blog to better explain web application security.
Gareth Heyes \u2028 @garethheyes
37K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
JS0N Haddix @Jhaddix
167K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
James Kettle @albinowax
79K Followers 92 Following Director of Research at PortSwigger aka Burp Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Nicolas Krassas @Dinosn
146K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
zseano @zseano
79K Followers 702 Following #1 Amazon Security Researcher. full time hacking team with @jonathanbouman @fransrosen @avlidienbrunn
PortSwigger Research @PortSwiggerRes
111K Followers 7 Following Web security research from the team at @PortSwigger
Bug Bounty Reports Ex... @gregxsunday
52K Followers 616 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.
Nathaniel @nnwakelam
41K Followers 919 Following
Ptrace Security GmbH @ptracesecurity
59K Followers 867 Following Empowering IT Security Professionals through Hands-On Online Courses.
Frans Rosén @fransrosen
43K Followers 897 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Tuan Anh Nguyen⚡️... @haxor31337
15K Followers 2K Following 29 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
Louis Nyffenegger @snyff
20K Followers 590 Following Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...
Jack Daniels @JackDaniel_1337
4 Followers 267 Following
Cyber_Security @x_CybSec
8 Followers 971 Following
Hope @Hope319396
33 Followers 750 Following
StolzoffD9 @StolzoffD9
1 Followers 222 Following
S1Ck__ @IImmS1cK__
29 Followers 648 Following Tentando seguir como Pentester | Estudante de Cyber Security | Aprendendo Python e outras linguagens | Entusiasta em Hacking all | Meu espaço minhas opiniões 👍
Olen Chelle @ChelleOlen38750
1 Followers 136 Following
AISecHub @AISecHub
4K Followers 4K Following 🚀 AISecHub | AI & Cybersecurity | Discussing AI-driven threats, securing AI systems, and sharing insights on emerging challenges 💡
ajaykumar k v @logikbm
49 Followers 2K Following A techie. | Post, repost or follow does not imply endorsement. Don't follow to get followed. he/him| [email protected] https://t.co/G05ifCDpNy
Mohammad Teimori @mtp1376
108 Followers 329 Following
kareem_osint @KareemOsint
1 Followers 146 Following
Ronak @ronakodhaviya
99 Followers 210 Following
nano_sumoy @NSumoy41392
0 Followers 427 Following
Mohammad Mirzaei @Byt3R1d3r
0 Followers 34 Following
jtct @jtctxx
17 Followers 768 Following
Valwauk @Valwauk146093
17 Followers 697 Following
Lukas Weichselbaum @we1x
2K Followers 505 Following Leading @Google's web security team. Opinions are my own. Bluesky: @webappsec.dev
Kayak_Sinked @vrrucialtir
33 Followers 2K Following
law_sm @lawsm189760
85 Followers 2K Following
Quentin Andrews @quentin_andrews
312 Followers 652 Following https://t.co/cZq4HfJ1Uw Cybersecurity and Tech Support Assistant https://t.co/ZM2rhJikrf Web Dev Entreprenure AI innovator
turb0 @7urb01
270 Followers 110 Following CTBB Full-Time Hunters' Guild Member | JavaScript Exterminator | Part-Time UID 0 |Not afraid to PTRACE_SEIZE | Bits, bytes, and bad ideas https://t.co/0iE5bU44up
Vijay 10 @Vijay10Cyber
2 Followers 177 Following
OA @pullman_ao
1 Followers 75 Following
Tulasi Venkatram R @tvram7
192 Followers 2K Following sports fanatic, doing security for living. 💻🧑💻
Pink Schaden @PSchaden65671
124 Followers 3K Following
Vijay @VijayHacker123
0 Followers 224 Following
m3zalians @m3zalians2137
0 Followers 7 Following
Musayyab @Musayyabm
17 Followers 178 Following
Karina Darbin @DARBINKA
60 Followers 5K Following Interests I Philosophy I Politics | Social Matters
ajex @ajex04702682
0 Followers 31 Following
Chonuk 🧙🏾♂... @chonuk_
168 Followers 1K Following Mechatronic Engineer 🧞♂️ Hacker - Pentester || OSCP 👨🏾💻 Anti-hero 🦹
idos 🇮🇱 @ido_sho
64 Followers 658 Following
I//uS!0nS @c03rci0n
177 Followers 7K Following
see target @morovvatiiiii
10 Followers 422 Following
Prajay Ghimire @Prajay309
0 Followers 61 Following
Aviral Jain @ph1ne4s7
143 Followers 951 Following GSoC'23 @OWASP | CTFs with @InfoSecIITR | IIT Roorkee
Intigriti @intigriti
193K Followers 658 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Ben Sadeghipour @NahamSec
233K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
Sam Curry @samwcyo
97K Followers 1K Following Hacker, bug bounty hunter. Run a blog to better explain web application security.
