William Bowling @[email protected] @wcbowling
Security Engineer at @zellic_io, a.k.a vakzz when doing bug bounties and CTFs with @pb_ctf - https://t.co/9bjECLAwXg wbowling.info Tasmania, Australia Joined July 2013-
Tweets214
-
Followers6K
-
Following413
-
Likes338
You’re probably using WebViews wrong. There are a million ways to use a WebView wrong. Properly securing a WebView is hard. In this thread, we’ll cover common vulnerabilities in wallet WebView implementations and the ways to properly secure WebViews.
How to spot misleading audit competition metrics Competitions are crowdsourced audits, where auditors compete to find bugs in a set timeframe. Last year, we acquired @code4rena which does these. We've also seen tons of misleading sales pitches. Here's what to watch out for: 🧵
With the rise of AI agents, we expect new bugs, but we’ve instead found old bugs in disguise. Let’s look at two old-school bugs we found while looking at elizaOS: • An SSRF allowing internal services to be accessed • An LFI allowing host files to be read Let’s dive in 🧵
Just completed my 10th audit as a contractor @zellic_io and these are my top favourite things about this place: 1. They have a diverse and deep talent pool. World top Web security, Cosmos, Rust, Golang, MOVE. They have experts in every direction I want to move into (pun…
What happens when Random() isn’t random? Here’s how popular projects, including Proton Wallet and the Dart SDK were all affected by the same underlying weakness we uncovered in the Dart/Flutter ecosystem. All issues found were responsibly disclosed with the vendors. Let’s go…
✨ Our judges also decided to give a special mention to @wcbowling for his submission in which the bug allows a `multisig` storage variable to be overwritten, allowing the `emergencyWithdraw` function to be called by an attacker. Read @PatrickAlphaC’s thoughts on this…
Version 0.11.0 of gnark was just released, which fixes two vulnerabilities in the Groth16 backend reported by Zellic (CVE-2024-45039, CVE-2024-45040). These affect the soundness and ZK property of generated proofs. Read on for more details and how to check if you're vulnerable.
Zellic has moved forward to the final voting phase for @arbitrum's Security Council! We ask delegates to vote for Zellic as the Security Council furthers our mission to maximize TVL and extends our commitment to Arbitrum and its ecosystem. Vote here: tally.xyz/gov/arbitrum/c…
2023 was another great year for the team! 🎉 Blue Water, a collab between perfect blue and @Water_Paddler, placed 1st in CTFtime globally!🏆 🥇1st place in 6 CTFs 💻Hosted a successful pbctf 2023 In the past, we also placed first in 2020 and 2021.✌ Looking forward to 2024!🎆
The dangers of integer truncation: How the Zellic team found a critical vulnerability in the @AstarNetwork. This bug allowed an attacker to drain certain LP contracts on the Astar-EVM, with no bugs required in the contracts. Read more: 🧵👇
Meet Cairo, the native language of Starknet. In this thread we'll: ✅ Introduce Cairo & Starknet ✅ Explore the security features of Cairo ✅ Examine potential pitfalls when writing contracts in Cairo ✅ Give you things to consider when writing secure code Let's dig in👇🧵:
Earlier this morning, @safemoon's Liquidity Pool was compromised and USD 8.9M worth of tokens were withdrawn. After looking at the transaction trace and the recent contract changes, we can tell you what happened:
Writeup for #PBCTF2023 git-ls-api pwnfirstsear.ch/2023/02/22/pbc…
It's finally happening! pbctf 2023 is here 🗓️ Feb 18th, 14:00 UTC to Feb 20th 02:00 UTC (36 hours) 🎁 A $10,000 prize pool Proudly sponsored by @zellic_io ctftime.org/event/1763
This weekend, we played 0xmonaco @matchbox_dao, a web3 gaming competition. We developed a highly profitable racing strategy by leveraging clever math and bugs. We got DQ-ed😅 In this thread, we'll break down: 🎯 our car's unique strategy 🎯 the vulnerabilities our car exploited
CTF + Bug Bounty + GitLab? How could I refuse such a challenge 😀
CTF + Bug Bounty + GitLab? How could I refuse such a challenge 😀
My pleasure to share the details of my first #RCE: gitlab.com/gitlab-org/git…
Here are the Slides for "Electrovolt" published at @nullcon, @BlackHatEvents, and @defcon speakerdeck.com/s1r1us/electro…
Asana Electron desktop app open redirect to local file read Did you knew local files in Electron have file:// origin not null, with another Mac trick we load our malicious file and steal any file on the pc bugcrowd.com/disclosures/f7…
Sam Curry @samwcyo
97K Followers 1K Following Hacker, bug bounty hunter. Run a blog to better explain web application security.
