Farzan Karimi @jumpycastle
Black Hat + DEFCON Speaker | X-Google Red Team Seattle, WA Joined June 2011-
Tweets57
-
Followers606
-
Following132
-
Likes273
Dropping exploit code from my DEF CON 33 talk: Recursive Request Exploits (RRE) TL;DR: Trace API calls backward from a protected resource. If any upstream API is unauthenticated, you can bypass access to the whole chain. github.com/jumpycastle/rr…
I built Comment Crusader, a Burp Suite extension to uncover one of the more overlooked sources of data leaks in web apps: developer comments. Will be released this month. Enjoy a quick teaser.
Thrilled to share that my former Android Red Team has hit a major milestone with their first blog post! They detailed the exploitation of Android Binder (CVE-2023-20938), achieving root privileges on updated devices. Read more: androidoffsec.withgoogle.com/posts/attackin…
I presented a lightning talk at Google Cloud Security Talks today focused on how our Android Red Team was able to attack modem chips to help drive important baseband mitigations in Android 12+ If you're interested in just the exploit demo, skip to 9:40 youtube.com/watch?v=BMbd2v…
I'll be presenting on the state of Pixel cellular security at Google Cloud Security Talks on Oct 25th. Please register if interested! cloudonair.withgoogle.com/events/2023-oc…
Due to high demand on the market, we're increasing payouts for top-tier mobile exploits. In the scope: — iOS RCE/LPE/SBX/full chain — From $200,000 up to $20,000,000 (twenty millions). — Android RCE/LPE/SBX/full chain — The same. As always, the end user is a non-NATO country.
Our Android Red Team's #defcon31 talk "Over the Air Under the Radar. Attacking and Securing the Pixel Modem" was just posted. Check it out! youtube.com/watch?v=QrkB_e…
Excited to read "The Android Malware Handbook" by co-authors and colleagues Sebastian Porst and Salvador Mandujano on Android malware detection and analysis. It covers reversing, app static and dynamic analysis with hand on examples. Pre-order now! barnesandnoble.com/w/the-android-…
Our Android Attack Tools team (an arm of Android Red Team) just published this article on continuous fuzzing. If your company is new to the fuzzing game and are looking for a recipe to build from, this is an excellent read. security.googleblog.com/2023/08/androi…
Heard on a call today debating the pros and cons of fuzzing: "Fuzzing is just an expensive way to warm your living room in winter" Well said. It's both a pro and a con.
PoC how to trigger Remote Code Execution in Over-the-Air attack targeting Google Pixel 6 #RCE Victim perspective: Connect to attacker's fake base station -> receive call -> PWND! Slides: i.blackhat.com/BH-US-23/Prese… Demo: youtu.be/R-XXpG_mZZI via @jumpycastle @vxradius
Over the air (OTA) RCE proof of concept targeting the Pixel 6 modem demonstrated during our Black Hat and DEFCON talks last week @vxradius This has been patched 👍 youtube.com/watch?v=R-XXpG…
Slide-deck of our talk at BH USA 2023 on attacking & securing Pixel modem are available at i.blackhat.com/BH-US-23/Prese… @jumpycastle, Xuan & Xiling
If you saw our presentation on Red Teaming the Pixel modem at Black Hat and DEFCON this week, we referenced an article that directly captures the mitigations introduced in Android 14. Big steps forward for cellular security. security.googleblog.com/2023/08/androi…
Come see our Android Red Team's review of the Pixel modem at DEF CON. We'll be demoing a full PoC of OTA RCE (all patched) Talk title: Over the Air, Under the Radar defcon.org/html/defcon-31…
Excited to announce our #Android #RedTeam was accepted to speak at both #BlackHat USA and #defcon31. We will be presenting "Over the Air, Under the Radar" covering attack surface we identified and mitigated on cellular comms Stop by if you're there! blackhat.com/us-23/briefing…
A cool recognition to share: Our Android Red Team segment covering cellular communications on Ted Danson's Advancements recently won a silver Telly award! lnkd.in/gquF-W6r Proud to be part of this team.
Our Android Red Team was covered in a recent episode of Ted Danson's Advancements which aired over the weekend. This segment covers the use of sophisticated attack techniques and red teaming to identify and secure weaknesses in cellular communications. vimeo.com/805584605

SentinelOne @SentinelOne
56K Followers 1K Following ONE autonomous platform to prevent, detect, respond, and hunt. Do more, save time, secure your enterprise: https://t.co/N75g1HAnCs 🐱💻
Marcel Böhme👨�... @mboehme_
6K Followers 1K Following Software Security @maxplanckpress (#MPI_SP), PhD @NUSComputing, Dipl.-Inf. @TUDresden_de Research Group: https://t.co/BRnFNNgynB
dmnk.bsky.social @domenuk
5K Followers 512 Following 【DΞCOMPILΞ NΣVΞR】 Android Red Team @google Fuzzing @aflplusplus CTF @enoflag (opinions my own)
Rodrigo Branco @bsdaemon
13K Followers 4K Following Chief Architect, Security Research Binarly. Grsecurity. BYOS - Advisor Dartmouth's Hacker in Residence OffensiveCon, Langsec, DistrictCon, Secdev Committee
Dmitry Vyukov @dvyukov
9K Followers 381 Following I tweet about fuzzing, bugs, sanitizers, security, hardening, kernels, syzkaller, Go, performance, concurrency, lock-free algorithms.
