Rich Warren @buffaloverflow
Red Team & Offensive Security Research @AmberWolfSec // @buffaloverflow.rw.md on bsky Joined May 2011-
Tweets2K
-
Followers11K
-
Following667
-
Likes4K
Had an awesome time at RedTreat. Thanks to the @OutflankNL and @MDSecLabs crew for organising, and all the speakers and attendees for the cool talks and discussions! 🏝️👏
Had an awesome time at RedTreat. Thanks to the @OutflankNL and @MDSecLabs crew for organising, and all the speakers and attendees for the cool talks and discussions! 🏝️👏
Playing the long game
What comes after the patch? Bypass of course! 😜 Delinea Protocol Handler RCE - Return of the MSI. By my colleague @johnnyspandex blog.amberwolf.com/blog/2025/augu…
What comes after the patch? Bypass of course! 😜 Delinea Protocol Handler RCE - Return of the MSI. By my colleague @johnnyspandex blog.amberwolf.com/blog/2025/augu… https://t.co/ZBeAr1EQe9
👀
Bug bounty platforms can often be misused as NDA as a service. As a general rule, I avoid reporting via bbp for this very reason
Bug bounty platforms can often be misused as NDA as a service. As a general rule, I avoid reporting via bbp for this very reason
If you missed the talk, we uploaded the video here: vimeo.com/1109180896
If you missed the talk, we uploaded the video here: vimeo.com/1109180896
Just published the writeup for the "Netskope cross-tenant authentication bypass" featured in our #defcon33 talk #ZeroTrustTotalBust Find the full details here 👇 blog.amberwolf.com/blog/2025/augu… ^We also cover another method to leak those not-so-secret OrgKeys 😉
Netskope have released NSKPSA-2025-002 / CVE-2025-0309 for one of the privilege escalation vulnerabilities discussed during our #ZeroTrustTotalBust DEFCON talk Full writeup and PoC to follow on the @AmberWolfSec blog😉 netskope.com/company/securi…
There's a thread on LinkedIn where ZTNA sales folk are using our research to shill their own product - just to be pointed to writeups of the same vulns affecting their own product. It's very entertaining to watch.
A special shoutout to the many 🇪🇺European cyber researchers presenting their work at #DEFCON, you were awesome. 🇳🇱@_dirkjan @John_Fokker 🇮🇹@Van1sh_BSidesIT 🇫🇷@christophetd @fr0gger_ @kalimer0x00 🇧🇪@RedByte1337 🇨🇿@marektoth 🇬🇧@_mattmuir @johnnyspandex @buffaloverflow +many others
CVE-2025-3831 Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties. cve.org/CVERecord?id=C…
You can read about our overall research project at blog.amberwolf.com/blog/2025/augu… and learn about a SAML Authentication bypass in Zscaler (CVE-2025-54982) at blog.amberwolf.com/blog/2025/augu…
Breaking Into Your Network? Zer0 Effort. - DEF CON 33 Overview and Advisory - Zscaler SAML Authentication Bypass (CVE-2025-54982). Following on from our DEF CON 33 presentation, the first two blog posts in our series on Zero Trust Network access abuse are now live.
🤣🤣
Maybe some info at #defcon33 on Saturday, Track 3, 15:30 "Zero Trust, Total Bust - Breaking into thousands of cloud-based VPNs with one bug"
Maybe some info at #defcon33 on Saturday, Track 3, 15:30 "Zero Trust, Total Bust - Breaking into thousands of cloud-based VPNs with one bug" https://t.co/3rnRMRh2J3
Spotted at a vendor hall near you #ZeroTrustTotalBust #defcon33
Part 2: PaloAlto GlobalProtect patch bypass blog.amberwolf.com/blog/2025/augu…
Part 2: PaloAlto GlobalProtect patch bypass blog.amberwolf.com/blog/2025/augu… https://t.co/xgLmde0VbF

Florian Roth ⚡️ @cyb3rops
207K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Nicolas Krassas @Dinosn
147K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
Adam Chester 🏴�... @_xpn_
36K Followers 502 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
Grzegorz Tworek @0gtweet
36K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
Will Dormann is on Ma... @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
Vincent Yiu @vysecurity
29K Followers 254 Following Director, Red Team, Offensive Security. Help organizations safeguard their businesses from the bad guys.
