Thiện Nguyễn @trthienn
Joined November 2017-
Tweets103
-
Followers37
-
Following892
-
Likes175
Collision – The VNG Security Response Center was able to execute a 2-bug chain against the QNAP TS-464. However, the exploit they used was previously known. They still earn $5,000 and 1 Master of Pwn point. #Pwn2Own
1/2 As part of Verichains Responsible Vulnerability Disclosure, we are releasing our public advisory VSA-2022-100 on a critical vulnerability on @Tendermint_Core regarding an Empty Merkle Tree Vulnerability in IAVL proof. Read the advisory here: blog.verichains.io/p/vsa-2022-100…
We're really happy to share our improvements and some experiments for the CookieMonster tool. Weaponizing Monster for Cookies Attacks: vsrc.vng.com.vn/blog/weaponizi… Also include burp-extender plugin for burp suite. Hope you guys enjoy it. ~Cheers, VSRC
Ladies and Gentlemen: The new Dojo opens to welcome black belt Hackers to fight for honor!!! #VSRC Liferay revisited: A tale of 20k$. vsrc.vng.com.vn/blog/liferay-r… Hope you guys enjoy it and stay tuned for more technique writeups / blogs / exploits ... will come. ~Cheers, VSRC
Nice work, @ykco_z strikes again! This time smuggling AJP like a pirate! noahblog.360.cn/apache-httpd-a…
As promised, I and @testanull publish our adventure last year. Hope you enjoy it ! peterjson.medium.com/miracle-one-vu…
frycos.github.io/vulns4free/202… I wrote it...hopefully not too confusing but full of security code audit methods. Enjoy.
frycos.github.io/vulns4free/202… I wrote it...hopefully not too confusing but full of security code audit methods. Enjoy.
(10/10) Read about the full discovery here > orca.security/resources/blog…
mortar: evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR) 'Mortar Loader performs encryption and decryption of selected binary inside the memory streams and...' #pentest #redteam #infosec github.com/0xsp-SRD/mortar
AWS Cloud Security Challenges blog.securitylabs.tech
writeups/Confluence-RCE.md at main 'CVE-2021-26084 Remote Code Execution on Confluence Servers' #infosec #pentest #redteam github.com/httpvoid/write…
.NET Remoting Revisited – playing around with .NET Remoting led @mwulftange to new insights, some enhancements for @tiraniddo's #ExploitRemotingService, a new universal #YSoSerialNet ObjRef gadget and its counterpart #RogueRemotingServer (1/2) codewhitesec.blogspot.com/2022/01/dotnet…
PR0CESS/miniGhosting at main #infosec #pentest #redteam github.com/aaaddress1/PR0…
While everyone was focused on #log4j, @exploitph showed us how to escalate privileges from a regular domain user to full domain access leveraging CVE-2021-42278 & CVE-2021-42287. I wrote a quick blog post with some hunting ideas. #ThreatHunting #BlueTeam medium.com/@mvelazco/hunt…
github.com/CHYbeta/Vuln10… 私人安全小圈子topic 20 推流 personal security/bugbountytips/trick/cve channel (in chinese)
Red Teaming Gitbook Notes kwcsec.gitbook.io/the-red-team-h…
I've just published a guide about how attack Active Directory, putting in there what I think a pentester should know (attacks/protocols/etc) about AD. I hope you find it useful zer1t0.gitlab.io/posts/attackin…
Dumping Lsass without Mimikatz - old technique but have been seeing TAs also use this in environments: Step1: tasklist /fi "Imagename eq lsass.exe" Step 2: C:\Windows\System32\rundll32.exe C:\windows\System32\comsvcs.dll, MiniDump <PID> \Windows\Temp\<name>.dmp full
Sharing a partially redacted PEM online is the same as sharing the PEM. In this blog post, we show that with partial exposure of a PEM, private data can be extracted to recover the full private key.
Sharing a partially redacted PEM online is the same as sharing the PEM. In this blog post, we show that with partial exposure of a PEM, private data can be extracted to recover the full private key.