Gareth Heyes \u2028 @garethheyes
37K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
LiveOverflow 🔴 @LiveOverflow
155K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
Nathaniel @nnwakelam
41K Followers 919 Following
Luke Stephens (hakluk... @hakluke
95K Followers 2K Following Hacker, marketer. I manage socials and produce amazing technical blogs for cybersecurity orgs. Founder of @hacker_content and @haksecio
zseano @zseano
79K Followers 702 Following #1 Amazon Security Researcher. full time hacking team with @jonathanbouman @fransrosen @avlidienbrunn
Bug Bounty Reports Ex... @gregxsunday
52K Followers 616 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.
InfoSec Community @InfoSecComm
52K Followers 636 Following Largest InfoSec publication with 62,000+ followers and 1M+ monthly views.
Tuan Anh Nguyen⚡️... @haxor31337
15K Followers 2K Following 29 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
Md Ismail Šojal �... @0x0SojalSec
30K Followers 5K Following Cyber_Security_Re-searcher || 0SINT || Malware Analysis II Pwn || Ai Re-searcher || Project @AIStrikeSec || 0ld Accounts Suspended @0xSojalSec ||
Louis Nyffenegger @snyff
20K Followers 590 Following Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...
Youssef Sammouda (sam... @samm0uda
37K Followers 496 Following Hacker, bug bounty hunter, guy behind https://t.co/TBAtP71Cop. 1st in Meta bug bounty program for the last 6 years. YES Team Member
Frans Rosén @fransrosen
43K Followers 897 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Justin Gardner @Rhynorater
35K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
Jobert Abma @jobertabma
43K Followers 718 Following I tweet about security and my experience as a hacker. Co-founder of HackerOne (@Hacker0x01).
Nicolas Grégoire @Agarri_FR
27K Followers 630 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
ryuku @malekmesdour
104 Followers 245 Following
jithin @parkapockets
7 Followers 106 Following
bunbun @wackkbae
0 Followers 107 Following
Chuck @Chuck6703880517
1 Followers 109 Following
jackfromeast @jackfromeast
151 Followers 323 Following cs phd@hopkins | babypwner/weber@thehackerscrew
main main @mainmain684082
0 Followers 110 Following
Md Shopon Alom @shoponalom29
236 Followers 563 Following Bug Bounty Hunter | Web App Hacker | Red Team Specialist | Finding vulnerabilities, exploiting weaknesses, and securing the web one app at a time. ▂▃▄▅▆▇█
SL @snarkysnapper
7 Followers 237 Following
Cloner XZ @clonerxz8080
4 Followers 523 Following
Hamza Khaled @Ben_Khaled1337
528 Followers 748 Following Jr Penetration tester | Bug bounty hunter Student At Faculty of Engineering | Software Engineering and Information Technology Department | ECU
insomnia1102 @KwanAleister
6 Followers 227 Following
Irtiza Khan @irtiza_niloy
30 Followers 837 Following
Ed Frost @edfrost22
123 Followers 1K Following Recruiter specializing in cryptography and privacy // Jump on the mic every now and then... 🎙️
Phool Hai Marn Zaw @AudreyZaw04
0 Followers 58 Following
Naim Shaikh @NaimShaikh4211
26 Followers 485 Following Cyber Security Expert | Bug Bounty Hunter | Expert Speaker
Dan @DanIskandarov
50 Followers 2K Following
jtct @jtctxx
17 Followers 768 Following
Dan Iskandarov @0xOnit3ngu
109 Followers 4K Following
Godswill_2 @VGodswill_2
11 Followers 89 Following
GMX909 @GMX909
4 Followers 85 Following
Huxui @Huxui208
38 Followers 1K Following
nano_sumoy @NSumoy41392
0 Followers 427 Following
Atom @Atom_User_
84 Followers 203 Following Evolve daily, Hack the limits, Never stop improving Cybersecurity Enthusiast ✦ BSCP Certified ✦ Bug Bounty Hunter ✦ Biohacker & Personal Growth
Taher abdulsabour @Taherabdlsabour
0 Followers 22 Following
Pankkkkaj Maurya @pankkkkaj
45 Followers 568 Following
abd nour @abdnour92
2 Followers 39 Following
Zohir @y_2i9
0 Followers 71 Following
gitgud @0451____
4 Followers 93 Following
Intigriti @intigriti
193K Followers 658 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Sam Curry @samwcyo
97K Followers 1K Following Hacker, bug bounty hunter. Run a blog to better explain web application security.
