shubs @infosec_au
Co-founder, security researcher. Building an attack surface management platform, @assetnote assetnote.io halcyon Joined August 2013-
Tweets4K
-
Followers49K
-
Following2K
-
Likes10K
I'm helping build HackerOne's Australia club. If you're in Australia and want to join, head over to h1.community/australia-hack… We aren't participating in AWC 2024 this year, but the plan is to build our community and participate next year :)
SourceForge: Vulnerability in import feature leads to RCE! 🔥 Cybercriminals could have compromised SourceForge entirely, targeting millions of users worldwide through malicious software downloads. Read more in our latest blog post: sonarsource.com/blog/dangerous… #appsec #security
Great post from the Rapid7 team with a detailed analysis of the most recent PAN-OS critical bug.
Great post from the Rapid7 team with a detailed analysis of the most recent PAN-OS critical bug.
I'm grateful that I have a network of people who enjoy hacking as much as I do; even in hard times, I can always push boundaries. Working on a difficult target and seeing results makes it all worth it.
A short article from me dedicated to a topic that receives little attention in the community. Hopefully, it will be useful to someone. blog.slonser.info/posts/ipv6-zon…
We've got another 2.5 hour podcast for you this week - this time featuring our boi, @samwcyo! Sam is one of the most legendary hackers around and this time we double clicked into his motivation for these crazy hacks and the methodology behind them. Enjoy ctbb.show/65
I've written up an unintended and (IMO) novel solution for picoCTF 2024 "Elements" - an XSS and CSP bypass challenge by @EhhThing . Check the tl;dr spoilers in the post if you want to know if it's up your alley, but I think it was super cute! justinsteven.com/posts/2024/04/…
The setup behind the CVE-2024-3094 supply-chain attack is fascinating. I originally wanted to finish and share a tool to audit other OSS projects for anomalous contributor behavior, but I feel what I found trying to MVP it is way more interesting. 🧵 1/25 gist.github.com/rubyroobs/77cc…
Does anyone have an account on apigee.com with an organization set up there? It would really help with some research I am doing. Can you please DM me if you have an org on apigee.com (not gcloud).
More details about the vulnerability I brought to last p2o (which is not success) Many lessons were learnt from this failure Hope it will help someone who’s working as a system admin or a researcher testbnull.medium.com/sharepoint-not…?
I can't believe so many people are sleeping on this research: code-white.com/blog/leaking-o… Code White again smashes it out of the park with their meticulous knowledge of software stacks. I have so much respect for them publishing this. Nice work, @mwulftange!
Today we disclosed serious security issues our team discovered in over three million hotel locks that could allow anyone to create master keys. We’ve been working on this for almost two years to ensure it’s fixed responsibly. Thanks to Andy for the great coverage!
Today we disclosed serious security issues our team discovered in over three million hotel locks that could allow anyone to create master keys. We’ve been working on this for almost two years to ensure it’s fixed responsibly. Thanks to Andy for the great coverage!
@steventseeley @frycos This one is for you 😉 github.com/codewhitesec/H…
Huge thanks to @davidbombal for covering the past car hacking research from @_specters_ @bbuerhaus @xEHLE_ @iangcarroll @sshell_ @infosec_au and I. David and his team put in a ton of effort to research this and asked some great questions. More than happy to share the fun stories.
Huge thanks to @davidbombal for covering the past car hacking research from @_specters_ @bbuerhaus @xEHLE_ @iangcarroll @sshell_ @infosec_au and I. David and his team put in a ton of effort to research this and asked some great questions. More than happy to share the fun stories.
At @assetnote, our security research team has worked tirelessly to build capabilities to exploit CVE-2024-21762, a pre-auth RCE vulnerability in FortiGate SSLVPN. 150k+ instances of this on the internet. Dylan explained his journey in our blog: assetnote.io/resources/rese…
🔒 Hackers, rejoice! 🎉 Unveiling the recording of Andre Baptista’s (@0xacb) groundbreaking talk at #BSidesAhmedabad2023! 💻 YouTube Link: youtu.be/GSfJ3Sf24ZQ?fe… Explore the world of REcollapse and its game-changing tactics for zero-interaction account takeovers and web…
I gave a keynote talk for BSides Ahmedabad last year. Not many people know, but my family is from Gujarat, so it was really special to give this talk. I thank the organizers for giving me the opportunity to speak to such a special crowd.
