Maxwell ꓘ Dulin (Strikeout) @Dooflin5
God First | Web3 & Web2 Security Researcher (Hacker) at @asymmetric_re | Gonzaga U & Centralia HS Grad | Wiffleball with @ctownwiffle | Dodgeballer | maxwelldulin.com Seattle/Centralia, WA Joined February 2013-
Tweets3K
-
Followers1K
-
Following864
-
Likes2K
It has been a pleasure for us to attend and present at #Insomnihack 2024. In case you missed it, here is our newly released mXSS cheatsheet 🧬🔬 sonarsource.github.io/mxss-cheatshee…
@claudijd @Dooflin5 @amuletdotdev @cosmos This is an amazing find, and we're thrilled that you are investing time, effort, and solid bug hunting talent in this code! Looking forward to working with you all again soon. 🧿🩵
Interesting issue. If this was reported via bug bounty I bet it would have been ignored. Considering the impact of this phishing vectors should be taken seriously.
Interesting issue. If this was reported via bug bounty I bet it would have been ignored. Considering the impact of this phishing vectors should be taken seriously.
#ReverseEngineering Twitter, can you identify this mystery CPU? Harvard architecture 24-bit instructions 16-bit addr space 16 8-bit regs r7r6 stack ptr r9r8 link reg like ARM r15 acc my reg numbering may be backwards Little endian, at least for branches Found inside ISM radio
The @Neodyme 3 part series on breaking the Solana core node software are amazing with deep logic flaws. The final two are breaking the staking weights on voting and breaking the account ownership model to allow anybody to update accounts. Worth a read! neodyme.io/en/blog/solana…
Happy Easter! Today, we celebrate Jesus rising from the dead after His sacrifice for us on the cross. Jesus has such great love for us, that he gave himself up to die to cover our sin and bring us closer to God. I'm so grateful for this, especially on days like today. ❤️
Jordan has opinions about chucks opinions about Tommy’s opinions. Now I also have an opinion.
Jordan has opinions about chucks opinions about Tommy’s opinions. Now I also have an opinion.
Wisdom > money Proverbs contains so much great insight. Even if you’re not Christian, this is great advice. Invest in your knowledge as opposed to making the quick buck.
Logical bugs rule the world
I loved the episode of the Critical Thinking podcast (@ctbbpodcast) with @samm0uda. The creativity on bug chains with little things like parameter pollution is amazing. I'm going back and reading a lot of the posts on the blog as well. Thanks for setting up such a good guest!
It’s crazy how simple this bug is. You never know what’s out there unless you look! There’s many many many more bad bugs lurking if you spend the time hunting.
It’s crazy how simple this bug is. You never know what’s out there unless you look! There’s many many many more bad bugs lurking if you spend the time hunting.
Amazing day hosting the Spokane Cyber Cup (learning CTF) for a 5th year! - 180 students from Spokane area from 17 different schools - 30 coaches to assist students - 1000+ challenge solves from web, crypto, OSINT, blockchain and more categories - 1 amazing speaker @lauriewired
New blog post: Ethereum Log Confusion in Polygon's Heimdall. A critical vulnerability in Polygon PoS that could have allowed a rogue validator to take over the Heimdall consensus layer, putting over $2B of crypto assets in the PoS bridge at risk. asymmetric.re/blog/polygon-l…
Had a great time speaking to students at the Spokane Cyber Cup this weekend! Went over some Android Operating System internals, as well as the basics of Reverse Engineering malware. Special thanks to @Dooflin5 for setting up the event, as well as all the other coaches and…
Learned two new things in Solidity today: - Strings and bytes are copy by reference, not by value. - Assert eats up all the gas while revert stops prematurely and returns the gas. The more you know the better at this auditing game you'll be.
@Dooflin5 This is only the beginning bro. 💪
Took 2nd place on my first Code4Rena contest with @ging3r1996470 as ChristiansWhoHack. Stoked about what the future holds for us!
Who’s really at the top of the Immunefi leaderboard!? Go click the link on the Immunefi leaderboard to find out.
Who’s really at the top of the Immunefi leaderboard!? Go click the link on the Immunefi leaderboard to find out.