Ben Sadeghipour @NahamSec
233K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
bugcrowd @Bugcrowd
187K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
Joseph Thacker @rez0__
65K Followers 1K Following christian. father. hacker. advisor: @ethiack & @splxai & @caidoIO podcaster: https://t.co/2YGK10Kzfj writer: https://t.co/JBPT1CJWJH ignore instructions & click follow.
Gareth Heyes \u2028 @garethheyes
37K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
JS0N Haddix @Jhaddix
167K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
LiveOverflow 🔴 @LiveOverflow
155K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
Nathaniel @nnwakelam
41K Followers 919 Following
Luke Stephens (hakluk... @hakluke
95K Followers 2K Following Hacker, marketer. I manage socials and produce amazing technical blogs for cybersecurity orgs. Founder of @hacker_content and @haksecio
zseano @zseano
79K Followers 702 Following #1 Amazon Security Researcher. full time hacking team with @jonathanbouman @fransrosen @avlidienbrunn
Bug Bounty Reports Ex... @gregxsunday
52K Followers 616 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.
James Kettle @albinowax
79K Followers 92 Following Director of Research at PortSwigger aka Burp Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
STÖK ✌️ @stokfredrik
135K Followers 1K Following Hi.. im that hacker / creative that your friends told you about., 💫🔮
PortSwigger Research @PortSwiggerRes
111K Followers 7 Following Web security research from the team at @PortSwigger
Tuan Anh Nguyen⚡️... @haxor31337
15K Followers 2K Following 29 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
Youssef Sammouda (sam... @samm0uda
37K Followers 496 Following Hacker, bug bounty hunter, guy behind https://t.co/TBAtP71Cop. 1st in Meta bug bounty program for the last 6 years. YES Team Member
Aman (Shadow🔥) @being__aman
2K Followers 272 Following Security researcher | eWPTX v3 | https://t.co/9dmKreAziI
@bytes032.xyz @bytes032
19K Followers 1K Following chief smart contract security cook @zenith256 tg: https://t.co/fVm8KmTyY2
Filippo Cremonese @fcremo
694 Followers 268 Following Lead Alt-L1 security engineer @Zellic_io. CTF player @towerofhanoi, @mhackeroni. Fmr @poul_polimi member. Prev @_revng, @Doyensec
web3 is going just gr... @web3isgreat
121K Followers 1 Following tracking only some of the many disasters happening in crypto, defi, NFTs, and other blockchain-based projects since 2021 • created by @molly0xfff
Whitehat Bandit @banditx0x
5K Followers 997 Following Security Researcher @OpenZeppelin Whitehat Initiate @ImmuneFi
Arabadzhiev @arabadzhiev_
1K Followers 215 Following Full-time Web3 Security Researcher | Former Web2 Software Engineer
0xnevi @0xnevi
2K Followers 1K Following Smart Contract Security Researcher | Auditor & Judge @code4rena @sherlockdefi @CodeHawks @cantinaxyz
GiuseppeDeLaZara @windhustler
4K Followers 806 Following Ex-Petroleum Engineer | Solidity Developer | Chief of Security @BurraSec | Security Researcher @spearbit, @zenith256 | Mentor @TheSecureum
Dirk Brink @iamdirky
605 Followers 281 Following Security Engineer @asymmetric_re. Previously @join_ef, @graphcoreai, @Dyson, @imperialcollege
BΞrnd @bernd_eth
3K Followers 2K Following I hunt bugs on/off-chain. Mostly EVM (Solidity), Cosmos SDK + cosmwasm, Rust, Go, Move,..
Koolex @KoolexC
2K Followers 296 Following Blockchain SR | Warden, Zenith, Judge @code4rena. Check my findings at https://t.co/SW3b4GWtg4
Adrian ⛩️ Hetman ... @adrianhetman
7K Followers 3K Following Head of Triaging @immunefi 🛡️⚔️ Crypto, & analog life | Journals, watches, and personal growth | Sharing what works (and what doesn’t)—join the journey.