I gave a keynote talk for BSides Ahmedabad last year. Not many people know, but my family is from Gujarat, so it was really special to give this talk. I thank the organizers for giving me the opportunity to speak to such a special crowd.
Our security research team at @assetnote discovered CVE-2023-5914 & CVE-2023-6184 in Citrix StoreFront and Citrix Session Recording. Customers of Assetnote's ASM responded rapidly to these vulnerabilities as they were the first to know. Blog: assetnote.io/resources/rese…
I've been using @WeaselJs for the last year, and I'm so stoked that @CharlieEriksen is receptive to feedback and works hard for his users. Some of the best support I've ever had. Great product.
🎁 Source Code Disclosure in IIS 10.0! Almost. There is a method to reveal the source code of some .NET apps. Here's how it works. 👉 swarm.ptsecurity.com/source-code-di…
Intigriti @intigriti
155K Followers 644 Following Global Bug Bounty & VDP Platform. 🌐: https://t.co/fgCupJckrW ▶️: https://t.co/lRfCzZBgb7 👾: https://t.co/Inf7N9VQIlBen Sadeghipour @NahamSec
197K Followers 1K Following Cofounder @hackinghub_io, Advisor @Trick3st @CaidoIO. I hack companies and make content about it. Bug Bounty Village & #NahamCon organizer. ex @hacker0x01🇮🇷Sam Curry @samwcyo
77K Followers 948 Following Hacker, bug bounty hunter. Run a blog to better explain web application security.The XSS Rat - Uncle R.. @theXSSrat
128K Followers 888 Following Alone we survive, together we prosper. Are you with me? https://t.co/AfnDsVhqqAbugcrowd @Bugcrowd
161K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™Jason Haddix @Jhaddix
147K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. @arcanuminfosec 18 years hacking + sec leadership. ex:BuddoBot-Ubisoft-Bugcrowd-Fortify-HP-Redspin-Citrix.Joseph Thacker @rez0__
49K Followers 869 Following the promptfather. christian. hacker. hobby jogger. principal ai engineer @appomnisecurity.hakluke @hakluke
88K Followers 2K Following Hacker, bounties, entrepreneur. I help cybersecurity companies produce amazing content for their blogs and socials. Founder of: @haksecio and @hacker_contentKatie Paxton-Fear @InsiderPhD
82K Followers 2K Following Dr, apparently. Creator @traceableai, Lecturer & Hacker. #BugBounty hunter & #infosec YouTuber. APIs & Interlinked OffSec, PhD in AI+Sec @hacknotcrime. she/herSTÖK ✌️ @stokfredrik
127K Followers 1K Following Hi.. im that hacker / creative that your friends told you about. Creative Director & Hacks all the things at @truesecNathaniel @nnwakelam
38K Followers 1K FollowingHussein Daher @HusseiN98D
43K Followers 151 Following Entrepreneur, Hacker 🇱🇧🇨🇮 @WebImmunify 27th/270000 BugCrowd Hacking PlatformInfoSec Community @InfoSecComm
38K Followers 636 Following Largest InfoSec publication with 30k+ followers and 1M+ monthly views. 3rd edition of @IWcon_ happening in December 2023!Harsh Bothra @harshbothra_
42K Followers 663 Following Freelance Pentester & Consultant • Cobalt Core Lead & Pentester • Author • Speaker • Blogger • SecurityExplained • Project Bheem • Learn365 • Views are personalFarah Hawa @Farah_Hawaa
44K Followers 842 Following security analyst @fbsecurity | part-time bug hunter | content creator | she/her | views = mineJulien | MrTuxracer �.. @MrTuxracer
30K Followers 417 Following Freelancer | Full-time #BugBounty | @Hacker0x01 H1-Elite & $1,500,000 Hacker | ❤️ IDA Propayloadartist @payloadartist