If there are more than 10 Critical/High/Medium severity issues found in a smart contract audit you do, chances are there are more vulnerabilities left there. I strongly recommend a second audit round when there is a good amount of severe vulnerabilities found on the first review
0xor0ne @0xor0ne
55K Followers 526 Following | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |Sam Curry @samwcyo
77K Followers 949 Following Hacker, bug bounty hunter. Run a blog to better explain web application security.Hardik Shah @hardik05
4K Followers 4K Following Principal Security Researcher - Tweets and opinions are my own and not of my employer. #fuzzing #trainings #security YouTube: https://t.co/grWZKdQTfZRenda Motayne @MotayneRen18780
75 Followers 5K FollowingAnitra Thebeau @ThebeAnit
79 Followers 5K Following280652🌸 @TokyoPentest
153 Followers 409 Following OSCP/Infosec/pwn2own Blockchain Security Engineer @Beosin_comJon @silkycamo
333 Followers 304 Followingnoah.eth @NoahMarconi
2K Followers 917 Following researcher & dev LSR turned Head of Security Reviews @SpearbitDAO https://t.co/n5CShDCsj6Saif Un Noor Prottoy .. @saifnoorprottoy
285 Followers 446 Following source code reader 🐘: [email protected]ayc @AuditUrContract
96 Followers 655 FollowingKatya🌪️ @0xKATYA
3K Followers 5K Following strategic growth @WormholeFDN | ex: @Aave @0xPolygon @MapleFinanceVini @unl1k3ly
3K Followers 2K Following I like security, crypto, handstands and beers. (not in order). Totally not a hacker. 🪦 7552828 | Managing Director at @SCVSecurityuser31fibcxw2 @user31fibcxw2
0 Followers 549 FollowingRichard Patel @fd_ripatel
6K Followers 901 FollowingDeGatchi @DeGatchi
7K Followers 874 Following host @scrapingbits technical podcast - DM to come on! / ex-exploit synthesis @nibbleonbytes / follow my math + ai journey @ https://t.co/vYbN2jfiUumatei @0xmtf
124 Followers 294 Following exploring | prev. @MultiversX security @zokyo_io | opinions are my ownMvrk @MightyMvrk
576 Followers 1K Following Hope is not a strategy | Growth @asymmetric_re |📱Mobile team @Solana Labs | Fmr DeFi team @0xPolygon LabsIndira Barff @IBarff21034
50 Followers 5K FollowingAimee Quispe @quis_aim
86 Followers 5K FollowingAly Osier @OsierAly82738
69 Followers 5K FollowingPerrie Rivenburg @perr_rivenbur
52 Followers 5K FollowingBitDoctor.ai @bitdoctorai
18K Followers 3K Following AI + DEPIN = FUTURE | JOIN TELEGRAM: https://t.co/p80EBLmQBVJonatan @jlalop
60 Followers 2K FollowingSarah @tenerysarah12
215 Followers 3K FollowingGenevieve Getachew @GenevieveG60314
83 Followers 5K FollowingSachin🍿² @pwnfoo
1K Followers 1K Following block tinkerer @nymproject // chief intern @blockfend // security, @cosmos and mostly sh*tpoststhisvishalsingh�.. @thisvishalsingh
1K Followers 505 Following I'm a Security Researcher...just learning. Discord: thisvishalsinghSaad Rahman @saadrah22173444
5 Followers 181 Following発明家 @exeveryone
2K Followers 858 FollowingPatrick Collins @PatrickAlphaC
84K Followers 4K Following Co-founder of 🛡️@cyfrinaudits | 🟪 @soloditofficial | 🦅 @codehawks | 🎓 @cyfrinupdraft Building the Web3 we promised.Dayibanas @Anasabdisheik
23 Followers 118 Following0xWeb3boy | DM FOR AU.. @0xWeb3boy
976 Followers 537 Following Independent Security Researcher | Ex-ISRO | Ex- Income Tax Department | Serving in the Ministry of DefenceLuciana Brueggemann @LBrueggema71353
23 Followers 2K Following Luciana / 19 / Earn your own Crypt$ casino👇🐋Aaron @AaronChen0
80 Followers 595 FollowingShreyas Koli @SPY8OY
1K Followers 656 Following Security Researcher at @CredShields | Bug Bounty Hunter | Smart Contract auditor | Pentester0xor0ne @0xor0ne
55K Followers 526 Following | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |Sam Curry @samwcyo
77K Followers 949 Following Hacker, bug bounty hunter. Run a blog to better explain web application security.LiveOverflow 🔴 @LiveOverflow
142K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeioCorben Leo @hacker_
68K Followers 659 Following I hack stuff (legally) | Jesus follower | Co-founder @boringmattressFaith @farazsth98