Gareth Heyes \u2028 @garethheyes
37K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
PentesterLab @PentesterLab
190K Followers 0 Following We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
LiveOverflow 🔴 @LiveOverflow
155K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
bugcrowd @Bugcrowd
187K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
James Kettle @albinowax
79K Followers 92 Following Director of Research at PortSwigger aka Burp Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
zseano @zseano
79K Followers 702 Following #1 Amazon Security Researcher. full time hacking team with @jonathanbouman @fransrosen @avlidienbrunn
PortSwigger Research @PortSwiggerRes
111K Followers 7 Following Web security research from the team at @PortSwigger
Nathaniel @nnwakelam
41K Followers 919 Following
STÖK ✌️ @stokfredrik
135K Followers 1K Following Hi.. im that hacker / creative that your friends told you about., 💫🔮
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Nicolas Grégoire @Agarri_FR
27K Followers 630 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
Ptrace Security GmbH @ptracesecurity
59K Followers 867 Following Empowering IT Security Professionals through Hands-On Online Courses.
Frans Rosén @fransrosen
43K Followers 897 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
AISecHub @AISecHub
4K Followers 4K Following 🚀 AISecHub | AI & Cybersecurity | Discussing AI-driven threats, securing AI systems, and sharing insights on emerging challenges 💡
Lukas Weichselbaum @we1x
2K Followers 505 Following Leading @Google's web security team. Opinions are my own. Bluesky: @webappsec.dev
Ian Goodfellow @goodfellow_ian
346K Followers 1K Following DeepMind Research Scientist. Opinions my own. Inventor of GANs. Lead author of https://t.co/M6vl8pEQ4I Founding chairman of @pubhealthaction
Thomas Dohmke @ashtom
60K Followers 412 Following Building GitHub Copilot for the sake of developer happiness. CEO @GitHub
GitHub Projects Commu... @GithubProjects
186K Followers 105 Following We're sharing/showcasing best of @github projects/repos. Follow to stay in loop. Promoting Open-Source Contributions. UNOFFICIAL, but followed by github
Brendan Dolan-Gavitt @moyix
30K Followers 6K Following Building offsec agents: https://t.co/G9EtnC2Gl3 PGP https://t.co/3WXr0RfRkv
SinSinology @SinSinology
13K Followers 674 Following Pwn2Own 20{22,23,24,24.5,25,25.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊
radu motspan @_moradek_
128 Followers 369 Following
Luke Roberts @rookuu_
789 Followers 479 Following Red Team. macOS Security. Ex-@mwrlabs. Building @phoriontech
Lex Fridman @lexfridman
4.4M Followers 588 Following Host of Lex Fridman Podcast. Interested in robots and humans.
Andrej Karpathy @karpathy
1.4M Followers 1K Following Building @EurekaLabsAI. Previously Director of AI @ Tesla, founding team @ OpenAI, CS231n/PhD @ Stanford. I like to train large deep neural nets.
John Schulman @johnschulman2
65K Followers 1K Following Recently started @thinkymachines. Interested in reinforcement learning, alignment, birds, jazz music
DC4131 - DEFCON CH @defconch
1K Followers 109 Following
Oege de Moor @oegerikus
6K Followers 602 Following CEO and founder of XBOW. Previously: Founder of GitHub Next, founder of GitHub Copilot, CEO and founder of Semmle (GitHub Advanced Security), prof at Oxford.
