Rich Warren @buffaloverflow
Red Team & Offensive Security Research @AmberWolfSec // @buffaloverflow.rw.md on bsky Joined May 2011-
Tweets2K
-
Followers11K
-
Following664
-
Likes4K
Playing the long game
What comes after the patch? Bypass of course! 😜 Delinea Protocol Handler RCE - Return of the MSI. By my colleague @johnnyspandex blog.amberwolf.com/blog/2025/augu…
What comes after the patch? Bypass of course! 😜 Delinea Protocol Handler RCE - Return of the MSI. By my colleague @johnnyspandex blog.amberwolf.com/blog/2025/augu… https://t.co/ZBeAr1EQe9
👀
Bug bounty platforms can often be misused as NDA as a service. As a general rule, I avoid reporting via bbp for this very reason
Bug bounty platforms can often be misused as NDA as a service. As a general rule, I avoid reporting via bbp for this very reason
If you missed the talk, we uploaded the video here: vimeo.com/1109180896
If you missed the talk, we uploaded the video here: vimeo.com/1109180896
Just published the writeup for the "Netskope cross-tenant authentication bypass" featured in our #defcon33 talk #ZeroTrustTotalBust Find the full details here 👇 blog.amberwolf.com/blog/2025/augu… ^We also cover another method to leak those not-so-secret OrgKeys 😉
Netskope have released NSKPSA-2025-002 / CVE-2025-0309 for one of the privilege escalation vulnerabilities discussed during our #ZeroTrustTotalBust DEFCON talk Full writeup and PoC to follow on the @AmberWolfSec blog😉 netskope.com/company/securi…
There's a thread on LinkedIn where ZTNA sales folk are using our research to shill their own product - just to be pointed to writeups of the same vulns affecting their own product. It's very entertaining to watch.
A special shoutout to the many 🇪🇺European cyber researchers presenting their work at #DEFCON, you were awesome. 🇳🇱@_dirkjan @John_Fokker 🇮🇹@Van1sh_BSidesIT 🇫🇷@christophetd @fr0gger_ @kalimer0x00 🇧🇪@RedByte1337 🇨🇿@marektoth 🇬🇧@_mattmuir @johnnyspandex @buffaloverflow +many others
CVE-2025-3831 Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties. cve.org/CVERecord?id=C…
You can read about our overall research project at blog.amberwolf.com/blog/2025/augu… and learn about a SAML Authentication bypass in Zscaler (CVE-2025-54982) at blog.amberwolf.com/blog/2025/augu…
Breaking Into Your Network? Zer0 Effort. - DEF CON 33 Overview and Advisory - Zscaler SAML Authentication Bypass (CVE-2025-54982). Following on from our DEF CON 33 presentation, the first two blog posts in our series on Zero Trust Network access abuse are now live.
🤣🤣
Maybe some info at #defcon33 on Saturday, Track 3, 15:30 "Zero Trust, Total Bust - Breaking into thousands of cloud-based VPNs with one bug"
Maybe some info at #defcon33 on Saturday, Track 3, 15:30 "Zero Trust, Total Bust - Breaking into thousands of cloud-based VPNs with one bug" https://t.co/3rnRMRh2J3
Spotted at a vendor hall near you #ZeroTrustTotalBust #defcon33
Part 2: PaloAlto GlobalProtect patch bypass blog.amberwolf.com/blog/2025/augu…
Part 2: PaloAlto GlobalProtect patch bypass blog.amberwolf.com/blog/2025/augu… https://t.co/xgLmde0VbF
Clearing out the research queue in time for DEFCON, and dropping some new NachoVPN updates! 🌮🔓 Part 1: Ivanti SYSTEM RCE/LPE: blog.amberwolf.com/blog/2025/july…

Florian Roth ⚡️ @cyb3rops
206K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Nicolas Krassas @Dinosn
146K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
Adam Chester 🏴�... @_xpn_
36K Followers 501 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
Grzegorz Tworek @0gtweet
36K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
Will Dormann is on Ma... @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
Vincent Yiu @vysecurity
29K Followers 309 Following Director, Red Team, Offensive Security. Help organizations safeguard their businesses from the bad guys.
