Lays @_L4ys
Researcher / Co-Founder @TrapaSecurity & @pwnabletw/ MSRC Top 100 2019/2020 / Focus on hunting bugs that are as useless as me / @[email protected] blog.l4ys.tw 台灣 Joined January 2015-
Tweets2K
-
Followers3K
-
Following949
-
Likes9K
🧵[1/9] Time to publish the solution to this challenge! x.com/pilvar222/stat… The goal of this challenge was to find an XSS while avoiding it being blocked by the CSP sent by the PHP header() function. Let's dive into it!
🧵[1/9] Time to publish the solution to this challenge! x.com/pilvar222/stat… The goal of this challenge was to find an XSS while avoiding it being blocked by the CSP sent by the PHP header() function. Let's dive into it!
New blog from @gabe_k just dropped on discovering multiple vulns in Windows 11 24H2 + exploitation and nice KASLR bypass. exploits.forsale/24h2-nt-exploi…
Join @j00ru as he shares his research/adventure through the Windows Registry: googleprojectzero.blogspot.com/2024/04/the-wi… 50 CVEs is just the beginning. Future posts will explore the attack surface, history, practical exploitation using hive memory corruption, cell indexes and other good times🎉
Part 4 of our N-Day Exploit Series is LIVE! 🔥 ➡️ blog.theori.io/chaining-n-day… Unveiling CVE-2023-34044, an information leakage vulnerability in #VMware Workstation’s #VBluetooth device, found by our own @pr0Ln! It’s a variant of CVE-2023-20870 demonstrated by @starlabs_sg in…
😱 Fixing Typos and Breaching Microsoft’s Perimeter How John Stawinski & @adnanthekhan got RCE on a machine joined to @Microsoft’s largest Active Directory domain with the privileges of a Microsoft Senior Developer MSRC rewarded them with… $0 johnstawinski.com/2024/04/15/fix…
It's nice to have a positive Outlook. Akamai researchers have discovered another critical vulnerability that bypasses the patch for the custom sound vuln from March 2023. Psst: this one can also be triggered in Explorer 👀 Full write-up: akamai.com/blog/security-…
It's been a while since the last tweet and I really don't like to debate publicly, but after 6yrs hunting on MSRC, I finally got really messed up by their rules. They refused to pay bounty for a critical EoP issue and said I accessed the customer/PROD data. Well, it's hard to…
Here's my blog post about CVE-2024-26230. I aim not only to introduce the exploit stage but also hope to share my thoughts on how I completed the exploitation step-by-step in all my posts from now on. whereisk0shl.top/post/a-trick-t…
The third series in our N-Day full chain exploit is out now! blog.theori.io/chaining-n-day… We exploited CVE-2023-29360, a beautiful logical vulnerability in the Windows driver, to elevate the privilege from user to SYSTEM. It was also leveraged by @Synacktiv at Pwn2Own 2023…
🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)! I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis…
Backdoor in upstream xz/liblzma leading to ssh server compromise openwall.com/lists/oss-secu…
With so many high achieving people in security it’s common to feel like you never get enough work done. You should always take a step back and appreciate yourself. If you worked hard it will compound! Keep the momentum up! 💪
Wrote a little tool to generate a proxy for DLL hijacking. ASM stubs are often used for this purpose, but with some trickery you can use forwards with absolute paths! github.com/mrexodia/perfe… #infosec #redteam #Memes
We've started a blog series on N-day full chain exploits. The first part is about chrome renderer exploit, CVE-2023-3079. Check it now!👇👇 blog.theori.io/chaining-n-day… #Theori #티오리 #Blog #Research #Fermium252 #Chrome #VirtualMachine #CVE #Vulnerability
We've started a blog series on N-day full chain exploits. The first part is about chrome renderer exploit, CVE-2023-3079. Check it now!👇👇 blog.theori.io/chaining-n-day… #Theori #티오리 #Blog #Research #Fermium252 #Chrome #VirtualMachine #CVE #Vulnerability
In this post I'll use CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported last November to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled. github.blog/2024-03-18-gai…
Microsoft KMDF type generation to their propagation inside an IDB, read more about this IDA based tool on the Hexrays blog written by Julien and Arnaud. hex-rays.com/blog/plugin-fo…
Microsoft KMDF type generation to their propagation inside an IDB, read more about this IDA based tool on the Hexrays blog written by Julien and Arnaud. hex-rays.com/blog/plugin-fo…
Interesting short reading on CVE-2024-21305: Hypervisor-Protected Code Integrity (HVCI) bypass for arbitrary kernel-mode code execution Credits @standa_t and @aall86 tandasat.github.io/blog/2024/01/1… #cybersecurity #hvci
cts🌸 @gf_256
52K Followers 624 Following Co-founder @zellic_io & @pb_ctf | YT: https://t.co/nlNai6iQCn Prev: Vector35, Grayshift, Two Sigma, Dfsec | 23yo hacker femboy
stypr @brokenpacifist
4K Followers 550 Following Touring sourcecodes @dfsec_com. AS400671 Operator (ARIN). All my exploits are written in nano.