34K Followers 288 Following Tweeting about Application Security, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my ownMd Ismail Šojal @0x0SojalSec
22K Followers 4K Following Cyber_Security_Researchers || 0SINT || Digital Forensics System Analysis / incident Response II Pwn || GH0ST_3xP10iT || 0ld Accounts Suspended @0xSojalSec ||nuy @0xnuy
4 Followers 128 Following Life stored in my PC. Hacking is my passion "1 | Bug Hunter | Senior Cybersecuritymostafa Elserry @ElserryMos51616
23 Followers 460 Followingاحسانـــــ�.. @TheFreyja_
373 Followers 264 Following You can find my pure soul, deep thoughts and chaotic mind here...Do @DoDorisa74964
0 Followers 89 Followingmegopigs @megopigs1
63 Followers 524 Followings0ufi4n3 @s0ufm3l
2 Followers 117 FollowingKhaja Faiz @KhajaFaiz4
0 Followers 40 FollowingSoftware Developer @dmkavanagh
2K Followers 6K Following Software Developer for 44+ years currently involved in Java, AppSec, Rancher, Storm, AWS, Kubernetes, Kafka, Cryptography, BA, BSCS, MSCS, GoTerps!, Go Joe!d4m4d4 @d4m4d44
2 Followers 111 Following | programmer | hacker |full stack web developer | hackthebox | tryhackmeJohn Franco Saraceno @jfsaraceno
215 Followers 2K FollowingWIΞST ¯\_(ツ)_/¯ @w3stw0rld
17 Followers 1K FollowingLOGU_JK @LoGU85572123
17 Followers 319 Following121 @121Beyond
30 Followers 787 Following0xMahmud @cybersheikhhh
4 Followers 299 Following !maginary , Muslim , #cybersecurity , #computerscience , security researcheraprilliar @aprilliar13
64 Followers 52 Following In the blink of an eye, April, when we met, is approaching. April is coming without you.Jimmy Ferrari @JimmyFerrari8
662 Followers 5K Following Crypto miner stock investor and interested in CryptocurrenciesFrank Cash @frankcashhh
47 Followers 157 FollowingElectronicsseeker @libertarian108
8 Followers 1K Followingazizk @realazizk
6 Followers 167 Followingzxvc @zxcv_zxvc
0 Followers 28 FollowingNassir Ghraizi @NassirGhraizi
2 Followers 145 FollowingMd. Akram Hossen @MdAkram39170379
3 Followers 46 Followingسفر سعيد عي�.. @sfrghmdi
349 Followers 490 Followingsushant @sushant71064275
1 Followers 92 Followingnikhil narayan @nikhilnarayan91
1 Followers 34 Followingbeige @0xbeige_
1 Followers 101 FollowingRobot .Bot @RobotBot314414
52 Followers 444 FollowingNeda @Neda62455817
9 Followers 80 Following𝗛𝘂𝗺𝗮𝗻 .. @secguro
20K Followers 1K Following Try to keep up! BREAKING & up to the minute #news, #cybersecurity tips and #technology best practices. Visit website for more. #cyber #infosec #humanfirewallAzazzi @Azazzi9
9 Followers 65 FollowingD@n!3l @20_04D
145 Followers 1K Following Cybersecurity Enthusiasts/ crypto enthusiasts/ Arsenal dude, working towards greatness.Q @Q7520994033543
1 Followers 17 FollowingNikhil Sahoo @nikhilsahoo1232
43 Followers 309 Following Security Engineer @ Microsoft | Application Security | Pentester | SAST | DASTAnachronist @Anachronis43313
27 Followers 587 FollowingMohammed Ouahman @OuahmanMohammed
6 Followers 109 Following I m a Data Scientist in the e-commerce industry, I like to analyze data and predict the future of data.K @huynv28
122 Followers 1K FollowingYusuph @T3chnocr4t
450 Followers 626 Following Aspiring SECURITY Researcher 📊.. {} I works in the shell 💻teja @teja72725248621
0 Followers 1 FollowingBen Sadeghipour @NahamSec
197K Followers 1K Following Cofounder @hackinghub_io, Advisor @Trick3st @CaidoIO. I hack companies and make content about it. Bug Bounty Village & #NahamCon organizer. ex @hacker0x01🇮🇷PentesterLab @PentesterLab
