truff @truffzor
Joined June 2009-
Tweets140
-
Followers292
-
Following507
-
Likes2K
I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4
My french team, for the world cup, and in collaboration with my wife, printed me a hoodie with a redacted payload on it. That bug was super fun, but quite hard to exploit! If encoded words, RFC2047 and so on are strange words to you, @garethheyes presented at the same time their…
My french team, for the world cup, and in collaboration with my wife, printed me a hoodie with a redacted payload on it. That bug was super fun, but quite hard to exploit! If encoded words, RFC2047 and so on are strange words to you, @garethheyes presented at the same time their… https://t.co/8o2j0Bu3Jm
Some time ago while hunting with @Icare1337 and looking for bugs in Ghostscript I found a vulnerability that allows to local file read / write. This led to CVE-2025-46646. nvd.nist.gov/vuln/detail/CV… - #infosec #bugbounty
Some time ago I found 2 vulns in Collabora Online that when chained allowed to arbitrary file write. When digging further with my colleague @Icare1337 we found out a pre auth RCE in a largely used open source software. We'll do a write up later. CVE below: github.com/CollaboraOnlin…
Half of our 2025 Bucket List has already been achieved 🤯 Kudos to @truffzor, @Icare1337 & @LdrTom for the epic collab, and to @XelBounty for the massive impact! Bug hunters, keep crushing it - swag packs are up for grabs! 🎁 #YesWeRHackers
I recently found a blind FreeMarker SSTI on a bbp. It was not possible to RCE but I found some nice gadgets to enumerate accessible variables, read data blindly or perform some DoS. I documented that here if someone is interested gist.github.com/n1nj4sec/5e3ff…
I'm thrilled to finally share my research on HTML parsing and DOMPurify at @grehack 2024 📜 The research article is available here: mizu.re/post/exploring… The slides are available here: slides.com/kevin-mizu/gre… 1/3
🎬 #TalkiePwnii is LIVE! Introducing our new series starring @pwnwithlove! In each video, Pwnii will break down Dojo challenges, sharing various solutions & technical tips 😎 Catch the first episode about our ‘Shell Escape’ challenge 👇 #YesWeRHackers youtube.com/watch?v=Rw3wWi…
The time has come, and with it your reading material for the week. Phrack #71 is officially released ONLINE! Let us know what you think! phrack.org/issues/71/1.ht…
One time I tried to explain Kerberos to someone. Then we both didn't understand it.
My team (France) finishes first at the @Hacker0x01 #AmbassadorWorldCup qualification round. What a pleasure to be part of such an engaged and skilled team !
My team (France) finishes first at the @Hacker0x01 #AmbassadorWorldCup qualification round. What a pleasure to be part of such an engaged and skilled team !
I'm very excited to finally share the first part of the research I did into Ghostscript. This post details the exploitation of CVE-2024-29510, a classic format string bug, which we abuse to bypass the SAFER sandbox and gain RCE. codeanlabs.com/blog/research/…
A few weeks ago I found a vulnerability in Apache Allura while reading an excellent paper from @Sonar_Research and the according fix. CVE has been published today. allura.apache.org/posts/2024-all… #offensivesec #infosec
New update on Hackyx! You can now share with us any technical content, blog post, or writeup that you found interesting. It will then be moderated before being added to Hackyx. hackyx.io
DOMLogger++ v1.0.4 is now out and available in stores! It comes with new features that allow you, for example, to easily dig into DOM gadget occurrences after an innerHTML sink 🔥 More details can be found here 👇 github.com/kevin-mizu/dom… 1/3