ϻг_ϻε @steventseeley
21K Followers 519 Following Hermetic Initiate. Exploring conscience and the nature of reality. I also hack things. @[email protected]
Alex Plaskett @alexjplaskett
9K Followers 590 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Tweets about 0day, OS, mobile and embedded security.
crazyman_army @CrazymanArmy
6K Followers 3K Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities opinions are own not group
NiNi @terrynini38514
1K Followers 491 Following @d3vc0r3 / @balsnctf / Master of Graduate Degree Program of Cyber Security in NYCU (NCTU)
kylebot @ky1ebot
5K Followers 315 Following CTF player @Shellphish | PhD Student @ASU | @angrdothorse dev | Author of how2heap | Vulnerability Research Hobbyist | @[email protected]
Faith @farazsth98
3K Followers 307 Following Security Engineer @zellic_io, Independent Vulnerability Researcher, CTF pwn+blockchain @SuperGuesser, Prev: Android Vulnerability Research @dfsec_com
b33f | 🇺🇦✊ @FuzzySec
32K Followers 844 Following 意志 / Antiquarian @ IBM Adversary Services / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
Bien Pham 🇻🇳 @bienpnn
4K Followers 398 Following P (Million Live!) / LoveLiver / Shihainin hackerman at @qriousec & @ProjectSEKAIctf traveling around the world (mostly to 🇯🇵) Tiếng Việt / English / 日本語 范阮玉邊
hasherezade @hasherezade
84K Followers 845 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)
Andy Nguyen @theflow0
55K Followers 434 Following The opinions stated here are my own, not those of my company.
splitline 🐈⬛ @_splitline_
661 Followers 518 Following CTF with @XxTSJxX, ${cYsTiCk} / 友民党 / zh-TW, nan-TW, en-US / Learning: es-PY, ja-JP / 🐈⬛🐈⬛🐈⬛
Tuan Anh Nguyen 🇻�.. @haxor31337
13K Followers 2K Following 28 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
sqrtrev @sqrtrev
4K Followers 578 Following EVM/Web Auditor at @zellic_io | CTF w/ @SuperGuesser (Captain) | DEFCON 29 - 31 Finalist
Samuel Tang is at mys.. @mystiz613
1K Followers 316 Following AKA mystiz. Programming at a company which help look for things. Hacks with @blackb6a. Tweets on 🇭🇰 and Cybersec. Opinions are my own.