Cache-Key Normalization: What could go wrong? I'm excited to finally release my first write-up. It presents a new Cache Poisoning DoS technique which shows how the normalization of the cache-key can be abused: iustin24.github.io/Cache-Key-Norm…
EllaBobby @10abki1uItxG1u
95 Followers 3K Following
Harry Do @concabe_
6 Followers 656 Following
Quang Vo @mr_r3bot
801 Followers 805 Following OutputDebugString(L"Till no more bug") . Tweets are my own
Leo @Leo0ab
11 Followers 112 Following
Red Perfect @redperfect1847
46 Followers 2K Following
Nguyen The Duc @ducnt_
3K Followers 383 Following Just another web warrior ⚔️ Security Researcher ۞ Principal Security Engineer @Verichains ۞ Pwn2Own 2023 ۞@vnsec squad ۞ 💰https://t.co/wuyz6IfAbA ۞ nano 💻
cassidy6564 @cassidy6564
402 Followers 614 Following Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. bug hunter,chrome security,android security,0-day,exploit
Martin Nguyen @_strongcourage
1K Followers 5K Following Offensive Security Researcher | OSCP, PACES | 🇻🇳🇸🇬🇫🇷🇦🇺🇩🇪🏴🇧🇪🇪🇸🇷🇸🇬🇷🇳🇱🇮🇹🇮🇪🇪🇪🇵🇹🇦🇹🇸🇰
That Pham @vanthatis1
0 Followers 83 Following
Khoa Dinh @_l0gg
2K Followers 119 Following
Cycode | Complete ASP... @CycodeHQ
1K Followers 4K Following Complete ASPM providing visibility, prioritization & remediation at scale. Standardizes developer security without slowing down the business.
Daksh eduworld @DakshEduworld
0 Followers 3 Following
🅴🅼🅼🅰 🆂... @Emma_20757
37 Followers 2K Following Do you want to see my sexiest photo? Add me and wait for a very nice surprise in Direct 👄👗😚
Alibaba Security Resp... @AsrcSecurity
4K Followers 3K Following Alibaba Security Response Center (ASRC), Point of Contact of all the Alibaba related vulnerabilities, cooperations, and so on.
𓆩SคᴛᎥຮн�... @stish834
404 Followers 758 Following It's never too late 2 start the life u've always wanted. 😍🥳 security Researcher | Bug Bounty Hunter | Android | Web | Ubuntu
Ani houu @Anidan8
19 Followers 153 Following
Ambulong @ambulong
116 Followers 423 Following
Bounty Security @BountySecurity
19K Followers 10K Following Offensive Web Application Security Software
yeuchimse @yeuchimse
1K Followers 644 Following
vikifxxk @vikifxxk
4 Followers 134 Following
Machine Learning & Se... @mlsec_book
202 Followers 987 Following Official twitter account for the @OReillyMedia book authored by Clarence Chio (@cchio) and David Freeman.....@OReillySecurity
PhamDung @PhamDinhDung88
42 Followers 465 Following
Lakshay @inn0c3ntd3v1L
734 Followers 499 Following Cyber Security | OSCP | OSWP | Bug Bounty Hunter | Founder - Cyber Phoenix Conclave | Head - Hackersday Haryana |
M. Qasim Munir @Savitar0x01
3K Followers 2K Following 24 | OSCP | Security Engineer - Day | Bug Bounty Hunter - Night | SRT | Gamer | CTF Player | Crypto Enthusiast | Watching & Sharing memes 24/7
her0ma @s1mayslang
22 Followers 433 Following
Searchlight Cyber @SLCyberSec
688 Followers 382 Following Searchlight Cyber creates products to enhance investigations, protect businesses, and combat cybercrime. Request a trial at https://t.co/zDISBtLIcU
Binance @binance
14.9M Followers 580 Following The world’s leading blockchain ecosystem and digital asset exchange | #Binance #BNB | Support: @BinanceHelpDesk | Posts are not directed towards UK users.
flux @0xfluxsec
1K Followers 941 Following Cyber professional (red team), security and systems programming | Rust | https://t.co/QIih2B7vya | https://t.co/VC3xsm0Wvq
Lior Sonntag @LSecResearch
64 Followers 55 Following Data and Threat Researcher @ Wiz 💫 | Ex-Security Researcher @ Microsoft MDC and Checkpoint CloudGuard Dome9
Clint Gibler @clintgibler
22K Followers 563 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletter
Dr. Anton Chuvakin @anton_chuvakin
41K Followers 9K Following Information security - #SIEM, #DFIR, #EDR formerly at Gartner! Now @GoogleCloud Office of the #CISO; host of @CloudSecPodcast https://t.co/VpKtfz8nXG
DAY JOHNSON ⚡️ @daycyberwox
8K Followers 1K Following Believer ✞ ͏| Cybersecurity @Amazon | Building @cyberwox @cyberwoxacademy
XBOW @Xbow
10K Followers 6 Following Bringing AI to offensive security by autonomously finding and exploiting web vulnerabilities. Watch XBOW hack things: https://t.co/D5Mco1u8zM
Hacktron AI @HacktronAI
2K Followers 6 Following Hacktron is an autonomous vulnerability hunter for ambitious engineering teams. Built by world-class security researchers. Powered by one principle: PoC || GTFO
Nagli @galnagli
39K Followers 482 Following Hacker; Head of Threat Exposure at @wiz_io 🧙♂️; Bug Bounty Hunter; Live Hacking Events Winner
Snapsec @snap_sec
3K Followers 0 Following All Your Cybersecurity Needs Centralized at One Place. Detect, Manage, and Remediate Vulnerabilities with Cutting-Edge Solutions.