Really proud of those bypass/mXSS variations. They involve some cool second-order DOM Clobbering and a new mutation gadget that I would like to call the elevator x) 1/2
Sometime ago I found another vulnerability on Adobe Commerce while hunting with the French team during @Hacker0x01 world cup. What a pleasure to hunt with one of the best hackers I know => @Blaklis_ 🔥
Sometime ago I found another vulnerability on Adobe Commerce while hunting with the French team during @Hacker0x01 world cup. What a pleasure to hunt with one of the best hackers I know => @Blaklis_ 🔥
It's time to present my first little blog post, on XSS WAF bypass Feel free to send me feedback (: onetest.fr/posts/xss-waf-…
LogicBreaker @sangithinba
82 Followers 2K Following 🐞 Bug Bounty Hunter | 🧠 Think like a dev, hack like a ghost Focus: Business Logic | RCE | LFI | SSRF On a $10K mission | #YesWeHack #bugcrowd
Dark@Joker:~$ @ExploitNest
89 Followers 2K Following CRTA | CAP | OSCP (Aspirant) - Pentration Tester & Bug Hunter - Red Teamer 🤡
G6G @Wigbald_GG
16 Followers 92 Following
Ayman Mo @MoMo1a9
3 Followers 302 Following
0x999 🇮🇱 @_0x999
1K Followers 275 Following "ɪ ᴛᴏᴏᴋ ᴛʜᴇ ʜᴇʟʟ ɪ ᴡᴀꜱ ɢᴏɪɴɢ ᴛʜʀᴏᴜɢʜ (666) ᴀɴᴅ ꜰʟɪᴘᴘᴇᴅ ɪᴛ ᴏᴠᴇʀ ɪɴᴛᴏ ꜱᴏᴍᴇᴛʜɪɴɢ ᴘᴏꜱɪᴛɪᴠᴇ (999)"💔
yassine_eal @yassine_eal
47 Followers 333 Following
Nikita Roy @NikitaRoy651297
7 Followers 701 Following
Volker @volker_carstein
570 Followers 613 Following Hacker 💻 speaker 📣 Jack of All Trades 🃏 Social Engineering, OSINT, AD, TTRPG Pentester / Red Team Operator @ Bsecure / Parabellum Services
比个心 @vbigthing
90 Followers 4K Following
Datsuraku @MDatsuraku
207 Followers 2K Following 20ph gnnlknntapiiaiahwanhbaiaponittgylsmaannayphnhamkayogygtnaiauknalgaggakahpaignaaankbaaaypwo nmitnpiaatniganapauolalmangaypaaioyngsatagrngnkgphpakmaankii
Isaiah Daboh @Esaias981
2 Followers 219 Following
.... @__qazxswe
1 Followers 1K Following
Effrite @_cyber_djinn
32 Followers 31 Following
. @mangeshmatke9
201 Followers 941 Following Lost in the binary, finding purpose in the code of life.
Sto @YoursSto
46 Followers 335 Following Founder of @N0PSctf | Cybersecurity Engineering Student 🦋 | Member of @BrHackeuses
DZPower @tessylo69118
128 Followers 1K Following
Atom @Atom_User_
84 Followers 203 Following Evolve daily, Hack the limits, Never stop improving Cybersecurity Enthusiast ✦ BSCP Certified ✦ Bug Bounty Hunter ✦ Biohacker & Personal Growth
nuyo4h @nuyo4h
0 Followers 2K Following
diozx @di_o_zx
1 Followers 78 Following
sigabrt @sigabrt9
132 Followers 370 Following
Mevlüt @mvlttt_
12 Followers 545 Following
a̶l̴p̷h̴4̵b̵y̷... @alph4byt3
504 Followers 66 Following 🐱🖥️🎮🎶 | 3̸̨̙̩̫̯̥̼̹̯̜̞͓̺͈̹̥͙̣͚͓̙̮̟̘̪̩̠̜̦͎̂̃̐̉̉͐̔̊͌̇̈́̈̅̑̾͒̆̈́̋̋͌̊̈́̌̈́̑̋͐̓͐̈̌̀̇̆̈́͗̈́̊̔̊̃́͑͑̾̒̿̾̓͆̅̍͆̍͂͆̄̐̓̓̊̿̿̅̈̚̕͜͝͝͠͝ Web Hacker | -157 IQ
law_sm @lawsm189760
83 Followers 2K Following
Aayush @r00t_ak
67 Followers 2K Following Nothing, just a noob and trying to learn new things🙂 Beg Bounty
Romern @Romerrn
24 Followers 282 Following
Hammadi El Harti @Hammadi_Elharti
30 Followers 1K Following
Guru Prasad Pattanaik @gurupra9161
98 Followers 1K Following BSc Physics || Security Researcher || Secured NCIIPC, Indian Army, NASA, Barclays Bank, Cisco AppDynamics, Seagate, ETSI OpenSource MANO, UKRI, Deutsch Telekom
YoyoDavelion @YoyoDavelion
471 Followers 606 Following
Ali@s @_Ali4s_
523 Followers 799 Following Security almost expert | H@ck3r | OSCP | OSWE | Security+ | CEH | 🇫🇷 A.k.a Eagleslam
星曜 @jingxie48465348
46 Followers 2K Following
Nahid Hasan Limon @nh___limon
341 Followers 2K Following Busy in learning to build and break the web 😴️✨️
Soïchi 𒌐 @Ryuk__________
7 Followers 437 Following
hooian ir @Hooian_ir
7 Followers 287 Following
Bavoillot christophe @BavoillotC1760
0 Followers 41 Following
ElevenLabs @elevenlabsio
139K Followers 11 Following Our mission is to make content universally accessible in any language and voice.