153K Followers 0 Following We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!Sam Curry @samwcyo
77K Followers 948 Following Hacker, bug bounty hunter. Run a blog to better explain web application security.bugcrowd @Bugcrowd
161K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™Jason Haddix @Jhaddix
147K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. @arcanuminfosec 18 years hacking + sec leadership. ex:BuddoBot-Ubisoft-Bugcrowd-Fortify-HP-Redspin-Citrix.Joseph Thacker @rez0__
49K Followers 869 Following the promptfather. christian. hacker. hobby jogger. principal ai engineer @appomnisecurity.hakluke @hakluke
88K Followers 2K Following Hacker, bounties, entrepreneur. I help cybersecurity companies produce amazing content for their blogs and socials. Founder of: @haksecio and @hacker_contentKatie Paxton-Fear @InsiderPhD
82K Followers 2K Following Dr, apparently. Creator @traceableai, Lecturer & Hacker. #BugBounty hunter & #infosec YouTuber. APIs & Interlinked OffSec, PhD in AI+Sec @hacknotcrime. she/herSTÖK ✌️ @stokfredrik
127K Followers 1K Following Hi.. im that hacker / creative that your friends told you about. Creative Director & Hacks all the things at @truesecNathaniel @nnwakelam
38K Followers 1K FollowingHussein Daher @HusseiN98D
43K Followers 151 Following Entrepreneur, Hacker 🇱🇧🇨🇮 @WebImmunify 27th/270000 BugCrowd Hacking PlatformFarah Hawa @Farah_Hawaa
44K Followers 842 Following security analyst @fbsecurity | part-time bug hunter | content creator | she/her | views = mineJulien | MrTuxracer �.. @MrTuxracer
30K Followers 417 Following Freelancer | Full-time #BugBounty | @Hacker0x01 H1-Elite & $1,500,000 Hacker | ❤️ IDA Propayloadartist @payloadartist
34K Followers 288 Following Tweeting about Application Security, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my ownYassine Aboukir 🐐 @Yassineaboukir
26K Followers 338 Following HackerOne Top 20, Pentest Lead, Ambassador, MVH Title and Hacker Advisory Board • Digital Nomad • Aspiring Athlete.Bug Bounty Reports Ex.. @gregxsunday
39K Followers 555 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.Tuan Anh Nguyen 🇻�.. @haxor31337
13K Followers 2K Following 28 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @BugcrowdHackerOne @Hacker0x01
289K Followers 3K Following The only official HackerOne Twitter account. Peace of mind from security's greatest minds. #HackForGood #togetherwehitharderDominic Alvieri @AlvieriD
14K Followers 293 Following Cybersecurity analyst and security researcher. Deleted my own Facebook & hacked yours. #cybersecurity #infosec https://t.co/jpm0COr5fYt.j. miller @nottjmiller
273K Followers 925 Following Comedian. Died in 2010 of an AVM. The “MOSTLY EUROPE WORLD TOUR” begins May 10th in Paris- tickets on my website. Have you seen Gorburger? Look it up.pizzapower @pizzap0w3r
47 Followers 295 Following You've never heard of me. You don't know me. I'm nobody. See what I'm doing at https://t.co/KGSWIR6wbiAnkita Gupta @ankitaiitr
1K Followers 1K Following Cofounder and CEO @aktodotio | @iitroorkee @DartmouthWill C @WillCaruana
2K Followers 1K Following I'm a security hobbyist, maker of things, high voltage enthusiast and a hacker of cars. (he/him) You can call me at 617-440-8667Lennert @LennertWo
4K Followers 1K Following PhD Researcher @CosicBe | Hardware Security @[email protected]crazyman_army @CrazymanArmy