Socarates @AthenaWisdom13
1 Followers 171 Following
lucky @lucky5502118041
0 Followers 166 Following
Dor @Dor00tkit
40 Followers 340 Following
sitivent @singsitivent
0 Followers 27 Following
user31fibcxw2 @user31fibcxw2
0 Followers 546 Following
cscfufo @cscfufo
27 Followers 2K Following
Doggo Lover @Godfaux0
4 Followers 27 Following
Rick de Jager @rdjgr
620 Followers 520 Following CyberSecurity student at @TUeindhoven - CTF with @radboud_rip / @0rganizers / ICC team Europe 22/23
JDragons @HackerJDragons
68 Followers 760 Following
Harry Tee Money @HarryT29750931
33 Followers 239 Following
LU$ER 🇸🇦 @lus33r
2K Followers 842 Following 16 years old | Security Researcher | Penetration Tester | RE & Exploit Development | #eJPT #eCPPTv2 #eCXD #CRTP
Mohamed Ali Zaabi @mohamedalizaabi
1 Followers 56 Following
Anshuman Srivastava @TweetAnshumaan
262 Followers 3K Following Networking + Cyber Security - Firewalls + Ethical Hacking & Penetration Testing Enthusiast
Cheng-Wei Tsai @xwei_tsai
6 Followers 97 Following
Nguyen Xuan Hoang @hoangnx99
631 Followers 107 Following Security Researcher at @vcslab Chief Finance Officer of @u0Kplusplus
Tiara Moore @TiaraMoore40555
74 Followers 3K Following
Yongil Lee @2_yong_1
87 Followers 276 Following
Diefunction @Diefunction
3K Followers 1K Following Rayan Althobaiti, @SynackRedTeam Researcher, Principal Penetration Testing Consultant at Technology Control Company, @hackthebox_eu Member. [email protected]
Nitesh Surana @_niteshsurana
326 Followers 657 Following Cloud Security Research w/ @trendmicro | Microsoft MVR | Black Hat USA, Asia Speaker | Prev. Blue Teaming w/ @tcs | TCS HackQuest 3.0 Finalist
crazyman @crazyman823886
340 Followers 649 Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities pre account @CrazymanArmy
Shane @NayaniShayan
1K Followers 3K Following Passion for Cyber Security | Penetration Tester | Love for Philosophy | Addicted to learning | muslim
pwndorei @lkjuio3865
7 Followers 29 Following
Naman Devnani @naman_devnani
332 Followers 5K Following Security Researcher | Purple Team | Bug Hunter | CTF Player | Science & Tech Enthusiast | R&D | All-Source Intelligence | CAP | DCSP | TTIA | BCDE
Rogue Saint 🧃 @0xRustboy
14 Followers 170 Following RT or IoT/ICS or embedded or RE low level exploit dev? come help me chose, I need to be a top hacker. get into CMU MSIS, X-Force arghh being useless sucks.
lvyzh @l_apr1
1 Followers 85 Following
0A39h @ASUKA43749264
46 Followers 3K Following
Suraj Yadav @k4n3ki_372
142 Followers 953 Following Malware Analyst | Vulnerability Researcher | CTF @InfoSecIITR | IITR'24
Insta Gram @gram114481
44 Followers 242 Following
comrad @comradloss
2 Followers 409 Following
cts🌸 @gf_256
52K Followers 624 Following Co-founder @zellic_io & @pb_ctf | YT: https://t.co/nlNai6iQCn Prev: Vector35, Grayshift, Two Sigma, Dfsec | 23yo hacker femboy
Zero Day Initiative @thezdi
77K Followers 17 Following Trend Micro’s Zero Day Initiative (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
starlabs @starlabs_sg
7K Followers 16 Following A Singapore company that discovers vulnerabilities to help customers mitigate the risks against the ever-evolving threat of cyber attacks.
stypr @brokenpacifist
4K Followers 550 Following Touring sourcecodes @dfsec_com. AS400671 Operator (ARIN). All my exploits are written in nano.
Yarden Shafir @yarden_shafir
19K Followers 272 Following A circus artist with a visual studio license
h0mbre @h0mbre_
12K Followers 577 Following tryhard at linux kernel && avatar is by Ching Yeh: https://t.co/oanjFPPhe7
ϻг_ϻε @steventseeley
21K Followers 519 Following Hermetic Initiate. Exploring conscience and the nature of reality. I also hack things. @[email protected]
LiveOverflow 🔴 @LiveOverflow
142K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
Alex Plaskett @alexjplaskett
9K Followers 590 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Tweets about 0day, OS, mobile and embedded security.
Saar Amar @AmarSaar
18K Followers 362 Following Reversing, exploits, {Windows, Hyper-V, *OS} internals, mitigations. Apple SEAR. Opinions are my own. @[email protected]
NiNi @terrynini38514
1K Followers 491 Following @d3vc0r3 / @balsnctf / Master of Graduate Degree Program of Cyber Security in NYCU (NCTU)
[email protected].. @0xdea
12K Followers 19 Following When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.
