Gaetan @_mabote_
AppSec researcher @SonarSource | Former pentester 🥾 | @[email protected] Joined March 2019-
Tweets269
-
Followers199
-
Following89
-
Likes558
Expecting to struggle finding a gadget chain in WordPress Core during an assessment when devs suddenly decided to make it easy : fenrisk.com/publications/b…
🔥 Unauthenticated RCE vulnerability in JetBrains TeamCity (CVE-2023-42793) 🔥 We just disclosed the technical details explaining how a vulnerable Request Interceptor and a few undocumented endpoints led to RCE on one of the most popular CI/CD servers: sonarsource.com/blog/teamcity-…
🔥 Unauthenticated RCE vulnerability in JetBrains TeamCity (CVE-2023-42793) 🔥 We just disclosed the technical details explaining how a vulnerable Request Interceptor and a few undocumented endpoints led to RCE on one of the most popular CI/CD servers: sonarsource.com/blog/teamcity-…
Zip-slipping to RCE via Auto-Reload: OpenRefine is prone to critical security vulnerability (CVE-2023-37476). Read more in our latest blog post: sonarsource.com/blog/openrefin… #security #vulnerability #appsec
RCE in Apache OpenMeetings due to SQL weak comparison, unexpected application state, and null-byte injection. Check out the technical details in our latest blog post: sonarsource.com/blog/a-twist-i… #appsec #security #vulnerability
We are excited to share that we have two entries in the running for the next Pwnie Awards 🐴✨ 👇
🥑 The Hazards of Technological Variety and Parallelism: An Avocado Nightmare, by Stefan Schiller (@scryh_)
Super excited to present this at Hexacon! See you there :)
Super excited to present this at Hexacon! See you there :)
@Sonar_Research identified and linked two vulnerabilities, leading to one-click remote code execution (RCE) exploit in Pimcore. Check out this @SecurityWeek article for all the details: securityweek.com/pimcore-platfo… #appsec #security #vulnerability
Sonar at @BlackHatEvents Asia! Look for us at Booth B20 for live demos with our solution! In addition, @Sonar_Research member Paul Gerste will host a presentation: "Stealing with Style: Using CSS to Exploit ProtonMail & Friends" on May 11, 11:20 am at Roselle Junior Ballroom!
What do we need content types for anyway? Let's look into how an incorrect content type led to a real-world vulnerability in the famous business suite Odoo, CVE-2023-1434 🐛 sonarsource.com/blog/odoo-get-… #appsec #python #cleancode
Windows authentication & Prox-Ez is the topic of the last Synacktiv talk at #THCon, staring @b1two_ and @YofBalibump
“Patches, collisions and root shells: a Pwn2Own adventure” will be presented by @scryh_, @pspaul95 & @[email protected] from team @Sonar_Research at #TyphoonCon23! Learn more and get your tickets today: typhooncon.com/blog/conitems/…
🗡️ Argument Injection Vectors A curated list of exploitable options when dealing with argument injection bugs Capabilities: run a command, file write, file read, library load ➡️ chrome '--gpu-launcher="id>/tmp/foo" By @Sonar_Research #bugbountytips sonarsource.github.io/argument-injec…
SNMP to RCE - Read about an XSS vulnerability we discovered in LibreNMS, which can be exploited by sending a spoofed SNMP trap and gain code execution via Blade templates: sonarsource.com/blog/it-s-a-sn… #appsec #security #vulnerability
A server monitoring software 🌡 named Supermicro SuperDoctor 5 has been encountered during an assessment. However, @bak_sec and @_mabote_ were not big fans of the web app UX and thought a root shell would be more suitable 🐚 ➡️ Read more about this RCE: synacktiv.com/sites/default/…
In no time, the mighty @elvanderb pwned his favorite target: XNU, the Apple MacOS kernel! Rumor has it that he took more time developing the ASCII art than the actual exploit 🥷 #P2OVancouver
In no time, the mighty @elvanderb pwned his favorite target: XNU, the Apple MacOS kernel! Rumor has it that he took more time developing the ASCII art than the actual exploit 🥷 #P2OVancouver
Did you enjoy the latest blogpost on PHP filter chains? Well, our ninja @_remsio_ strikes again with a new article detailing how you can abuse them to leak files from the targeted system, as well as a freshly developed tool to exploit it! synacktiv.com/publications/p…
Fishing for bugs in PHP apps be like
@MathisHammel @plhery On en parlait déjà en 2016... Pas surpris de voir que ça continue 7 ans plus tard sur ce genre d'apps. youtube.com/watch?v=M7vdzg…
A few months ago, we reported a pre-auth Remote Code Execution #RCE vulnerability to @vBulletin. The exploitation of this unserialize() bug was tricky, as vBulletin classes are not deserialisable. Discover the exploitation in our latest blogpost: ambionics.io/blog/vbulletin…
Synacktiv @Synacktiv
20K Followers 271 Following Offensive security company. Dojo of many ninjas. Red teaming, reverse engineering, vuln research, dev of security tools and incident response.
