Manuel Caballero @magicmac2000
Independent Security Researcher. Perpetual Student of Life :) brokenbrowser.com Buenos Aires, Argentina Joined March 2009-
Tweets212
-
Followers4K
-
Following62
-
Likes2K
MS Edge - Address Bar Spoof - cracking.com.ar/demos/edgespoo… Tested on: MS Edge 42.17134.1.0 Thanks @knowledge_2014, your question inspired me to test a bit and stumbled upon this bug.
19
318
539
0
14
Download Image
IE11 - Find out where the user is going AND what she typed into the address-bar. brokenbrowser.com/revealing-the-… Video: youtube.com/watch?v=xyzd7P…
June's update: all SOP bypasses patched, but the "reading-mode" one, IMO, incomplete. See the screenshot below, @msftsecresponse Thanks! 👍
If anyone "exploits" Edge in a sec. conf, demand her to open cmd.exe instead of calc.exe. The latter can be open without vulns at all.
@msftsecurity @googlechrome 8 days later, Chrome is patched. Issue will become public soon [ bugs.chromium.org/p/chromium/iss… ] From MSRC? Just the default thanks message. 🐢👍
IE11 - popUp blocker bypass - Combined with zombie alerts? popUps from everywhere! cracking.com.ar/demos/iepopups/ Video: youtube.com/watch?v=GemH59…
Same issue sent to both @msftsecurity and @googlechrome . Instead of testing the browser speed, let's check the patching time speed! 🐰 vs 🐢?
MS Edge - UXSS/SOP bypass. [Open/Redirect/Data]. Steal cookies, passwords and more. brokenbrowser.com/sop-bypass-uxs… Video: youtube.com/watch?v=vO6LRO…
The Intranet bug was patched, but both UXSS/SOP bypasses are still alive. Also another one is coming out soon. 👌 "Bounty" ends next week.
MS Edge - Spoofing the Malware Page was patched today *and bypassed* again. Spoof the user again! (1 byte change) 👎 cracking.com.ar/demos/edgesmar…
I didn't know that in Intranet Zone, Edge automatically opens xaml/xbap files out of the AppContainer. Interesting to jmp from Edge to IE.🐰
UXSS/SOP bypass in several programs that use the Trident engine. The IE Tab extension for Chrome is an example. youtube.com/watch?v=eDW287…
MS Edge - UXSS/SOP bypass. A different method which brings us even more bugs other than UXSS. Blog once the previous ones (2) are patched🐢
MS Edge - SOP bypass / UXSS - "Tweeting like Charles Darwin" 🤣 brokenbrowser.com/sop-bypass-uxs… One minute video: youtu.be/K3Ui3JxZGnE
Another (different!) Microsoft Edge SOP bypass on the same week! 🤓😁 Bug hunter: I will blog on the weekend. Thanks for your patience!
MS Edge - SOP bypass abusing of the reading mode view. Spoof the user! Courtesy of the read: pseudo-protocol 🤣😇 brokenbrowser.com/sop-bypass-abu…
Microsoft Edge - Detecting Installed Extensions from JS A generic method that works without manifest cooperation. 🤣 brokenbrowser.com/microsoft-edge…
MS Edge - Defeating the popUp blocker, the XSS filter and SuperNavigate with our fake ticket to the Intranet Zone 🤣 brokenbrowser.com/free-ticket-to…
MS Edge Referrer Spoof - How to spoof the referrer even after MS patch. 😱(also, inject an iframe everywhere) 😬 brokenbrowser.com/referer-spoofi…
UXSS/SOP bypass on IE: more adventures in a domainless world, thanks to incomplete and non-backported patches. 🤔😬 brokenbrowser.com/uxss-ie-domain…
Gareth Heyes \u2028 @garethheyes
37K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
@[email protected]... @SecurityMB
11K Followers 284 Following Improving the world’s security at Google. Opinions are mine.