Chromium Disclosed Se.. @BugsChromium
8K Followers 0 Following Tweets publicly disclosed bugs in Chromium. Not an official Google product. Run by @SecurityMB. Mastodon: @[email protected]
Samuel Groß @5aelo
24K Followers 499 Following V8 Security technical lead. Previously Project Zero. Personal account. Also @[email protected] and https://t.co/aVitnPjBie
Zhuowei Zhang @zhuowei
34K Followers 197 Following link in bio ⬛⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩 ⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩🟩🟩 ⬛⬛🟧⬛🟩🟫🟫🟫🟫🟫🟫🟩 ⬛⬛🟧⬛🟫🟫🟫🟫🟫🟫🟫🟫 ⬛⬛🟧🟧🟫🟧🟩🟧🟧🟩🟧🟫🟧 ⬛⬛🟧🟧🟫🟧🟫🟧🟧🟫🟧🟫🟧 ⬛⬛⬛🟧🟧🟧🟧🟧🟧🟧🟧🟧🟧 ⬛⬛⬛🟩🟩🟧🟧🟫🟫🟧🟧🟩🟩 ⬛🟫🟫🟫🟫🟫🟧🟧🟧🟧🟩🟩🟫 🟫🟫🟧🟫🟫🟫🟫🟩🟩🟩🟩🟩🟧 🟫🟧🟧🟧🟫🟫🟧🟫🟫🟩🟩🟧🟧
Haifei Li @HaifeiLi
7K Followers 151 Following For contact in the security community. NOTE: All the tweets are totally my personal opinions, not about any of my current employer stuff.
pwnii @pwnwithlove
940 Followers 233 Following bug bounty lover, breaking stuff on yeswehack || https://t.co/GDTUdCAIbM
fffvr @FFFVR_
179 Followers 79 Following
BugRap @BugRap_Team
4K Followers 141 Following The Web3 bug bounty platform. Discover, Fix Vulnerabilities, and Safeguard your project's security with our community of whitehats and security partners.
Duncan Ogilvie 🍍 @mrexodia
5K Followers 235 Following Reverse engineer, creator of @x64dbg and 100+ other projects. Love binary analysis and Windows internals. Dreaming about doing open source full time...
Yongil Lee @2_yong_1
87 Followers 276 Following
Manfred Paul @_manfp
5K Followers 279 Following Maths and cyber and stuff. Playing CTFs with @redrocket_ctf (and @Sauercl0ud). Pwn2Own Vancouver 2020..=2022, 2024. @[email protected]
William R. Messmer @wmessmer
575 Followers 338 Following Software engineer at Microsoft working on debuggers. Tweets are my own. Mastodon: @[email protected]
小中千昭 Chiaki J.. @yamaki_nyx
13K Followers 10 Following Chiaki J. Konaka's serial experiments lain, TEXHNOLYZE anniversary account. Current status is inactive.
Ivan Krstić @radian
11K Followers 901 Following Head of Security Engineering+Architecture at Apple. I don’t speak for my employer. @[email protected]
[email protected] @domenuk
4K Followers 503 Following 【DΞCOMPILΞ NΣVΞR】 Connectivity & Baseband Security @aflplusplus @enoflag @google (opinions my own)
Mr. Anthony 安東尼 @darkfloyd1014
2K Followers 4K Following VXCON chair @vxresearch | Blackhat Asia & USA /HITB Reviewer | DEFCON speaker/fan | Love animals and bug hunting
TwinkleStar03 @_TwinkleStar03
160 Followers 189 Following Here’s TwinkleStar03 🌟 | Reverse Engineer in @XxTSJxX | Block-chain | Computer Networking | Hardstyle | Chinese / English
Stephen Fewer @stephenfewer
8K Followers 208 Following Principal Security Researcher @rapid7. Decompiler @relyze. Core @metasploit dev 2009 - 2013. MSRC Top 100 2015. Pwn2Own 2011 & 2021.