Nir Ohfeld @nirohfeld
4K Followers 841 Following Head of Vulnerability Research @wiz_io | @Microsoft MVR (2021-2025) | Pwn2Own 2025 | @Forbes 30 Under 30
Sophos X-Ops @SophosXOps
73K Followers 323 Following A task force composed of our SophosLabs, SecOps, and SophosAI teams working together towards one goal: protecting our customers.
Sector 7 @sector7_nl
1K Followers 2 Following Sector 7 is the security research division of @Computest
REverse_Tactics @Reverse_Tactics
795 Followers 2 Following Software reverse engineering & vulnerability discovery company.
Neodyme @Neodyme
5K Followers 47 Following We secure software with deep-dive audits, cutting-edge research, and in-depth trainings. Secure your solana program with Riverguard @ https://t.co/VmxVHzx2U2 🏞️💂
quarkslab @quarkslab
12K Followers 9 Following Securing every bit of your data https://t.co/hqdd8jMkYM https://t.co/GOXPtukIXE
Microsoft Threat Inte... @MsftSecIntel
187K Followers 1K Following We are Microsoft's global network of security experts. Follow for security research and threat intelligence.
SummoningTeam @SummoningTeam
677 Followers 2 Following Independent Security Research Team managed by @SinSinology
watchTowr @watchtowrcyber
9K Followers 13 Following watchTowr enables organizations to get ahead of in-the-wild exploitation with Preemptive Exposure Management technology.
th3_5had0w @th3_5had0w_w
239 Followers 63 Following v8 VR VR @qriousec \ Former @vngsecresponse \ GCC2023🇸🇬 CTF Pwn/Rev x Founder @_CoSGang_ Flare-on 9, 10, 11 Finisher
Sean Pesce @SeanPesce
249 Followers 183 Following IoT & Android Hacker | OSCP | https://t.co/363zDIbhfm
Offside Labs @Offside_Labs
2K Followers 42 Following 🚀 Web3 Security pioneers | Expert security auditors & consultants | Guarded $300M+ in digital assets | @Paradigm_CTF 2023 Champion 🥇
Dataflow Security @dfsec_com
5K Followers 4 Following
Hexacon @hexacon_fr
5K Followers 1 Following Offensive security conference in the heart of Paris. 10-11th October 2025 Join our Discord server! https://t.co/Btl15G8LsI
Vigilant Labs @vigilant_labs
3K Followers 3 Following Official account of Vigilant Labs (https://t.co/PzW4HkfAwd).
Blue Frost Security @bluefrostsec
6K Followers 643 Following Providing cutting-edge security research. Organizers of @offensive_con
Bien 🇻🇳 @bienpnn
4K Followers 476 Following P (Million Live!) hackerman at @qriousec & @seasecresponse & @ProjectSEKAIctf Tiếng Việt / English / 日本語 范阮玉邊
Quang Vo @mr_r3bot
801 Followers 805 Following OutputDebugString(L"Till no more bug") . Tweets are my own
maxpl0it @maxpl0it
9K Followers 869 Following Principal Vulnerability Researcher at @InterruptLabs. Occasional Pwn2Owner
Interrupt Labs @InterruptLabs
3K Followers 86 Following We’re here to provide world-leading vulnerability research and research capabilities. From browsers, mobile, automotive and everything in between.
Thông Võ Văn @thongvv10
10 Followers 4 Following
Zach Hanley @hacks_zach
2K Followers 438 Following Vulnerability Researcher | Attack Engineer @horizon3ai
MOSEC_Official @MosecOfficial
693 Followers 52 Following All Mobile Security Conference based in Shanghai, China Date: 26th Sept(1day) Location: Wanda Reign Hotel, Shanghai, China
Tim Perry (now mostly... @pimterry
3K Followers 1K Following Building https://t.co/nsD6CIRNo1 (@httptoolkit), Node.js collaborator, mountain biker & dad. 🇬🇧+🇨🇦 in 🇪🇸 🦣 https://t.co/avoorMLO9D 🦋 https://t.co/RmisiMM5dq
Zhihua Yao @hackyzh
3K Followers 571 Following
Jiantao Li @CurseRed
2K Followers 392 Following Security Researcher @starlabs_sg , playing CTF with @r3kapigTrends for United States
You might like