3K Followers 307 Following Security Engineer @zellic_io, Independent Vulnerability Researcher, CTF pwn+blockchain @SuperGuesser, Prev: Android Vulnerability Research @dfsec_comMaddie Stone @maddiestone
64K Followers 847 Following Security Researcher - Google's Threat Analysis Group | 0days all day. Love all things bytes, assembly, and glitter. she/her.John Hammond @_JohnHammond
240K Followers 2K Following Hacker. Cybersecurity Researcher @HuntressLabs || https://t.co/qUeDM3lSClkmkz @kmkz_security
18K Followers 1K Following Offensive Security fanatic, Offsec Team lead... pom-pom girl? Who fuckin' cares ??The Chronicle @chronline
5K Followers 787 Following The official Twitter feed for The Chronicle of Lewis County, Washington. Follows and retweets do not equal endorsements.Ivan Fratric 💙💛 @ifsecure
17K Followers 192 Following Security researcher at Google Project Zero. Tweets are my own. Backup @[email protected]Andreas Kling @awesomekling
36K Followers 396 Following 🌅 Recovering addict 🐞 Building a truly independent web browser (@ladybirdbrowser) 💕 Married to @KatalinKultJordan Nailon @TheDailyNailon
3K Followers 1K Following Sports editor @TDNPreps / Used to #FishRap. Nokona/Walter/Hank's dad. Coach Luchau's husband. GM of @RuralBaseball. 'Don't let the trout bite you!' — #OrzyJames Kettle @albinowax
70K Followers 83 Following Director of Research at PortSwigger Burp Suite Check out my website for published research, other social platforms & contact detailsHardik Shah @hardik05
4K Followers 4K Following Principal Security Researcher - Tweets and opinions are my own and not of my employer. #fuzzing #trainings #security YouTube: https://t.co/grWZKdQTfZLinux Kernel Security @linkersec
6K Followers 0 Following Links related to Linux kernel security and exploitation. Maintained by @andreyknvl and @a13xp0p0v. Also on https://t.co/GVE11dpBb8 and https://t.co/YpxPWXnA6Z.Ryan M. Montgomery @0dayCTF
53K Followers 503 Following Pentester / Serial Entrepreneur / Child Safety Warrior — https://t.co/9c4DBWMYiQBen Sadeghipour @NahamSec
197K Followers 1K Following Cofounder @hackinghub_io, Advisor @Trick3st @CaidoIO. I hack companies and make content about it. Bug Bounty Village & #NahamCon organizer. ex @hacker0x01🇮🇷Kevin2600 @Kevin2600
10K Followers 104 Following0xWeb3boy | DM FOR AU.. @0xWeb3boy
976 Followers 537 Following Independent Security Researcher | Ex-ISRO | Ex- Income Tax Department | Serving in the Ministry of DefenceRichard Patel @fd_ripatel
6K Followers 901 Followingnoah.eth @NoahMarconi
2K Followers 917 Following researcher & dev LSR turned Head of Security Reviews @SpearbitDAO https://t.co/n5CShDCsj6Mvrk @MightyMvrk
576 Followers 1K Following Hope is not a strategy | Growth @asymmetric_re |📱Mobile team @Solana Labs | Fmr DeFi team @0xPolygon Labsgjaldon 🏴☠️ @gjaldon
2K Followers 245 Following DeFi Auditor at https://t.co/IJn3Sp1uAa and @spearbit 🔬| 10+ yrs web2 engineer 💾 | DM for High-Quality Audits 🕵️♂️CosmWasm @CosmWasm
24K Followers 266 Following Building anything you can imagine with multi-chain smart contracts #CosmWasm #Cosmos #blockchain #IBCRobert Chen @NotDeGhost
6K Followers 522 Following founder @osec_io | web/pwn with @redpwnctf + @dicegangctf | prev @dfsec_comSachin🍿² @pwnfoo
1K Followers 1K Following block tinkerer @nymproject // chief intern @blockfend // security, @cosmos and mostly sh*tpostsShadytel @shadytel
2K Followers 46 Following Some people play Fantasy Football. We play Fantasy Phone Company. RT & Follow may imply endorsement. May not be legal in all jurisdictions. Use as directed.magmar | skip (🥧, .. @0xMagmar
2K Followers 761 Following co-founder @SkipProtocol | alt: @bpiv400 | connected app-chains are the future of the internetPatrick Collins @PatrickAlphaC
84K Followers 4K Following Co-founder of 🛡️@cyfrinaudits | 🟪 @soloditofficial | 🦅 @codehawks | 🎓 @cyfrinupdraft Building the Web3 we promised.🐚xtotem @0xtotem
787 Followers 600 Following ml @code4rena / interviews @opensense / web3sec toolingRichard Johnson @richinseattle