Profundis.io @profundisio
684 Followers 0 Following Mapping the internet - turning DNS/host data into intel for sec teams, OSINT & bug-bounty hunters. Automated recon & real-time alerts.
Dark Web Informer @DarkWebInformer
129K Followers 60 Following Providing Cyber Threat Intelligence from the Dark Web & Clearnet: Breaches, Ransomware, Darknet Markets, Threat Alerts & more. https://t.co/Fi7VW9lg94
0x999 🇮🇱 @_0x999
1K Followers 275 Following "ɪ ᴛᴏᴏᴋ ᴛʜᴇ ʜᴇʟʟ ɪ ᴡᴀꜱ ɢᴏɪɴɢ ᴛʜʀᴏᴜɢʜ (666) ᴀɴᴅ ꜰʟɪᴘᴘᴇᴅ ɪᴛ ᴏᴠᴇʀ ɪɴᴛᴏ ꜱᴏᴍᴇᴛʜɪɴɢ ᴘᴏꜱɪᴛɪᴠᴇ (999)"💔
Volker @volker_carstein
570 Followers 613 Following Hacker 💻 speaker 📣 Jack of All Trades 🃏 Social Engineering, OSINT, AD, TTRPG Pentester / Red Team Operator @ Bsecure / Parabellum Services
Anthropic @AnthropicAI
637K Followers 35 Following We're an AI safety and research company that builds reliable, interpretable, and steerable AI systems. Talk to our AI assistant @claudeai on https://t.co/FhDI3KQh0n.
Chubby♨️ @kimmonismus
84K Followers 2K Following Get my daily newsletter (230k+ readers) 📰: https://t.co/QaaY1wN9Tq // Mail 📧 » [email protected] «// 💻 @apples_jimmy 🍎 simp
Jorian @J0R1AN
2K Followers 360 Following Normalize being weird. (also here: https://t.co/cr9Y0kDEBi)
noraj @noraj_rawsec
3K Followers 382 Following 🇫🇷 Penetration test engineer, security researcher and #BlackArch Linux maintainer.
Ivan Fratric 💙💛 @ifsecure
18K Followers 207 Following Security researcher at Google Project Zero. Author: Jackalope, TinyInst, WinAFL, Domato. PhD. Tweets are my own. Backup @[email protected]
Katie Paxton-Fear @InsiderPhD
93K Followers 2K Following Dr, apparently. Security Adovcate @semgrep & Hacker. #BugBounty hunter & #infosec YouTuber. APIs & Interlinked OffSec, PhD in AI+Sec @hacknotcrime. she/her
Adnan Khan @adnanthekhan
3K Followers 205 Following Security Engineer at big tech | Part Time Security Researcher | Build Pipeline Menace | All thoughts and opinions are my own.