6K Followers 3K Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities opinions are own not groupEqqie @Eqq111e
789 Followers 361 Following aka 赤道企鹅🐧 / Binary Security Researcher / Fuzzing Test / IoT, NFV Sec / Virtualization / UCAS / CTF pwner of L-team & El3ctronic & Never Stop ExploitingGunnar Andrews @G0LDEN_infosec
3K Followers 771 Following Hack Stuff | Code Stuff | Fitness | Kaizen OSCP | OSWA | OSWE https://t.co/4lgaVGZxd0 https://t.co/4JbA2DgF90 https://t.co/uY8NkPXaqAPrashant Mahajan @prashant3535
1K Followers 499 Following InfoSec Professional | Trainer | Developer | ADRecon | AzureADRecon | Payatu Australia | OzHackGal Weizman @WeizmanGal
1K Followers 464 Following Browser JS {App} Security @MetaMask 🦊 & LavaMoat 🌋 | Creator of Snow JS ❄️ | Sometimes finds CVEs, no longer on purpose | In a toxic relationship with iframesValeriy @Krevetk0Valeriy
3K Followers 661 Following Security enthusiast, bug bounty hunter at @Hacker0x01 and @Bugcrowd https://t.co/RjYvPJaXTW https://t.co/dkUfA2vyweDominik Penner @zer0pwn
6K Followers 2K Following principal security consultant @mandconsulting_. former ssc @nccgroupinfosec. co-founder @hackerschange. vulnerability researcher in the pursuit of knowledgeStephen Fewer @stephenfewer
8K Followers 208 Following Principal Security Researcher @rapid7. Decompiler @relyze. Core @metasploit dev 2009 - 2013. MSRC Top 100 2015. Pwn2Own 2011 & 2021.@levelsio @levelsio
418K Followers 1K Following 🦄https://t.co/sQ0aiU7v02 $202K/m 💆https://t.co/AoNP9BW2Dp $3K/m ✨https://t.co/BmbkrX4Zyf $0.1K/m 📸https://t.co/lAyoqmSBRX $57K/m 🖼https://t.co/1oqUgfD6CZ $44K/m 🌍https://t.co/BjTozWAXwG $27K/m 🛰https://t.co/ZHSvI2wjyW $51K/mKei0x @Kei0x
8K Followers 508 Following Founder @ AIKOCorp. Infosec/AI. Weeb Exploit Developer. Perpetually Tired. Follow requests generally ignored unless you radiate The VibeHammad 🇵🇰🇵�.. @Hammad7361
3K Followers 121 Following Bug bounty hunter on @Bugcrowd | https://t.co/ZzgPZQzdTpRico J (infosec.excha.. @0Rickyy0
156 Followers 394 Following SOC Analyst, Programmer, Interested in infosec, malware analysis and other IT related stuff | https://t.co/m29wZBaQE2 | vi/vimLorenzo Pirondini @LorenzoPirondin
227 Followers 2K FollowingBrunoZero @BrunoModificato
1K Followers 383 Following CTFer for: @Water_Paddler( 💦) / Security auditor for @osec_io 🦦 my writeups: https://t.co/XurIhbWdj7 23yMehmet INCE @mdisec
30K Followers 2K Following Sr Vulnerability Researcher. Co-founder of @PRODAFT. Muay Thai fighter of Team Tieu.Alyse @Bellebytes
1K Followers 1K Following Red Team Director #GXPN #GMOB / I also sing for a band called LYLVCKévin - Mizu @kevin_mizu
3K Followers 649 Following Vulnerability researcher 🐛 | CTF with @HexagonCTF, @rhackgondins 🦦 | Team FR 2023 🇫🇷 | https://t.co/sEBb6VnMrmJenish Sojitra @_jensec
16K Followers 575 Following Security & Finance. HackerOne Top 20 Hackers of all Time. Security at Exodus.Jia Hao @Chocologicall
478 Followers 263 Following Web Security Researcher @starlabs_sg | Patience is a virtue. Every puzzle has an answer. | Opinions expressed are of my own.Mohamed Mahmoudi @medmahmoudi_619
201 Followers 154 Following Full time hacker with pentesting and web development backgroundbsysop @bsysop
4K Followers 880 Following If you can dream with it, you can do it🤘🏻! TOP14 @bugcrowd, TOP12 P1 Warrior 🚀 https://t.co/4PRRx7QQaH 🤟🏻 https://t.co/eehzMtCJO4SECUINFRA FALCON TEAM @SI_FalconTeam