Mike Felch (Stay Read... @ustayready
16K Followers 2K Following Targeted Ops Red Team @ TrustedSec | Hacking since Renegade BBS backdoors | Prior CrowdStrike/BHIS | In Christ's grip | I speak for myself only | K1HAQ
mgeeky | Mariusz Bana... @mariuszbit
14K Followers 812 Following 🔴 Operator, Initial Access afficionado, Researcher, ex-AV engine developer, ex-Malware analyst 🦋 @mgeeky.bsky.social 🫖 green tea lover
b33f | 🇺🇦✊ @FuzzySec
33K Followers 1K Following 意志 / Antiquarian @ IBM X-Force / t501 / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
Dirk-jan @_dirkjan
28K Followers 206 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Dominic Chell 👻 @domchell
18K Followers 540 Following Just your friendly neighbourhood red teamer @MDSecLabs | Creator of /r/redteamsec | https://t.co/3k3EBAZqGd | https://t.co/KwO2OwDOkl
Stephan Berger @malmoeb
28K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
klez @KlezVirus
8K Followers 706 Following Independent Cyber Security Researcher - Opinions are my own
Will @BushidoToken
36K Followers 3K Following Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil
WYV3RN @wyv3rn__
75 Followers 397 Following I'm a student in Canada and an Amateur at Bug Bounty! Socials: https://t.co/QnE3L3ca3o https://t.co/fHgiJBZlMj
Wijit Pra @WijitPra
0 Followers 546 Following
Cleve Zac @MrCryptoWire
1K Followers 120 Following I only trade when I'm bored | ⌛💰 Crypto L0v3r / Web3 projects in progress...
Loyiso Dubula @DubulaLoyi77608
2 Followers 367 Following
KrE80r @kre80r
455 Followers 2K Following THe iNNeR GeeK. eX-JeDi. a SPeCiaLLY CRaFTeD BReeD. SaD بطروخ. aN iNTeRNeT PLuMBeR. a ViSiToR
Sam Curry @samwcyo
97K Followers 1K Following Hacker, bug bounty hunter. Run a blog to better explain web application security.
Jeremy Chisamore @Chazb0t
2K Followers 1K Following I accidentally the whole thing. https://t.co/xQ62IkJwgK
Dru Banks @c0dex_dang3r
56 Followers 798 Following ◇Veteran◇ 🇺🇸 | Offensive Security ⚔️ | Reverse Engineering 👨🏿💻 | Malware Analysis 🐞
l @lttwp5
0 Followers 377 Following
Raul • 𝖙𝖍𝖊... @theg3ntl3m4n
1K Followers 646 Following Lead Red Team @beyondtrust | Ex-Red Team @mandiant @crowdstrike
CTI Owl @cti_owl
1 Followers 156 Following
Anthony Butler @abutler
2K Followers 4K Following Chief Architect at Humain. Solving hard problems with tech. ex-Senior Advisor to SAMA. ex-IBM Distinguished Engineer & ex-CTO. Opinions expressed are own
cold_frost @coldfrost619
0 Followers 12 Following
NoMe G @G42015G
0 Followers 24 Following
unknown user @swfsecc
0 Followers 26 Following
shaun @networksm1th
25 Followers 128 Following
Danish Aziz Khan @DanishAzizKhan4
22 Followers 359 Following i am an Applied physicist and willing to do some thing revolutionary.
Farhad Sajid @iamfarhadsb
186 Followers 2K Following Infosec Addict | iOS &Android AppSec Research | Reverse Engineering | Machine Learning are my domain of interest.
Stone Andy @meta0918
9 Followers 752 Following
Name can't be empty @CrazyDr3w
9 Followers 401 Following Tweet or not tweet ? that is the question !
NullByte @nullbyte51
43 Followers 187 Following 👨💻 محب الأمن السيبراني | مهتم بالتقنية والتحول الرقمي | تعلم مستمر 💡 | تطوير ذات 📚
noodlearms @infosecnoodle
291 Followers 303 Following
Qanon @qanonfree
0 Followers 4K Following
haroon meer @haroonmeer
16K Followers 3K Following Security Geek at Thinkst. We build https://t.co/Sv6Gp3sG6b
Marat Nigmatullin @_mnigma_
86 Followers 123 Following Hacking & Researching @falconforceteam | Ex-Unit 42
BimBox @hdH4dg8
40 Followers 375 Following Cyber security researchers, discoveries and achievements in the future, mysterious executors!
ang-st/pg @0xcafec0de
108 Followers 548 Following Nerd ¯\_(ツ)_/¯ Athée radical politiquement d'extrême centre
Brian in Pittsburgh @arekfurt
7K Followers 777 Following Former attorney, current IT & infosec consultant in the 'Burgh. Happy to talk about password spraying one minute and constitutional law the next. Son of #wvu.