16K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFHzksecurity.xyz @zksecurityXYZ
3K Followers 3 Following Security audits for zero-knowledge applications https://t.co/6b4Wq7NBk8Qiuhao Li @QiuhaoLi
674 Followers 627 Following Whitehat @BlockSecTeam. Prev: @zoom. DM for blockchain security services.RET2 Systems @ret2systems
10K Followers 1 Following We strive to reimagine vulnerability research, program analysis, and security education as it exists today. An @RPISEC corporation.David Bessin @David_Bessin
978 Followers 1K Following Trojan Fam + dubs. Growing the @OpenZeppelin team Future resident of Lisbon 🇵🇹Xiaoming9090 @xiaoming9090
2K Followers 1K Following Lead Senior Watson @sherlockdefi | Security Researcher @SpearbitDAO | Certified Warden @code4rena | Portfolio: https://t.co/sg2mgn4ZkMNolan @ma1fan
3K Followers 1K Following @exvulsec as founder. Catchme at @immunefi now rank top 17th year of 2023, Ex at @huawei as mobile security researcher, Learn from everythingSina @symbolicxcution
302 Followers 2K Following prev @trailofbits @Fair_Block @autodesk @Ciena | Opinions expressed herein are mine.Jann Horn - jann@info.. @tehjh
17K Followers 235 Following occasional human borrow checker; works at Google Project Zero; personal account; mastodon: [email protected]Revealer @therevealerDev
573 Followers 579 Following Security Researcher 🧙♂️|| growing @modenetwork 🌱nirlin.eth @0xnirlin
2K Followers 496 Following Blockchain Security Auditor | Anti-AI-Auditor Telegram : https://t.co/5ypYkMPrHS0xDetermination @0xDetermination
265 Followers 224 Following Multiple top 3 in @code4rena @sherlockdefi contests || Whitehat @Immunefi DMs open for security reviews 📩 Former web2 dev, math enjoyerJoker @0xJokerY
73 Followers 259 Following Web3 security researcher | Intern @Offside_Labs | Rustacean | MEV | Degen | ex $1b DeFi dev | cats & riichi mahjong enthusiastSCV Security @SCVSecurity
4K Followers 58 Following Trusted security firm providing services for projects built on Cosmos and CosmWasm. DMs are open!franfran @franfraneth
696 Followers 462 FollowingJoe Dakwa @golanger85
2K Followers 699 Following I conduct smart contract security research and audits, invest in and develop protocols. “Talk On The Chain” podcast host.1000IQ⚡️🦅 @okolicodes
931 Followers 287 Following Security Engineer + Hacking 🎩 || web3 Security Researcher 🥷 || deFi god 🗿• Godspeed ⚡️ ⚡️⚡️deliriusz @deliriusz_eth
2K Followers 596 Following Security Researcher | Bounty Hunting on @immunefi & @code4rena | YT https://t.co/obrxPboNe2BΞrnd @berndartmueller
3K Followers 1K Following I hunt bugs on-chain Lead Auditor @SecurityOak, SR @SpearbitDAO, https://t.co/LWCkCaqoY7 🏅Judge @Code4rena | DM for auditsGriffin Francis @aussinfosec
377 Followers 348 Following Security Engineer & Bug Bounty Hunter. Aussie within 🇺🇸Secure3 @secure3io
3K Followers 91 Following Secure Web3 by empowering a transparent, collaborative and verifiable security ecosystem.Sergei K | cergyk.eth @cergyk1337
2K Followers 618 Following Gerber image security researcher | dev @ https://t.co/PjcCJrGqHY | SR @SpearbitDAOAlexandru Niculae @_aniculae
877 Followers 697 Following Software Engineer @reya_xyz Previously @Cambridge_CL and @Google Project Zeroasymmetric research @asymmetric_re
1K Followers 0 Following Enabling secure innovation. Join us: https://t.co/s1nvQoWoBCjoernchen @joernchen
8K Followers 545 Following Your mom's favorite hacker. Also at @[email protected]It has been a pleasure for us to attend and present at #Insomnihack 2024. In case you missed it, here is our newly released mXSS cheatsheet 🧬🔬 sonarsource.github.io/mxss-cheatshee…
🚨🚨 Breakdown of AI vs. Human Audit Competition Just Dropped. Details included: 1. What led to it? 2. Codebase that was audited. 3. Final reports. 4. What's next? Thanks to @0xDjangoOnChain for his time in managing everything. nirlinsecurity.xyz/p/manual-vs-ai…
Wow ChatGPT is super clutch for studying the Bible. It is able to give (what seems to be) a pretty solid explanation about the original text and its nuances.