Mike Felch (Stay Read... @ustayready
17K Followers 2K Following Targeted Ops Red Team @ TrustedSec | Hacking since Renegade BBS backdoors | Prior CrowdStrike/BHIS | In Christ's grip | I speak for myself only | K1HAQ
mgeeky | Mariusz Bana... @mariuszbit
14K Followers 823 Following 🔴 Operator, Initial Access afficionado, Researcher, ex-AV engine developer, ex-Malware analyst 🦋 @mgeeky.bsky.social 🫖 green tea lover
b33f | 🇺🇦✊ @FuzzySec
33K Followers 1K Following 意志 / Antiquarian @ IBM X-Force / Team 501 / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
Dirk-jan @_dirkjan
29K Followers 206 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Dominic Chell 👻 @domchell
18K Followers 541 Following Just your friendly neighbourhood red teamer @MDSecLabs | Creator of /r/redteamsec | https://t.co/3k3EBAZqGd | https://t.co/KwO2OwDOkl
Stephan Berger @malmoeb
28K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
klez @KlezVirus
8K Followers 708 Following Independent Cyber Security Researcher - Opinions are my own
Will @BushidoToken
36K Followers 3K Following Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil
Mystiko @Z3r0day0x41
1K Followers 791 Following Infosec community • Mystikcon • sharing knowledge • doing activities together as a team to learn together • https://t.co/2uGlQSeG0f • https://t.co/ix9xqCcDDs
Mahmoud Musbah @mahmoudmusbah9
230 Followers 2K Following 4th Computer Science Shrouk Academy🧑💻, Cyber Security Student
Hosein @Hosein635643
0 Followers 191 Following
伍默 @_wumo
165 Followers 2K Following 灵活就业的理论派玩家 一言不合移除关注者 我主要会移除和拉黑:非技术从业者 三无号(没有喜欢 , 没有原创推文 ,没有回复),不正常账号 , 我不认可者。 一般不会回关,如果你的内容我觉得认可,我会回关。 总之,非常主观,如果你想解释,可以直接私信。 发的内容包含技术和我的部分日常。
Nick Powers @zyn3rgy
2K Followers 228 Following Adversary Simulation @SpecterOps | Previously @Rapid7 & @Protiviti
kr0tt @_kr0tt
86 Followers 265 Following
inbits @inbits_sec
177 Followers 337 Following
Chris Thompson @_Mayyhem
3K Followers 469 Following Senior Security Researcher @SpecterOps https://t.co/Sz5fRYkX6u
Dmitry Kireev @infinitesuns
37 Followers 106 Following
sma @sma_gggg
96 Followers 834 Following
J.Tella @jidetella
1K Followers 964 Following Building @supportxdr 's AgentX - The ONLY Level 1 SOC analyst your team needs. AI agents replacing lazy humans like me.
Lorenzo @ersorlorenzo
5 Followers 132 Following
Adam-Ahmed (0X0DOoOM ... @Adamahm30295915
849 Followers 616 Following Offensive Security Engineer $Cylert || Part-time Bug Hunter
FranchFrais @FranchFrais
0 Followers 281 Following
Emmett O'Reilly @Emmett_OReilly
219 Followers 989 Following Emmett O’Reilly is a technology consultant managing cyber security risk in critical infrastructure and public safety industries.
Gosjt @Breijit1800
13 Followers 730 Following
Pratyush P @pratyushp99
0 Followers 346 Following A chubby and bubbly ENFP | Your next door Cyber Guy | Pursues Cyber security for brain and literature for heart | A human golden retriever
L², PhD @L_Lgde
676 Followers 3K Following DFIR, Malware & CTI. Head of a CSIRT. Ex @ANSSI_FR. PhD in intl law. Mostly working on Chinese #APT but also on russian and cybercrime actors #CTI #Malware
Ranjeet Mewada @ranjeetmewada
221 Followers 1K Following Information Security Consultant #OSCP #RedTeam #CRTE
bipin @bipinlohani9
6 Followers 164 Following
martin2023 @MartinKing2023
1 Followers 47 Following
Jamie @knowlezi
27 Followers 1K Following
White Coat Black Cat @medsci_yb3r
1K Followers 5K Following #Indigenous Researcher del T8. Completing my MD/MSc. Specialized in: Applied Psych, BioSci, Native Studies, #Neuro & #Cybersecurity. #LongCovid Advocate.