2K Followers 85 Following Insights from the Digital Forensics/Incident Response and Threat Research Team at SECUINFRA. We regularly publish reports, detection rules and other findings!Nitesh Dhanjani @nitesh_dhanjani
1K Followers 342 Following Cybersecurity Executive, Author, & ResearcherJayesh Madnani @Jayesh25_
11K Followers 354 Following CEO and Hacker in charge @ EIS | HackerOne Top 15 | https://t.co/JSX03WutFNFelipe Warrener-Igles.. @fwrnr
2K Followers 258 Following flexing on computers, every bone and muscleAdam Djemai @AdamDjemai1
58 Followers 75 FollowingJavier Corral @corraldev
2K Followers 881 Following Full time bug bounty hunter | Software Engineer | Short steps, long vision. 📈 Crackonce founderMatt Strahan @matt_strahan
188 Followers 93 Following Co-founder/Managing Director of Volkis. Security guy.Aaron Costello @ConspiracyProof
2K Followers 298 Following Irish 🇮🇪 SaaS Security. Opinions may be that of James Joyce or Samuel Beckett who occasionally channel their spirits through me.mhmd berro (badcracke.. @badcrack3r
4K Followers 260 Following 21 Years old. Researcher at hackerone. Known as badcracker. Listed at more than 100 companies hacker's hall of fame.New video! This one shows how the @Jhaddix discord helped me tune CloudRecon, and how I use it to scrape certificates across all IPv4 IPs! youtu.be/neXwq_0hlfE
Using a combination of tools we enumerated subdomains and paths on those subdomains with wordlist from assetnote. After which we had a few hits 1 interesting one being ebr.curaleaf.com/api/logs
Reproduced DOMPurify 3.1.0 bypass, but my payload requires two mutations. Has anyone managed to trigger it with a single mutation?
Some really interesting data points will start being exposed for better transparency across the industry. Very excited 🎉
No stream today guys sorry 😢 I got stuck doing yardwork! We can send a Friday stream tomorrow 🔥🔥
CVE-2024-4040 | AttackerKB - attackerkb.com/topics/20oYjlm…
@mongobug is the greatest
@justdionysus Solved it (a friend sent it to me) and it was pretty fun and different :) ty
i am in Dubai attending #gisec if any of you are around and would like to meet up.
Thank you @salesforce and @Hacker0x01 for the opportunity! This LHE definitely was one for the books! 📚 Very honored and grateful to receive a second MVH award, 7 (!) years after my first one (2017) and 5 (!) years after participating in my last H1 LHE (2019) 🙏🙏🙏
The first batch of #H165 winners are here! On behalf of the HackerOne and @salesforce teams, thank you for your hard work. 💪 1st Place: arneswinner 3rd Place: ngocdh Eliminator: matanber Exterminators: shubs, ziot, nahamsec, ryotak Most Valuable Hacker: arneswinner
How to optimize your bug bounty programs helpnetsecurity.com/2024/04/22/roy…
Gratitude.. for all the experiences & everyone that has supported me on my content creation / hacking journey so far. With the house sold, the store closed, the studio rented out. We now embark on a new adventure with no address, two dogs & a camper van. here’s to uncertainty ✌️
Calling bug bounty hunters 🥷 in Hanoi and Ho Chi Minh areas to participate in HackerOne's biggest Ambassador Worldcup 2024 event of the year 🔥 If you want to try your hand at difficult targets and collaborate in a strong, experienced community. Please join us 🇻🇳 🤝💰💪 @LamScun
want every dinner to taste as good as @samyscurry on Dempsey Road, Singapore