The PS4 (up to FW 11.00) and PS5 (up to FW 8.20) were vulnerable to CVE-2006-4304: hackerone.com/reports/2177925. I'll share details about successful exploitation at TyphoonCon.
 🌪️ PlayStation 4 Kernel RCE will be presented by @theflow0 at #TyphoonCon24! Early bird tickets are now on sale: typhooncon.com/playstation-4-…
 🌪️ PlayStation 4 Kernel RCE will be presented by @theflow0 at #TyphoonCon24! Early bird tickets are now on sale: typhooncon.com/playstation-4-…
Every day I hear stories from folks like @deadrosesxyz and @KrisApost1 about bagging $10k for a 1-hour bug hunt or winning 6-figure bug bounties. Yet, what really excites is when someone makes their first $1,000 bucks on @code4rena. Nothing is as sweet as your first small win.
it is interesting... the more I look at obscure things in the rfid world, the more bugs I find in the proxmark3 code.
OH: chaos computer club? Is that like @defcon but in the EU?
@valardragon circuit breakers / governors / flow / rate limiters are a very valid and good security control.
@Dooflin5 By far the most interesting cross-chain layer vul I've ever seen. The leveraging on submessages is impressive. Thanks for sharing!
@Dooflin5 I wholeheartedly agree, sir. Just need the creativity/curiosity to test it out :)
Infinite mint re-entrancy bug was announced on IBC today Thank the heavens there’s no value to exploit there
@claudijd @Dooflin5 @amuletdotdev @cosmos This is an amazing find, and we're thrilled that you are investing time, effort, and solid bug hunting talent in this code! Looking forward to working with you all again soon. 🧿🩵
@Dooflin5 Awesome work! Just read the writeup and love how you applied reentrancy in a different context. Looks like reentrancy issues can crop up anywhere there are callbacks.
It continues to be amazing to work with these chads 🤝
New blog post: Cosmos IBC Reentrancy Infinite Mint. A critical reentrancy bug in ibc-go could have enabled the infinite mint of IBC tokens on Cosmos chains. asymmetric.re/blog/cosmos-ib…
Keeping the interchain safe 💪
New blog post: Cosmos IBC Reentrancy Infinite Mint. A critical reentrancy bug in ibc-go could have enabled the infinite mint of IBC tokens on Cosmos chains. asymmetric.re/blog/cosmos-ib…
@KemarTiti @ceterispar1bus 🤝 this was @Dooflin5’s handiwork.
Check it out, I like this bug 😋 #CVE-2023-26465
Take an insider look at CVE-2023-26465 and how @haqpl and @adamsimuntis managed to break through #PegaPlatform #XSSfilters by exploiting #markdown syntax and user-mentioning functionalities. secforce.com/blog/cve-2023-… Huge congrats and many thanks to @pega for their collaboration.
Excellent find by @Dooflin5, and thanks to @jessysaurusrex, @amuletdotdev, and @cosmos for their support on this!
New blog post: Cosmos IBC Reentrancy Infinite Mint. A critical reentrancy bug in ibc-go could have enabled the infinite mint of IBC tokens on Cosmos chains. asymmetric.re/blog/cosmos-ib…