WYV3RN @wyv3rn__
79 Followers 411 Following I'm a student in Canada and an Amateur at Bug Bounty! Socials: https://t.co/QnE3L3ca3o https://t.co/fHgiJBZlMj
Wijit Pra @WijitPra
0 Followers 548 Following
Cleve Zac @MrCryptoWire
1K Followers 120 Following I only trade when I'm bored | ⌛💰 Crypto L0v3r / Web3 projects in progress...
Loyiso Dubula @DubulaLoyi77608
2 Followers 380 Following
KrE80r @kre80r
451 Followers 2K Following THe iNNeR GeeK. eX-JeDi. a SPeCiaLLY CRaFTeD BReeD. SaD بطروخ. aN iNTeRNeT PLuMBeR. a ViSiToR
Sam Curry @samwcyo
98K Followers 1K Following
Jeremy Chisamore @Chazb0t
2K Followers 1K Following I accidentally the whole thing. https://t.co/xQ62IkJwgK
Dru Banks @c0dex_dang3r
57 Followers 890 Following ◇Veteran◇ 🇺🇸 | Offensive Security ⚔️ | Reverse Engineering 👨🏿💻 | Malware Analysis 🐞
l @lttwp5
0 Followers 378 Following
Raul • 𝖙𝖍𝖊... @theg3ntl3m4n
1K Followers 652 Following Lead Red Team @beyondtrust | Ex-Red Team @mandiant @crowdstrike
CTI Owl @cti_owl
1 Followers 161 Following
Florian Roth ⚡️ @cyb3rops
207K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Adam Chester 🏴�... @_xpn_
36K Followers 502 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
Grzegorz Tworek @0gtweet
36K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
Will Dormann is on Ma... @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
Vincent Yiu @vysecurity
29K Followers 254 Following Director, Red Team, Offensive Security. Help organizations safeguard their businesses from the bad guys.
Rad @rad9800
9K Followers 455 Following irrational. founder. building solutions to secure organizations. @deceptiq_
mgeeky | Mariusz Bana... @mariuszbit
14K Followers 823 Following 🔴 Operator, Initial Access afficionado, Researcher, ex-AV engine developer, ex-Malware analyst 🦋 @mgeeky.bsky.social 🫖 green tea lover
b33f | 🇺🇦✊ @FuzzySec
33K Followers 1K Following 意志 / Antiquarian @ IBM X-Force / Team 501 / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
x86matthew @x86matthew
21K Followers 189 Following C / asm / system emulation / reverse engineering. @the_secret_club
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
DirectoryRanger @DirectoryRanger
35K Followers 96 Following This account assembles and disseminates information related to Active Directory and Windows security.
Dirk-jan @_dirkjan
29K Followers 206 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Dominic Chell 👻 @domchell
18K Followers 541 Following Just your friendly neighbourhood red teamer @MDSecLabs | Creator of /r/redteamsec | https://t.co/3k3EBAZqGd | https://t.co/KwO2OwDOkl
Yarden Shafir @yarden_shafir
24K Followers 311 Following A circus artist with a visual studio license
Greg Linares (Laughin... @Laughing_Mantis
37K Followers 2K Following 20+ yrs in Infosec. Malware Influencer. I turn Malware into Art and Music. Art @MalwareArt. 4x Pwnie Nominee. 𝕍𝕏. GameDev. Autistic.
hasherezade @hasherezade
89K Followers 910 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)
UwU Underground @uwu_underground
10K Followers 165 Following 🐴Pwnie Award Winning & Nation State funded psyop featuring 6 AI Anime Waifus and a Pup™ singing about APTs, Grifters, & Snake Oil in InfoSec 🖤🩷💚💙💜🤍
Sam Curry @samwcyo
98K Followers 1K Following
haroon meer @haroonmeer
16K Followers 3K Following Security Geek at Thinkst. We build https://t.co/Sv6Gp3sG6b
Wietze @Wietze
7K Followers 392 Following Threat Detection & Response. Views are my own, unless retweeted. Maintainer of https://t.co/000t7J0NBR & https://t.co/thv6PP5C48 Co-maintainer of https://t.co/rXIxOggXs2
Darren McDonald @R3n5k1
117 Followers 96 Following Currently into Rust, phishing, redteaming, and hardware.
Caitlin Condon @catc0n
3K Followers 3K Following Adventurer. Takes a lot of photos, calls many places home. VP of research @VulnCheck. Former research director @Rapid7 / @metasploit. Opinions mine. She/her.