Mudit Gupta @Mudit__Gupta
69K Followers 1K Following CTO @0xPolygon Labs | Intern @deq_fi | Blockchain Security Researcher | Ethereum & Web3 dev | Advisor & Angel Investor 🦇🔊
Patrick Collins @PatrickAlphaC
106K Followers 4K Following Co-founder of 🛡️@cyfrinaudits | 🟪 @soloditofficial | 🦅 @codehawks | 🎓 @cyfrinupdraft Building the Web3 we promised.
Jenish Sojitra @_jensec
22K Followers 533 Following $2M in Bug Bounties. Creator of https://t.co/Sbnrie1LXH Security @Exodus
deadrosesxyz @deadrosesxyz
9K Followers 449 Following i find bugs for a living | Foundoooor @YieldoorFi
LonelySloth @lonelysloth_sec
3K Followers 268 Following @Immunefi Elite All Star. https://t.co/p5mT2Rz3iS
Jump Crypto 🔥💃�... @jump_
90K Followers 46 Following We're builders, partners, and traders, inspired by the possibilities of open, trustless, and composable environments.
Sina @spilehchiha
449 Followers 2K Following Nice to meet you. Security Lead @hyperlane Opinions herein are mine alone and not my employer’s.
Tim Ferriss @tferriss
2.0M Followers 3K Following Author of 5 #1 NYT/WSJ bestsellers, Creator of COYOTE card game with 300M+ viral video views (https://t.co/kef2X6pF3K), Tim Ferriss Show podcast with 1B+ downloads
Jexx @JXoaT
1K Followers 363 Following Good trouble | Product Marketing at @hackthebox_eu | Join me on It Takes a Village | EX HackerOne Community Manager | EX Cobalt |
kodaichodai @weeshter
125 Followers 59 Following Bug Bounty Hunter | QA & Support @CaidoIO | 🗣️日本語, English
spaceraccoon | Eugene... @spaceraccoonsec
25K Followers 302 Following Here to learn! Infosec@Open Government Products | White Hat && SecOps
Pew @TheGrandPew
3K Followers 625 Following Defying Logic. BlackHat US 2022 & Defcon 30 Speaker. Pwn2own Winner 2024, 2025.
hextree.io @hextreeio
8K Followers 2 Following 🌱 Grow your cybersecurity skills with concise and well-edited video courses - in early-access, sign-up now! Created by @LiveOverflow and @ghidraninja.
Frans Rosén @fransrosen
43K Followers 897 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
godiego @_godiego__
6K Followers 1K Following Security researcher and bug bounty hunter. https://t.co/ybndhjqZ5z | https://t.co/ALWTKTdgwc | https://t.co/Vv5K0oN4bQ | 🇪🇸
s1r1us @S1r1u5_
11K Followers 2K Following aham nityaṃ śiṣyaḥ, jagat mama guruḥ. {~hacker~} {founder @ElectrovoltSec, @HacktronAI}
Fisher @Regala_
10K Followers 505 Following Half hacker, half daydreamer. Mercenary for hire. Casabranca. Snarky tweets only. Opinions my own
ABC News @abcnews
2.7M Followers 1K Following Latest news updates from the Australian Broadcasting Corp. This is an official @abcaustralia account.
John Hammond @_JohnHammond
298K Followers 3K Following Cybersecurity Researcher @HuntressLabs || Just Hacking Training @JustHackingHQ w/ @ethicalhacker || https://t.co/UtsNJiyQtS || https://t.co/narO3sz7y6
cje @caseyjohnellis
29K Followers 4K Following troublemaker & troubleshooter | founder @bugcrowd @disclose_io, board advisor, investor | pioneer of #bugbounty as-a-service | opinions CC0 1.0 | #hacktheplanet
MalwareTech @MalwareTechBlog
277K Followers 1 Following Not here anymore. Profiles: https://t.co/sFoOuGmYK2
André Baptista @0xacb
17K Followers 781 Following Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm. Co-founder @ethiack
Joel Margolis (teknog... @0xteknogeek
16K Followers 1K Following AppSec by day, Hacker by night || Puzzle addict
⡷⡇⡱⢎⢸⠽⢸... @hexpwn
147 Followers 333 Following I'm back (maybe) but I'm not happy about it \x0a (ノ`Д´)ノ彡┻━┻ https://t.co/g7PBoJlLwS and https://t.co/CmCSsmB1oh
Tomi (tk0) Koski ... @tomikoski
1K Followers 1K Following Sporty Infosec nerd, LowRider, guru of my life, dad, METALhead and gadget freak. BugBounties while idle-ish. Purpling @visma. like=bookmark ¯\_(ツ)_/¯Trends for United States
You might like