\x90909090 @Another0x90
0 Followers 430 Following
AreAmEyeX @AreAmEyeX
16 Followers 354 Following cyber security fanboy, attendee of conferences, red teamer, pentester, aloof as hell 🫣, eager learner, old git
Sambam4mba @he31707900
8 Followers 929 Following Bor3d hacker of iot devices, security researcher? Security Breacher!
aws @amazon_web_slut
2 Followers 84 Following
Higogg @CyclopsTeam
0 Followers 732 Following
X-C3LL @TheXC3LL
5K Followers 631 Following Just a biologist that loves to break cyber-stuff. Ka0labs / @AdeptsOf0xcc / ID-10-Ts member. 🦉
Florian Roth ⚡️ @cyb3rops
206K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Adam Chester 🏴�... @_xpn_
36K Followers 501 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
Grzegorz Tworek @0gtweet
36K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
Will Dormann is on Ma... @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
Vincent Yiu @vysecurity
29K Followers 309 Following Director, Red Team, Offensive Security. Help organizations safeguard their businesses from the bad guys.
Rad @rad9800
9K Followers 540 Following irrational. founder. building solutions to secure organizations. @deceptiq_
mgeeky | Mariusz Bana... @mariuszbit
14K Followers 812 Following 🔴 Operator, Initial Access afficionado, Researcher, ex-AV engine developer, ex-Malware analyst 🦋 @mgeeky.bsky.social 🫖 green tea lover
b33f | 🇺🇦✊ @FuzzySec
33K Followers 1K Following 意志 / Antiquarian @ IBM X-Force / t501 / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
x86matthew @x86matthew
21K Followers 189 Following C / asm / system emulation / reverse engineering. @the_secret_club
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
DirectoryRanger @DirectoryRanger
35K Followers 96 Following This account assembles and disseminates information related to Active Directory and Windows security.
Dirk-jan @_dirkjan
28K Followers 206 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Dominic Chell 👻 @domchell
18K Followers 540 Following Just your friendly neighbourhood red teamer @MDSecLabs | Creator of /r/redteamsec | https://t.co/3k3EBAZqGd | https://t.co/KwO2OwDOkl
Yarden Shafir @yarden_shafir
24K Followers 309 Following A circus artist with a visual studio license
Greg Linares (Laughin... @Laughing_Mantis
37K Followers 2K Following 20+ yrs in Infosec. Malware Influencer. I turn Malware into Art and Music. Art @MalwareArt. 4x Pwnie Nominee. 𝕍𝕏. GameDev. Autistic.
hasherezade @hasherezade
89K Followers 910 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)
Sam Curry @samwcyo
97K Followers 1K Following Hacker, bug bounty hunter. Run a blog to better explain web application security.
haroon meer @haroonmeer
16K Followers 3K Following Security Geek at Thinkst. We build https://t.co/Sv6Gp3sG6b
Wietze @Wietze
7K Followers 392 Following Threat Detection & Response. Views are my own, unless retweeted. Maintainer of https://t.co/000t7J0NBR & https://t.co/thv6PP5C48 Co-maintainer of https://t.co/rXIxOggXs2
Darren McDonald @R3n5k1
117 Followers 96 Following Currently into Rust, phishing, redteaming, and hardware.
Caitlin Condon @catc0n
3K Followers 3K Following Adventurer. Takes a lot of photos, calls many places home. VP of research @VulnCheck. Former research director at @Rapid7 / @metasploit. Opinions mine. She/her.