BINARLY🔬 @binarly_io
4K Followers 428 Following ⛓️Binarly is the world’s most advanced automated software supply chain security platform.
Alex Matrosov @matrosov
19K Followers 2K Following 🔬Founder & CEO @Binarly_io, #codeXplorer, #efiXplorer, @REhints and "Rootkits and Bootkits" book. Previously worked at Nvidia, Cylance, Intel, ESET, Yandex.
Ashish Kunwar @D0rkerDevil
13K Followers 5K Following ex @Microsoft Security Researcher| Vulnerability Research | Threat Intel | EASM | DE | Penetration Tester | Opinions here are solely mine not my employer
0xBinaryOrbit (Faisal... @0xBinaryOrbit
5 Followers 148 Following Ethical hacker | Obsessed with 0s & 1s | CTF warrior | Security researcher | Exploring networks, breaking logic, and building digital resilience.
Vinny de revolunist @DeRevolunist
10 Followers 116 Following
Peyman Zinati @Scar3cr0vv_
207 Followers 291 Following
mo22dy @mr__crypted
41 Followers 305 Following
Wakanabi @_wakanabi
332 Followers 920 Following Living in castles a bit at a time, the King started laughing and talking in rhyme... NOTHING I POST IS FINANCIAL ADVICE $HEX
Susheel Polani @INXSJOY
0 Followers 4 Following
Ola Linczewska @p_syche_
1K Followers 785 Following I am more active on bsky: 🦋 https://t.co/VqJbijf48H
M @cptnsumo
55 Followers 182 Following Got everyone out here convinced we making Planet of the Apes on YouTube or some shit but I don't buy it.
Sylvain HAJRI @navlys__
3K Followers 904 Following Founder @Epieos – Leveraging reverse engineering to deliver #OSINT 0days for tracking criminals. @_leHACK_ #OsintVillage founder | @OsintFr co-founder.
Parker Daudt @PDaudt_InfoSec
3K Followers 3K Following Jack of all trades | Sr. Web App Penetration Tester | Founder @InfoSecTogether
m0π9r37 @JeremiahGuest4
319 Followers 3K Following Father, Security researcher, 3D🔫 lover, Hardware Hacking, 2nd Amendment Supporter & living sober since 2019 w/ 3D 🔫 being my NEW drugs of choice 😅🤑😁😮💨
Cloner XZ @clonerxz8080
3 Followers 522 Following
s0net @s0net_
0 Followers 42 Following Older telecom Technician. Interests are in cybersecurity, Malware, Vintage PCs. I also race motorcycles. The bikes in the pics are mine.
cool9 @coolooc9
38 Followers 585 Following
Sheet Abdullah @01xsheet
181 Followers 640 Following certified:#capt #eCPPTv3 #eWPTXv3 Cyber Security Researcher Bug Bounty part time
loiute buio @LoiuteB4155
6 Followers 413 Following
Natalie Knight @LifeSoul25
0 Followers 4 Following
Shahed Hosen @ShahedHose76892
128 Followers 3K Following
luch box @BoxLunch49961
8 Followers 134 Following
dukpt @DUKPT_
42 Followers 924 Following
Cyber Security Pengui... @CySecPenguin
51 Followers 3K Following Cyber security information is collected.
Grekov @Grekov25279
3 Followers 214 Following
seedkingz @313_network
515 Followers 5K Following
Henrique Maximus @h_maximvs
2 Followers 26 Following ¡La vida es una gran aventura de la que nadie sale vivo! Life is a great adventure that nobody gets out of alive!
Sutaslo @Sutaslo9MFHZT
41 Followers 1K Following
Sotaclau @sotaclau43894
21 Followers 1K Following
Pouria @Pouria___sh
395 Followers 605 Following Lifelong Student of Security, Always Learning, Always Growing !
Mike Kearn @michaelkearn
2K Followers 1K Following Senior Infosec Leader within Financial Services. My 1st computer was an Apple IIe & I remember 300 baud modems. Been doing this awhile.
Zero Trust @0Trust1337
10 Followers 319 Following Zero Trust framework. Sharing tips, strategies, and the latest updates on data protection, access management, and threat prevention. Join us to secure.