Ryan Emmons @the_emmons
462 Followers 531 Following Security Researcher, P2O ‘24. This profile is my own, and my tweets don't represent my employer :) https://t.co/D9PuJ9Ur9m
Iain Smart @smarticu5
940 Followers 868 Following Hacker, coffee drinker, film watcher. Former secretary of @AbertayHackers, now I break into containers and pipelines for @controlplaneio
Matt Burch @emptynebuli
228 Followers 171 Following Security researcher with an interest in breaking the world of IoT to win fast cash at the ATM 😉
Shawn @anthemtotheego
2K Followers 397 Following Adversary Sim @ X-Force Red | Head of Capability R&D | Offensive AI | Implant Dev | Work In Progress | Thoughts My Own | https://t.co/eNspx7jLvm
Cas van Cooten @chvancooten
10K Followers 673 Following Benevolently malicious offensive security enthusiast || OffSec Developer & Malware Linguist || NimPlant & NimPackt author || @ABNAMRO Red Team
Marc Smeets @MarcOverIP
5K Followers 460 Following Does a thing or two with red teaming @OutflankNL | part time race and drift car instructor
Cedric Van Bockhaven @c3c
916 Followers 349 Following
Max Grim @max__grim
590 Followers 285 Following Red Teamer @OutflankNL | Cyber Security | Messing around with hardware
Duane Michael @subat0mik
1K Followers 521 Following Security Researcher, Teacher, Leader @SpecterOps
Tijme Gommers @tijme
2K Followers 600 Following Offensive Security at @ABNAMRO 🐙. Forensics at @HuntedNL. Cyber Cyber Cyber ⚡. Bluesky: https://t.co/536oE2DGUw
zebleer @zebleerpo1
5K Followers 1 Following I'm not using this Twitter account anymore. Don't trust it. My new Twitter = @zebleerguy & you can verify that on my website and Telegram
Stephen Sims @Steph3nSims
24K Followers 833 Following Perpetual Student | SANS Fellow | Musician | Braggart Hater | Gray Hat Hacking | VR | 🏂 | deadcode | https://t.co/CadJehomsU
SANS Offensive Operat... @SANSOffensive
72K Followers 584 Following More Offensive Than Ever #PenTest | #PurpleTeam | #RedTeam | #ExploitDev Training, Certification, and Research
AmberWolf @AmberWolfSec
429 Followers 0 Following Offensive Cyber, Risk Management & Governance, Vulnerability Research and Technical Due Diligence
watchTowr @watchtowrcyber
9K Followers 14 Following watchTowr enables organizations to get ahead of in-the-wild exploitation with Preemptive Exposure Management technology.
Andy Iszatt @iszatt
64 Followers 512 Following
Gabriel Landau @GabrielLandau
4K Followers 708 Following Tech Lead @ Elastic Security. Thoughts are my own. Also @[email protected] & @gabriellandau.bsky.social
Interrupt Labs @InterruptLabs
3K Followers 86 Following We’re here to provide world-leading vulnerability research and research capabilities. From browsers, mobile, automotive and everything in between.
Infinity Ward @InfinityWard
3.8M Followers 38 Following Game studio and developers of the original Call of Duty. #MW2 | #Warzone
TheADHDadults @TheADHDadults
5K Followers 16 Following The ADHD Adults podcast For ADHDadultUK charity please visit @adhdadultuk
Asahi Linux (@AsahiLi... @AsahiLinux
30K Followers 6 Following Account retired, please follow us on Mastodon: @[email protected] https://t.co/hG6ROiXY2V
John Hammond @_JohnHammond
300K Followers 3K Following Cybersecurity Researcher @HuntressLabs || Just Hacking Training @JustHackingHQ w/ @ethicalhacker || https://t.co/UtsNJiyQtS || https://t.co/narO3sz7y6
ATTL4S @DaniLJ94
3K Followers 651 Following I like spending time understanding things | FSAS @NCCGroupInfosec
Piotr Bazydło @chudyPB
4K Followers 310 Following Principal Vulnerability Researcher at watchTowr | Previously: Zero Day Initiative | @[email protected]
Maddie Stone @maddiestone
62K Followers 805 Following Security Researcher. Previously Google Project Zero and TAG | 0days all day. Love all things bytes, assembly, and glitter. she/her.
Zerodark @zerodarkio
6 Followers 3 Following Gain visibility to threats via our platform to enable you to do build your own threat intel feeds
Hexacon @hexacon_fr
5K Followers 1 Following Offensive security conference in the heart of Paris. 10-11th October 2025 Join our Discord server! https://t.co/Btl15G8LsI