Nicolas Grégoire @Agarri_FR
27K Followers 631 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
Laluka@OffenSkill @TheLaluka
5K Followers 1K Following Sharing is Caring, Hacker, Eternel Learner, Cat! =^~^=
Clément Notin @cnotin
6K Followers 973 Following 😈 Security research (#ActiveDirectory #EntraID) & pentest 🎉 #CTF @tipi_hack 👨💼 Works @TenableSecurity, opinions my own 🪂 https://t.co/4HRwJQ6PUm
elFamoso @0xf2258f_fr
313 Followers 8K Following AI/ML Consultant & MLOps | NIS2, EBIOS RM, NIST CSF, RGPD, ISO 27001 | Advisory, Dev & Delivery NetHunter :: Security Analyst & Developer Build&Break Things
Shinobyx @crypticrebel337
23 Followers 1K Following Bug bounty hunter who is a bit inactive on social media, so don't expect too much from me here...
Mahmoud Musbah @mahmoudmusbah9
234 Followers 2K Following 4th Computer Science Shrouk Academy🧑💻, Cyber Security Student
am @am0o01o1
37 Followers 2K Following
ممد ژیگول @mrzhigool
2K Followers 5K Following فاقد تعادل عصبی🛑 مادر اتفاقات نادر backender💻 نیکتوفیل
Arthur_HMSouza @AHmsouza
326 Followers 5K Following
poprbx @pop_rbx
25 Followers 562 Following
bashcancare @bashcancare
24 Followers 292 Following May BASH bless you today and always.🎋 H1/bashcancare
Antho @SwappAnth
6 Followers 1K Following
t0 @___t0___
231 Followers 180 Following
scryh @scryh_
2K Followers 245 Following Cloud Vulnerability Research at Google. Opinions are my own.
joker @joker247696
8 Followers 629 Following
Ched @Ched_
127 Followers 1K Following
Mo0n Sha𝄞ow @null001__
54 Followers 3K Following
gestibo @gestibo
1 Followers 75 Following
Simon Scannell @scannell_simon
3K Followers 501 Following Cloud Vulnerability Research @ google. Opinions are my own
pspaul @pspaul95
1K Followers 852 Following source code connoisseur @Sonar_Research | CTF @FluxFingers | @[email protected]
duong_ @nanotik_
47 Followers 501 Following
claddagh🇨🇵 🏴... @c14dd49h
336 Followers 873 Following Trust, but verify | Stop killing children in Palestine 🇵🇸
Paras Chetal @paraschetal
348 Followers 3K Following
Antoine Gql @_bluesheet
167 Followers 293 Following Chief Stagiaire Officer (titre honorifique) @Synacktiv
R. KPOSSOU @th3f0r31gn3r
225 Followers 2K Following Technical Manager at @Afroto_AFRICA | Cyber Security enthusiast & Game player 🎮 - https://t.co/JHv3nEHdPJ | #blvckdev
Moaaz Hamdi @moaazhamdi9
176 Followers 1K Following Security Consultant @Buguard | eMAPT | eWAPTv2 | CS Graduated
godiego @_godiego__
6K Followers 1K Following Security researcher and bug bounty hunter. https://t.co/ybndhjqZ5z | https://t.co/ALWTKTdgwc | https://t.co/Vv5K0oN4bQ | 🇪🇸