Ryan Emmons @the_emmons
456 Followers 532 Following Security Researcher, P2O ‘24. This profile is my own, and my tweets don't represent my employer :) https://t.co/D9PuJ9Ur9m
Iain Smart @smarticu5
936 Followers 868 Following Hacker, coffee drinker, film watcher. Former secretary of @AbertayHackers, now I break into containers and pipelines for @controlplaneio
Matt Burch @emptynebuli
226 Followers 170 Following Security researcher with an interest in breaking the world of IoT to win fast cash at the ATM 😉
Shawn @anthemtotheego
2K Followers 390 Following Adversary Sim @ X-Force Red | Head of Capability R&D | Offensive AI | Implant Dev | Work In Progress | Thoughts My Own | https://t.co/eNspx7jLvm
Cas van Cooten @chvancooten
10K Followers 673 Following Benevolently malicious offensive security enthusiast || OffSec Developer & Malware Linguist || NimPlant & NimPackt author || @ABNAMRO Red Team
Marc Smeets @MarcOverIP
5K Followers 435 Following Does a thing or two with red teaming @OutflankNL | part time race and drift car instructor
Cedric Van Bockhaven @c3c
913 Followers 344 Following
Max Grim @max__grim
584 Followers 284 Following Red Teamer @OutflankNL | Cyber Security | Messing around with hardware
Duane Michael @subat0mik
1K Followers 519 Following Security Researcher, Teacher, Leader @SpecterOps
Tijme Gommers @tijme
2K Followers 594 Following Offensive Security at @ABNAMRO 🐙. Forensics at @HuntedNL. Cyber Cyber Cyber ⚡. Bluesky: https://t.co/536oE2DGUw
zebleer @zebleerpo1
5K Followers 1 Following I'm not using this Twitter account anymore. Don't trust it. My new Twitter = @zebleerguy & you can verify that on my website and Telegram
Stephen Sims @Steph3nSims
24K Followers 832 Following Perpetual Student | SANS Fellow | Musician | Braggart Hater | Gray Hat Hacking | VR | 🏂 | deadcode | https://t.co/CadJehomsU
SANS Offensive Operat... @SANSOffensive
71K Followers 583 Following More Offensive Than Ever #PenTest | #PurpleTeam | #RedTeam | #ExploitDev Training, Certification, and Research
AmberWolf @AmberWolfSec
426 Followers 0 Following Offensive Cyber, Risk Management & Governance, Vulnerability Research and Technical Due Diligence
watchTowr @watchtowrcyber
9K Followers 13 Following watchTowr enables organizations to get ahead of in-the-wild exploitation with Preemptive Exposure Management technology.
Andy Iszatt @iszatt
64 Followers 510 Following
Gabriel Landau @GabrielLandau
4K Followers 707 Following Tech Lead @ Elastic Security. Thoughts are my own. Also @[email protected] & @gabriellandau.bsky.social
Interrupt Labs @InterruptLabs
3K Followers 86 Following We’re here to provide world-leading vulnerability research and research capabilities. From browsers, mobile, automotive and everything in between.
Infinity Ward @InfinityWard
3.8M Followers 38 Following Game studio and developers of the original Call of Duty. #MW2 | #Warzone
TheADHDadults @TheADHDadults
5K Followers 16 Following The ADHD Adults podcast For ADHDadultUK charity please visit @adhdadultuk
Asahi Linux (@AsahiLi... @AsahiLinux
30K Followers 6 Following Account retired, please follow us on Mastodon: @[email protected] https://t.co/hG6ROiXY2V
John Hammond @_JohnHammond
298K Followers 3K Following Cybersecurity Researcher @HuntressLabs || Just Hacking Training @JustHackingHQ w/ @ethicalhacker || https://t.co/UtsNJiyQtS || https://t.co/narO3sz7y6
ATTL4S @DaniLJ94
3K Followers 649 Following I like spending time understanding things | FSAS @NCCGroupInfosec
Piotr Bazydło @chudyPB
4K Followers 307 Following Principal Vulnerability Researcher at watchTowr | Previously: Zero Day Initiative | @[email protected]
Maddie Stone @maddiestone
61K Followers 804 Following Security Researcher. Previously Google Project Zero and TAG | 0days all day. Love all things bytes, assembly, and glitter. she/her.
Zerodark @zerodarkio
6 Followers 3 Following Gain visibility to threats via our platform to enable you to do build your own threat intel feeds
Hexacon @hexacon_fr
5K Followers 1 Following Offensive security conference in the heart of Paris. 10-11th October 2025 Join our Discord server! https://t.co/Btl15G8LsI
No Context Brits @NoContextBrits
1.8M Followers 0 Following A mordant celebration of British mediocrity according to the Washington Post. Contains sarcasm, irony and context.