offline till OSEE cer.. @f00fc7c800
1K Followers 5K Following blah blah relevant si talentat blah blah
asymmetric research @asymmetric_re
1K Followers 0 Following Enabling secure innovation. Join us: https://t.co/s1nvQoWoBC
CW Research Lab @cwresearchlab
446 Followers 72 Following Where Good Ideas Become Reality for Better Cyber World!
宮﨑 歩 @Ayumi__Miyazaki
19K Followers 166 Following 宮﨑歩のofficial Twitterです。デジモンシリーズ「brave heart」「break up!」マシュランボー「Power Play」など歌っております。作詞作曲編曲家としても活動してます。 https://t.co/gUDsBnJiA1
Gyorgy Miru @gymiru
530 Followers 261 Following In kernel space no one can hear you scream! The Android kernel guy at SAFA Team, proud @SpamAndHex dropout. We are hiring: https://t.co/UPcIOeusrM
sahuang @sahuang97
3K Followers 682 Following Founder @ProjectSekaiCTF | Software Engineer @MicrosoftVan | Mococo: @_YaNnhui_ | Trading alt: @sahuang_alt | Chunithm & osu! enjoyer
Suto @__suto
1K Followers 908 Following Cybersecurity | Qrious Secure (@qriousec) & VnSecurity (@vnsec)
Qrious Secure @qriousec
532 Followers 3 Following
DebugPrivilege @DebugPrivilege
37K Followers 2K Following Security “Researcher” | Former Microsoft MVP | All Tweets are my opinions and thoughts. Interested in Security, Debugging, and Troubleshooting.
Khalil Zhani @Khalil_Zhani
850 Followers 239 Following Google Chrome Security Researcher @GoogleVRP (since 2013). Let's make Chrome more secure for all users :) :)
sqrtrev @sqrtrev
4K Followers 578 Following EVM/Web Auditor at @zellic_io | CTF w/ @SuperGuesser (Captain) | DEFCON 29 - 31 Finalist
Advanced Fuzzing Leag.. @aflplusplus
2K Followers 27 Following We are more active on https://t.co/96aibdC8ig We want to make fuzzing better and better
RonnyX | Offside Labs @RonnyX2017
533 Followers 304 Following { Web | Blockchain | Android | Pen(test) } Hacker 🕳️🦔 | Co-founder of @Offside_Labs
23pds @im23pds
8K Followers 5K Following @SlowMist_Team CISO/Security Researcher/Red Team/Pentester/#Web3 security. Wall of Fame:Apple,Microsoft,Opensea,Yubico,Axie,Grab,Auth0,CloufFlare..etc #bitcoin
SlowMist @SlowMist_Team
79K Followers 388 Following SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.
Kekeii💙💗🐡(.. @KekeiiLabs
4K Followers 2K Following | Miracle Labs Founder |认真撸毛发家致富/不接受任何批评指责/KFC试吃员,十一的饲养员,反女巫猎人。企图萌混过关的币圈老韭菜一枚。只为追上曾经被寄予厚望的自己,不要留下遗憾。 Winter is coming! #Namada|#ETH|#Starknet|#web3|
Reton 𝕏 @RetonKao
2K Followers 596 Following 🔬 ENFJ 💎Traveling Artist 🔸web3 Luxury Lifestyle Scientist
卡卡和一群炸蝦.. @yschen25
5K Followers 455 Following Software engineer in the UK / 對我頭上是乖乖 / 漫畫動畫狂熱者 / Blog : https://t.co/CEePT3vbIF
hextree.io @hextreeio
5K Followers 2 Following 🌱 Grow your cybersecurity skills with concise and well-edited video courses - coming soon! Created by @LiveOverflow and @ghidraninja.
Rebane @rebane2001
3K Followers 1K Following 🇪🇪🏳️⚧️ | Archivist | 7 CVEs in Chrome | MapartCraft | Horse | rebane2001#3716 | Lyra 🦊 https://t.co/jIlcPo9pGC
Satoshi Tanda @standa_t
7K Followers 358 Following Engineer & Trainer. My DM is open. https://t.co/hqylaDLtNv
I'm 小傑 @welkineins
802 Followers 334 Following 💻 Software Engineer | 🇹🇼 Taiwan | 旅行 ✈️ 🇯🇵 🇨🇦 | 拉麵 | 看看技術文章Trends for United States
You might like