rayh4c @rayh4c
2K Followers 4K Following
Renik @R3n1k
121 Followers 161 Following
Blue @BlueJ0k3r
180 Followers 2K Following Ma passion pour l'informatique n'a d'égal que ma haine pour les imprimantes.
Aloïs Thévenot @TechBrunchFR
2K Followers 1K Following Jack of all trades, master of some. CTO / Pentester @vaadata - Bluesky: @techbrunch.fr
PuN @pun_sec
102 Followers 126 Following CTF Enthusiast, Challenge maker and Pentester 👀 I like driving things 🏎️✈️🥽
Guillaume Valadon @guedou
3K Followers 1K Following A geek. What else ? I tweet things I read. #scapy #networking #security
root@iyn @rootiyn1
35 Followers 521 Following
dozer @dozernz
977 Followers 498 Following 🇳🇿 hacker / "security researcher" / pentester / redteam / bug bounty. tweets are individual capacity
Pierre LC @pedrolastiko
261 Followers 1K Following 🇫🇷➡️🇨🇦 Crazy Skier & Alpinist, team @_Univershell_
Antoine Merle 🇪�... @amerle_eu
93 Followers 1K Following Cloud Data Processing and Data Science #Engineer working for #EO🌍 at @Eumetsat (born @IngenieursECE ) 🇫🇷 🇩🇪
Pierre B. @Horgh_rce
1K Followers 948 Following French guy interested in reverse engineering / malware analysis / threat intel.
Thomas Leroy @p4zuu
49 Followers 798 Following Security engineer at @databricks | CTF with @FlatNetworkOrg
Synacktiv @Synacktiv
20K Followers 271 Following Offensive security company. Dojo of many ninjas. Red teaming, reverse engineering, vuln research, dev of security tools and incident response.
Intigriti @intigriti
195K Followers 657 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Hash Miser @H_Miser
9K Followers 1K Following Internet janitor, #CERT #BlueTeam and Whisk(e)y enthusiast "Everything you do is useless ! Enjoy 🍻" [email protected] https://t.co/pBOfukJZJi
Nicolas Grégoire @Agarri_FR
27K Followers 631 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
Sonar Research @Sonar_Research
11K Followers 7 Following Cutting-edge security research by @SonarSource to educate the world about code security across all software. We're also at @[email protected] 🦣
Mastering Burp Suite ... @MasteringBurp
16K Followers 0 Following Tips and tricks for Burp Suite Pro Managed by @Agarri_FR | Not affiliated with @Portswigger More free resources at https://t.co/MWqXmV66lr
Laluka@OffenSkill @TheLaluka
5K Followers 1K Following Sharing is Caring, Hacker, Eternel Learner, Cat! =^~^=
James Kettle @albinowax
80K Followers 94 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
PortSwigger Research @PortSwiggerRes
112K Followers 7 Following Web security research from the team at @PortSwigger
Clément Notin @cnotin
6K Followers 973 Following 😈 Security research (#ActiveDirectory #EntraID) & pentest 🎉 #CTF @tipi_hack 👨💼 Works @TenableSecurity, opinions my own 🪂 https://t.co/4HRwJQ6PUm
Clint Gibler @clintgibler
22K Followers 563 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletter
🥝🏳️🌈 Be... @gentilkiwi
62K Followers 286 Following A kiwi coding mimikatz & kekeo github: https://t.co/eS3LVgU6i0 Head of security services @banquedefrance Tweets are my own and not the views of my employer
Marc Montpas @marcS0H
1K Followers 906 Following Software Entomologist focusing on dangerous species.
Benjamin | p4ck3t0 @p4ck3t0
200 Followers 258 Following Doing Kubernetes and Cloud Security @_KolTEQ CTF player @fluxfingers
scryh @scryh_
2K Followers 245 Following Cloud Vulnerability Research at Google. Opinions are my own.
SonarCloud @SonarCloud
3K Followers 115 Following ⚠️ SonarCloud is now SonarQube Cloud. Follow @SonarQube for all further news and updates on SonarQube Cloud!
SonarLint @SonarLint
3K Followers 14 Following ⚠️ SonarLint is now SonarQube for IDE. Follow @SonarQube for all further news and updates on SonarQube for IDE!
SonarQube @SonarQube
11K Followers 2K Following SonarQube solutions, crafted by @SonarSource, analyze all code for quality and security issues, providing in-depth analysis for over 30 languages.
Simon Scannell @scannell_simon
3K Followers 501 Following Cloud Vulnerability Research @ google. Opinions are my own
pspaul @pspaul95
1K Followers 852 Following source code connoisseur @Sonar_Research | CTF @FluxFingers | @[email protected]
Hugow @hugow_vincent
913 Followers 979 Following Red Team and research @synacktiv @rustyphasm.bsky.social
Nathan @nj_dav
858 Followers 79 Following I type instructions into computers, which are intermittently understood.
REverse_Tactics @Reverse_Tactics
797 Followers 2 Following Software reverse engineering & vulnerability discovery company.
Bishop Fox @bishopfox
26K Followers 4K Following A leading provider of #offensivesecurity solutions & contributor to the #infosec community. #pentesting #hacking VC @forgepointcap @carrickcapital @WestCap8
Daniel J. Bernstein @hashbreaker
22K Followers 24 Following Designing cryptography (deployed now: X25519, Ed25519, ChaCha20, sntrup, Classic McEliece) to proactively reduce risks. Coined phrase "post-quantum" in 2003.