LiveOverflow 🔴 @LiveOverflow
155K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
James Kettle @albinowax
79K Followers 92 Following Director of Research at PortSwigger aka Burp Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Will Dormann is on Ma... @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
Justin Gardner @Rhynorater
35K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
Frans Rosén @fransrosen
43K Followers 897 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Youssef Sammouda (sam... @samm0uda
37K Followers 496 Following Hacker, bug bounty hunter, guy behind https://t.co/TBAtP71Cop. 1st in Meta bug bounty program for the last 6 years. YES Team Member
James Forshaw @tiraniddo
49K Followers 339 Following Security researcher in Google Project Zero. Author of Attacking Network Protocols. Tweets are my own etc. Mastodon: @[email protected]
Soroush Dalili @irsdl
20K Followers 909 Following Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker, @SecProjectLtd founder 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐
🎻 EricLaw ➡️ B... @ericlaw
14K Followers 3K Following I moved to https://t.co/GaDsKjTVcU Twitter died. X is the Nazi bar. Hope fights in the dark.
b33f | 🇺🇦✊ @FuzzySec
33K Followers 1K Following 意志 / Antiquarian @ IBM X-Force / t501 / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
HackerOne @Hacker0x01
324K Followers 3K Following The only official HackerOne Twitter account. A global leader in offensive security solutions. #HackForGood #togetherwehitharder
Gabriel Geraldino @ggs2__
15 Followers 447 Following
Hazel @x9v9Y4FFE7Q3c
22 Followers 1K Following
Ernestina Marks @ErnestinaM18697
85 Followers 4K Following
Linnea @CGreenfeld77791
54 Followers 2K Following
sparklypeterparker @sparklypet24375
0 Followers 329 Following
Indigo 〰 @indigo79x
88 Followers 2K Following Happiness at dawn, Apple/kernel VR at dusk. Take a walk outside your head.
x86byte @x86byte
102 Followers 824 Following Low-Level Security Enthusiast ^ iOS & Windows Vulnerability Researcher & Exploit Developer 👾🥤
tmz900 @tmz900
430 Followers 1K Following
Neustradamus @neustradamus
679 Followers 3K Following #OpenSource, #Linux, #Computing, #Technology, #XMPP, #Music... https://t.co/zZdAw0RN75 | Author of the security alert about XAMPP. Thanks to all.
김빵싯 @nimdimler
1 Followers 179 Following
Souvik Dey @SouvikDey28
17 Followers 251 Following Ethical Hacker (Green Hat 🟩 👒 ) || Google, IBM , EC-Council & CISCO verified Cybersecurity || AICTE CTF Hackathon Top 30%🧑🏻💻 || Microsoft Cybersecurity 😋
James Ibrahim @JamesIb54140322
55 Followers 3K Following
UCHIHA MADARA @UCHIHA21000
1 Followers 1K Following
PPusher @p_pusher777
21 Followers 299 Following
nathan hutchison @ncreen_same
375 Followers 3K Following
rumper81 @rumper811
17 Followers 2K Following
Alex Fleming @hughesanalytics
4K Followers 1K Following Systematic Long/Short Equity S&P100, Algorithmic Futures, Financial ML.
Omar Abdul-shafy @Omar_Abdulshafy
42 Followers 1K Following They write the rules. I write the PoC. We're not the same. Old/New Acc https://t.co/lsnRCN449m
sad @sec0x25
79 Followers 3K Following
Tuan Dinh Van 🇻�... @tunadv
155 Followers 721 Following Security engineer | MSRC 2024 Q3/4 | MSRC 2025 MVR
Vinod More @vinodm41
97 Followers 2K Following Incident Response | Threat Hunting | Threat Intelligence | Threat Research | Red Teaming
Thaheet @Thaheet22slSL_
80 Followers 3K Following
Khoa Nguyen @Francis_Khoa
25 Followers 928 Following
serapath【ツ】☮(... @serapath
1K Followers 3K Following 🌈 @playproject_io 🧙🏽 @wizardamigos 🌱 @datdotorg 🔮 @dat_ecosystem 🦩 npub18y99ww94dkscfzwvvuk60sn9fyzqj66kpjj7cpvplp 🦣 @[email protected]
Shruti Dixit @rudyerudite
430 Followers 710 Following Security researcher by profession, bibliophile by passion 💻📖
Alyse @Bellebytes
2K Followers 2K Following Executive Director of Security Red Team #GXPN #GMOB / I also sing for a band called LYLVC
sarasa @OtroBoludoMas
113 Followers 2K Following
Biston @biston_c_k
420 Followers 6K Following Researcher in Mathematics and Theoretical Computer Science
@tawanan90000 @tawanan90000
119 Followers 2K Following
0xJay @0SPwn
1K Followers 177 Following 18, Security Consultant, Contracted OffSec Web App Trainer @hackthebox_eu & BSIDES 2023 Speaker @BSidesCymru
Ilyas @Cyber78678
1K Followers 1K Following Organization: @WebW0nders | Content Creator | Bug bounty Hunter | Full stack developer
Naman Devnani @naman_devnani
418 Followers 7K Following Security Researcher | Purple Team | Bug Hunter | CTF Player | Science & Tech Enthusiast | R&D | All-Source Intelligence | CAP | DCSP | TTIA | BCDE | COL
Dan Iskandarov @0xOnit3ngu
109 Followers 4K Following
Gareth Heyes \u2028 @garethheyes
37K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
@[email protected]... @SecurityMB
11K Followers 284 Following Improving the world’s security at Google. Opinions are mine.