XBOW @Xbow
10K Followers 6 Following Bringing AI to offensive security by autonomously finding and exploiting web vulnerabilities. Watch XBOW hack things: https://t.co/D5Mco1u8zM
Nico Waisman @nicowaisman
13K Followers 952 Following Head of Security at @XBOW. Former CISO @Lyft. Binary entomologist
Luke (datalocaltmp) @datalocaltmp
1K Followers 556 Following mobile reverse engineering, vulnerability research, using lldb
HTTPVoid @httpvoid0x2f
4K Followers 73 Following Infosec | Managed by @rootxharsh @iamnoooob | Research for @pdiscoveryio
Tarek Bouali @iambouali
3K Followers 789 Following printf "%s & bug hunter. triager at @bugcrowd. %s are my own.\n" "hacker" "views"; echo a.k.a theartisan
hypr @hyprdude
2K Followers 772 Following vuln researcher+exploit dev | pwn2own '24 winner | 0x4141414141 enthusiast | bordeaux enjoyer | friend of all cats | him/he
Federico Kirschbaum @fede_k
7K Followers 4K Following VP of Research & Development @faradaysec. Founder of @ekoparty security conference, Usual suspect, Troublemaker
Ekoparty | Hacking ev... @ekoparty
25K Followers 160 Following The coolest #hacking conference and meeting point in LATAM since 2001 🏴☠️
Martin Doyhenard @tincho_508
3K Followers 227 Following Security Researcher at PortSwigger. Speaker at BlackHat, DEF CON, RSA, Hack In The Box, Troopers, EkoParty
Charles Fol @cfreal_
4K Followers 667 Following previously @ambionics @LexfoSecurite – blogs: https://t.co/cLoNdCGPU7 https://t.co/JVMLjUzTJU https://t.co/t9a5IcOXSU
Chris Bakke @ChrisJBakke
230K Followers 155 Following Meandering. Founder with exits to @X @Indeed @Zillow
Zero Day Con @zerodaycon
1K Followers 458 Following @smarttech247’s Global Cybersecurity Conference. March 11, 2025
Off-By-One Conference @offbyoneconf
1K Followers 242 Following A premier gathering of offensive cybersecurity professionals, researchers, thought leaders and innovators from around the region.
Geert Wilders @geertwilderspvv
1.6M Followers 1 Following Voorzitter Tweede Kamerfractie PVV / Member of Parliament (MP) / Chairman Party for Freedom (PVV)
Universiteit Leiden @UniLeiden
36K Followers 829 Following Wij zijn niet meer actief op X. Voor het laatste nieuws zijn we te volgen op Bluesky: https://t.co/SxjLCz4HxF
Insomni'hack @1ns0mn1h4ck
9K Followers 37 Following Security conference and hacking contest founded and organized by @orangecyberch since 2008 in Lausanne, Switzerland.
Jungroan Lin @Jungroan
21K Followers 271 Following https://t.co/jz4HVU2iNO business: [email protected]
Tytykiller @Tytykiller_
19K Followers 395 Following https://t.co/puffxN1622 Path of Exile speedrunner
Nick @withoutagout
4K Followers 76 Following CM at Grinding Gear Games for @pathofexile Opinions are my own
Roman Zabaluev @Haarolean
29 Followers 45 Following Software developer, engineer and cat enthusiast. Mostly yelling at (computing) clouds on twitter.
[email protected]... @0xdea
14K Followers 19 Following When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.
Gergely Orosz @GergelyOrosz
288K Followers 3K Following Writing @Pragmatic_Eng, the #1 technology newsletter on Substack. Author of @EngGuidebook. Formerly Uber & Skype.
Louis Nyffenegger @snyff
20K Followers 590 Following Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...
Trends for United States
35,1 B posts
48,1 B posts
38,5 B posts
20,3 B posts
25,5 B posts
6.132 posts
1.810 posts
1.650 posts
124 B posts
1.481 posts
8.996 posts
29,6 B posts
3.033 posts
1.093 posts
4.190 posts
93,3 B posts
17,7 B posts
You might like
James Kettle
@albinowax
79K Followers
Gareth Heyes \u2028
@garethheyes
37K Followers
XSS Payloads
@XssPayloads
52K Followers
Nicolas Grégoire
@Agarri_FR
27K Followers
Orange Tsai 🍊
@orange_8361
60K Followers
terjanq
@terjanq
10K Followers
Uranium238
@uraniumhacker
12K Followers
Arseniy Sharoglazov
@_mohemiv
4K Followers
PT SWARM
@ptswarm
19K Followers
Soroush Dalili
@irsdl
20K Followers
Josip Franjković
@JosipFranjkovic
5K Followers
mandatory.bsky.social
@IAmMandatory
12K Followers
pyn3rd
@pyn3rd
13K Followers
Dafydd Stuttard
@DafyddStuttard
7K Followers