Alvaro Muñoz @pwntester
13K Followers 514 Following Security Researcher with @XBOW. CTF #int3pids. Opinions here are mine! bluesky: https://t.co/9HRRzpBECt
Pierre Milioni @b1two_
276 Followers 237 Following
Cedric Foll @follc
4K Followers 2K Following Directeur Général Délégué au Numérique à @univ_lille. Passionné de tech et sécurité. #Numérique #Innovation #velotaff
IvreSec @ivresec
517 Followers 509 Following Bienvenue sur IvreSec, le Twitter de l'InfoSec Ivre - Fanclub de @pentesteur #infosec #charlatans #parodyaccount À propos du compte : https://t.co/IzYM2OSZOv
Louis Nyffenegger @snyff
20K Followers 592 Following Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...
Tanja Lange @hyperelliptic
6K Followers 175 Following
Fenrisk @FenriskSec
114 Followers 0 Following French security company specialized in offensive assessments
JP Aumasson @veorq
19K Followers 773 Following cofounder & CSO @taurus_hq, author https://t.co/yOkMDW2B9a @cryptolexicon, designer BLAKE2 BLAKE3 SipHash, Signal: jpa.01
Sn0rkY @_Sn0rkY
2K Followers 1K Following Red Team for real, Security researcher, VoIP hacker, Ultra-trailer, Ambassador of Happiness and Healthy Living
Sonar @SonarSource
10K Followers 1K Following Trusted by 7M developers, our @SonarQube solutions (Server, Cloud, for IDE) cover your code quality and security needs –AI-generated or written by developers 🚀
Zed Attack Proxy @zaproxy
15K Followers 5 Following Official announcements (low vol) for ZAP by @Checkmarx - the worlds most popular web app scanner. Free and open source. https://t.co/pxO8zZ6usH
Semgrep @semgrep
4K Followers 201 Following A fast, open-source, static analysis tool for profoundly improving software security and reliability.
Brute Logic @BRuteLogic
63K Followers 280 Following #CyberSecurity | #XSS #SQLi #SSRF | #WAF #bypass | #hack2learn | @RodoAssis | @KN0X55 | https://t.co/SIanVGfIHN | https://t.co/GyZaXU7FX9
Command Line Magic @climagic
189K Followers 11K Following Cool Unix/Linux Command Line tricks you can use in $TWITTER_CHAR_LIMIT characters or less. Here mostly to inspire. Also on https://t.co/YYJE9JpVnF
Security Errata @securityerrata
5K Followers 0 Following Pointing out the good and bad in InfoSec via links, RTs, and commentary. This account is no longer monitored.
Complots Faciles @ComplotsFaciles
367K Followers 0 Following Si tu n'es pas un mouton, suis nous. NOUS SACHONS !
Rapid7 @rapid7
123K Followers 3K Following Cybersecurity pros: Rapid7 lets you command your attack surface, smash silos, stay steps ahead of attackers, and take breaches from “inevitable” to preventable.
Dafydd Stuttard @DafyddStuttard
7K Followers 78 Following Founder and Chief Swig at @PortSwigger. Creator of @Burp_Suite and @WebSecAcademy. Author of The Web Application Hacker's Handbook.
@[email protected]... @SecurityMB
11K Followers 284 Following Improving the world’s security at Google. Opinions are mine.
Juanwolf @Juanwolf__
203 Followers 301 Following I pet computers (https://t.co/inVFuKnqGG) and do stuff live (https://t.co/lK0k7CVIDw). My thoughts live in my deleted tweets.
PagedOut @pagedout_zine
5K Followers 9 Following Paged Out! is a free magazine about programming, hacking, security hacking, retro computers, modern computers, electronics, demoscene, and other amazing topics.
Gynvael Coldwind @gynvael
38K Followers 1K Following security researcher/programmer/director @ HexArcana Cybersecurity GmbH ⁂ @pagedout_zine ⁂ @DragonSectorCTF ⁂ https://t.co/ShG2c5As1K ⁂ ex-Google ⁂ he/him
Codeurs en Seine @codeursenseine
2K Followers 72 Following Conférence gratuite pour codeuses et codeurs, à Rouen, tous les ans (& meetups tous les mois). 💬 https://t.co/kHf9Im92Qm 🧑💻 Orga bienvenuTrends for United States
You might like