James Kettle @albinowax
79K Followers 92 Following Director of Research at PortSwigger aka Burp Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Will Dormann is on Ma... @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
James Forshaw @tiraniddo
49K Followers 339 Following Security researcher in Google Project Zero. Author of Attacking Network Protocols. Tweets are my own etc. Mastodon: @[email protected]
🎻 EricLaw ➡️ B... @ericlaw
14K Followers 3K Following I moved to https://t.co/GaDsKjTVcU Twitter died. X is the Nazi bar. Hope fights in the dark.
b33f | 🇺🇦✊ @FuzzySec
33K Followers 1K Following 意志 / Antiquarian @ IBM X-Force / t501 / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
XSS Payloads @XssPayloads
52K Followers 0 Following
Stephen Wolfram @stephen_wolfram
175K Followers 4 Following Creating ideas, technology, science, companies, books, ... #WolfLang #WolframPhysics #WolframAlpha #Mathematica @WolframResearch
Jorian @J0R1AN
2K Followers 359 Following Normalize being weird. (also here: https://t.co/cr9Y0kDEBi)
pspaul @pspaul95
1K Followers 851 Following source code connoisseur @Sonar_Research | CTF @FluxFingers | @[email protected]
rebelEducator @rebelEducator
140K Followers 310 Following Corrupting the youth. Enthusiasts exploring the future of learning. Follow for ideas on how to improve your child’s education.
Macro Charts @MacroCharts
183K Followers 952 Following 30 years in markets. ex-Fund Manager, now independent. Writing about BIG trends & ideas.
Nassim Nicholas Taleb @nntaleb
1.1M Followers 2K Following Flaneur: probability (philosophy), probability (mathematics), probability (real life),Phoenician wine, deadlifts & dead languages. Greco-Levantine.Canaan. #RWRI
Paul Graham @paulg
2.1M Followers 774 Following
Alex Fleming @hughesanalytics
4K Followers 1K Following Systematic Long/Short Equity S&P100, Algorithmic Futures, Financial ML.
Retro Tech Dreams @RetroTechDreams
200K Followers 280 Following Retro tech, early web & vintage computing. 80s, 90s, 2000s nostalgia. Follow for daily posts.
Gal Weizman @WeizmanGal
2K Followers 529 Following Security (Browser / JavaScript / Client-side) | Focusing on the “Same Origin Concern” | Unfriendly to iframes at @metamask’s LavaMoat 🌋
harisec @har1sec
8K Followers 3K Following Interested in web security, bug bounties, machine learning and investing. SolidGoldMagikarp. Orson Kovacs.
Dmitry Vostokov 🇮�... @DumpAnalysis
8K Followers 6K Following Diagnostician. Author of Diagnomicon. Gang of One. Software Surgeon. Machine Learning and AI for Software Diagnostics and Observability. Generative Debugging.
Amit Sheen @amit_sheen
6K Followers 529 Following Experienced web developer, specializing in design systems, animation, and creative coding. Passionate about pushing CSS to its limits.
Lukas Stefanko @LukasStefanko
24K Followers 695 Following Malware Researcher at @ESET Android security, malware analysis, app vulnerability research https://t.co/dnQvb9BCZj
Richard Johnson @richinseattle
18K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFH
Ricardo Quesada @ricardoquesada
3K Followers 489 Following Maker, Retro aficionado, software / firmware / hardware, electronics, sewing / embroidery machine, unicyclist, unijoysticle, bluepad32, cocos2d, more.