bytehx @bytehx343
3K Followers 1K Following
Perce @PerceSecu
413 Followers 317 Following CTF player | Bug Hunter | Ex infosec student at @EsnaBretagne
strellic @Strellic_
1K Followers 303 Following ctf @cor_ctf @dicegangctf @ProjectSEKAIctf grad @Berkeley_EECS '23 ❤️ rhythm games, web/app security https://t.co/v3IfNLwB9f
GMO Flatt Security In... @flatt_sec_en
629 Followers 1 Following Building AI that finds & fixes web security bugs — autonomously. SOTA in white-box bug hunting. Try Takumi: https://t.co/zruO7dgEcc
Neplox @neploxaudit
357 Followers 7 Following Research-powered Web3 security team founded by top-ranked competitive hackers. Audits for crypto wallets, TON L1 and smart contracts.
XBOW @Xbow
10K Followers 6 Following Bringing AI to offensive security by autonomously finding and exploiting web vulnerabilities. Watch XBOW hack things: https://t.co/D5Mco1u8zM
maitai @MaitaiThe
354 Followers 1K Following BSc Computer Science Engineering | 25 | CTF @fibonhack | Security @Doyensec | Trying to find my way | Opinions are mine | 🍭
Google VRP (Google Bu... @GoogleVRP
39K Followers 0 Following We ❤️ 🐜🐞🦗🦟🦋. {echo,{{{Google,Chrome,Android,Abuse,Mobile,OSS,Cloud}Vulnerability,Patch}Reward,VulnerabilityResearchGrants}Program}
SaxX ¯\_(ツ)_/¯ @_SaxX_
39K Followers 382 Following 🥷Le Gentil Hacker ¦¦🎙Speaker ¦¦ 40 under 40 cyber ¦¦ 👳♂️Mentor @Guardia_School ¦¦ 🥂Épicurien
GreHack @GrehackConf
5K Followers 1K Following GreHack is a hacking & scientific infosec conference in Grenoble, France. Nov. 28 & 29, 2025
d0xing @d00xing
7K Followers 774 Following
Jonathan Bouman @JonathanBouman
7K Followers 518 Following Medical Doctor (GP) & Security Researcher
Tesla Optimus @Tesla_Optimus
562K Followers 11 Following A general purpose, bi-pedal, humanoid robot capable of performing tasks that are unsafe, repetitive or boring.
sudi @sudhanshur705
5K Followers 699 Following Remember, whatever happens... There's always a vulnerability https://t.co/FFVfnf39jY
Santiago Lopez @santi_lopezz99
23K Followers 184 Following World's first $1M hacker | Top 3 @hacker0x01
John Hammond @_JohnHammond
298K Followers 3K Following Cybersecurity Researcher @HuntressLabs || Just Hacking Training @JustHackingHQ w/ @ethicalhacker || https://t.co/UtsNJiyQtS || https://t.co/narO3sz7y6
André Baptista @0xacb
17K Followers 780 Following Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm. Co-founder @ethiack
ElleuchX1 @ElleuchX1
616 Followers 420 Following Hacker by day, big napper by night | CTFs w/ @ProjectSEKAIctf | OSCP | https://t.co/dpFxMnjdft
siri@fu4k1 @sirifu4k1
7K Followers 309 Following Web Pentest & girl hh & share anything ithink useful about infosec. follow me! 🇸🇬
Thomas Rinsma @thomasrinsma
1K Followers 314 Following Looking for strange loops and weird machines. Lead security analyst @CodeanIO.
Mukul Goyal @itz_mg_
3K Followers 506 Following 17 | Bug Bounty Hunter | Aspiring Security Researcher
Quikke @quintenvi
746 Followers 874 Following
The Dustin Childs @dustin_childs
2K Followers 352 Following Parked account. I usually post stuff over where the sky is blue.
mpgn @mpgn_x64
18K Followers 230 Following Flibustier du net ̿ ̿̿'̿'\̵͇̿̿\=(•̪●)=/̵͇̿̿/'̿̿ ̿ ̿ ̿ Podcast Hack'n Speak @hacknspeak / https://t.co/GyACSFg9mw
Phith0n @phithon_xg
8K Followers 328 Following @ShopeeSG security team now, Chaitin Tech previously. Opinions are my own.Trends for United States
You might like