Joshua J. Drake @jduck
28K Followers 2K Following Securing the future through modern technology. Founder and Software Security Specialist at @magnetitesec
Catalin Cimpanu @campuscodi
107K Followers 2K Following Parked account. I don't usually post here on a regular basis. Cybersecurity reporter. Check me out on BlueSky and Mastodon.
Francisco Müller Ama... @famato
11K Followers 9K Following Co-Founder @faradaysec & @ekoparty security conference. #Evilgrade https://t.co/RaqeRoRD1O $home 🌍🇦🇷 Merlo Valley
Matias Soler @gnuler
882 Followers 377 Following CTO @ MaxwellSec | Security Researcher | Formerly @ImmunityInc & @Intel | Figuring out how things work, reversing one puzzle at a time
Sebastian Fernandez @snfernandez
1K Followers 563 Following Ex-hacker. Mostly EVM these days. Security and optimization for fun and profit at @BitFinding. Previously at @Microsoft, @MarshallWace.
. @R00tkitSMM
11K Followers 713 Following
Tavis Ormandy @taviso
130K Followers 631 Following Vulnerability researcher at Google. This is a personal stream, opinions expressed are mine. I'm also @[email protected]
alex @insertScript
7K Followers 209 Following @[email protected] # https://t.co/liE6hop4OX Array(10).join('a'-1)+ Batman! #Cure53
KT @koczkatamas
4K Followers 926 Following Security Engineer @ Google (personal account, opinions are my own!). ex-Tresorit. Ex-captain of @SpamAndHex CTF team.
Paulos Yibelo @PaulosYibelo
5K Followers 379 Following security researcher , prev @octagonnetworks , haxor 🗺🦉/, I haxor everything I touch.. Disclaimer: I speak for my self
Katie🌻Moussouris (... @k8em0
110K Followers 10K Following @LutaSecurity CEO @payequitynow MIT&Harvard visiting scholar, @MasonNatSec fellow, 1/2 Chamoru, hacker @k8em0.bsky.social Legacy blue check
Eduardo Vela @sirdarckcat
12K Followers 602 Following not mad. mentally divergent. personal profile, opinions my own. everything I say is probably wrong. 🐘 @[email protected]
Johnathan Norman @spoofyroot
5K Followers 335 Following Security research and engineering lead at @microsoft. on mastodon: https://t.co/YfJkktByFv and @spoofy.bsky.social not posting here anymore.
Nasko Oskov @nasko
3K Followers 1K Following Security geek with his own views and opinions. Hacking on Chromium to make it more secure, increasing the cost for attackers. @[email protected]
zenhumany @zenhumany
1K Followers 1K Following browser security researcher;virtualization security researcher
Ivan Fratric 💙💛 @ifsecure
18K Followers 207 Following Security researcher at Google Project Zero. Author: Jackalope, TinyInst, WinAFL, Domato. PhD. Tweets are my own. Backup @[email protected]
Jun Kokatsu @shhnjk
6K Followers 117 Following Hacking the Web, Browsers, and Agents. Opinions are my own.
PhysicalDrive0 @PhysicalDrive0
16K Followers 922 Following Malware Hunter / I've already taken the red pill!
hasherezade @hasherezade
89K Followers 910 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)Trends for United States
122 B posts
26,4 B posts
1.150 posts
2.777 posts
17,1 B posts
3.900 posts
33,6 B posts
8.371 posts
1.356 posts
58,5 B posts
58,6 B posts
1.286 posts
3.383 posts
45,8 B posts
287 B posts
22,8 B posts
82,3 B posts
83,5 B posts
49,2 B posts
You might like
Jun Kokatsu
@shhnjk
6K Followers
Gareth Heyes \u2028
@garethheyes
37K Followers
Josip Franjković
@JosipFranjkovic
6K Followers
mandatory.bsky.social
@IAmMandatory
12K Followers
Ivan Fratric 💙💛
@ifsecure
18K Followers
alex
@insertScript
7K Followers
koto
@kkotowicz
9K Followers
Eduardo Vela
@sirdarckcat
12K Followers
Abdulrahman Alqabandi
@Qab
6K Followers
Masato Kinugawa
@kinugawamasato
15K Followers
Michael Stepankin
@artsploit
7K Followers
Mathias Karlsson
@avlidienbrunn
17K Followers
Hossein Lotfi
@hosselot
6K Followers
Justin Kennedy
@jstnkndy
8K Followers