Ojaswi Kumar Mishra�... @0xojaxwi
73 Followers 2K Following Old-school Malware & Offensive Security REsearcher | ⚡Kernel Pwner⚡
Mlecchaslayer @Mlecchasla75893
194 Followers 7K Following
P4Planet @pforplanet
2 Followers 43 Following
Kamba @S0LARISTech
0 Followers 18 Following
dnhk @dnhk1991
19 Followers 645 Following
Cathy Steiner @cathy_stei89505
92 Followers 1K Following
tonghuaroot @tonghuaroot
450 Followers 3K Following Staff Security Engineer. Cyber Security enthusiast, not Hacker. Focus on Application Security, Penetration testing. #OSCP #OSEP #RedTeam #AppSec #WebSec
The reaper @THE_CICADA_3301
26 Followers 1K Following
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
vx-underground @vxunderground
368K Followers 290 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
SentinelOne @SentinelOne
56K Followers 1K Following ONE autonomous platform to prevent, detect, respond, and hunt. Do more, save time, secure your enterprise: https://t.co/N75g1HAnCs 🐱💻
Marcel Böhme👨�... @mboehme_
6K Followers 1K Following Software Security @maxplanckpress (#MPI_SP), PhD @NUSComputing, Dipl.-Inf. @TUDresden_de Research Group: https://t.co/BRnFNNgynB
David Weston (DWIZZZL... @dwizzzleMSFT
25K Followers 2K Following Corporate Vice President, OS Security and Enterprise @Microsoft
dmnk.bsky.social @domenuk
5K Followers 512 Following 【DΞCOMPILΞ NΣVΞR】 Android Red Team @google Fuzzing @aflplusplus CTF @enoflag (opinions my own)
Rodrigo Branco @bsdaemon
13K Followers 4K Following Chief Architect, Security Research Binarly. Grsecurity. BYOS - Advisor Dartmouth's Hacker in Residence OffensiveCon, Langsec, DistrictCon, Secdev Committee
Dmitry Vyukov @dvyukov
9K Followers 381 Following I tweet about fuzzing, bugs, sanitizers, security, hardening, kernels, syzkaller, Go, performance, concurrency, lock-free algorithms.
BINARLY🔬 @binarly_io
4K Followers 428 Following ⛓️Binarly is the world’s most advanced automated software supply chain security platform.
Alex Matrosov @matrosov
19K Followers 2K Following 🔬Founder & CEO @Binarly_io, #codeXplorer, #efiXplorer, @REhints and "Rootkits and Bootkits" book. Previously worked at Nvidia, Cylance, Intel, ESET, Yandex.
Ola Linczewska @p_syche_
1K Followers 785 Following I am more active on bsky: 🦋 https://t.co/VqJbijf48H
M @cptnsumo
55 Followers 182 Following Got everyone out here convinced we making Planet of the Apes on YouTube or some shit but I don't buy it.
Parker Daudt @PDaudt_InfoSec
3K Followers 3K Following Jack of all trades | Sr. Web App Penetration Tester | Founder @InfoSecTogether
Sylvain HAJRI @navlys__
3K Followers 904 Following Founder @Epieos – Leveraging reverse engineering to deliver #OSINT 0days for tracking criminals. @_leHACK_ #OsintVillage founder | @OsintFr co-founder.
Sam Curry @samwcyo
97K Followers 1K Following Hacker, bug bounty hunter. Run a blog to better explain web application security.
Costa Mesa Police @CostaMesaPD
12K Followers 573 Following Official account of the police department serving the citizens of Costa Mesa, CA. It is not monitored 24/7, please call 911 in case of an emergency.
Christopher Stanley @cstanley
112K Followers 523 Following {title: "Security Engineering", company: 〚"@SpaceX", "@X", “@xAI”〛, education: "M.S Computer Science // Cyber Security"}
George Conway 👊�... @gtconway3d
2.3M Followers 3K Following
Dana Goldberg @DGComedy
88K Followers 2K Following I write jokes, tell them on stages, & do some other things to make the world better. 🏳️🌈 she/her #BlackLivesMatter SiriusXM 127 and co-host of @dailybeanspod
Dave Aitel @daveaitel
28K Followers 2K Following Cyber Security Researcher | Policy Analyst | Partner at https://t.co/OpZchMm8Sz | @[email protected]
Anderson Nascimento @andersonc0d3
3K Followers 3K Following Founder & Security Researcher @allelesecurity Mastodon: @[email protected] Bluesky: @andersonc0d3.bsky.social
Ethical Hacker @offethhacker
2K Followers 5K Following
kmkz @kmkz_security
19K Followers 2K Following Offensive Security, pom-pom girl... Who cares ?? Bourbon Offensive Security Services | BOSS
Philipp @spiegeltonline
74 Followers 188 Following Pwn2Own Automotive 2024 | Automotive Security, Pentesting, Embedded
Daniel Barber @gaijindan
12K Followers 6K Following Co-founder & CEO @DataGrail | Columnist @VentureBeat @FastCompany @Forbes | Advisor @Chorus_ai @Outreach_io @SignOnSite #CyberSecurity #Privacy #AI #Marketing
︎ ︎ @0xocdsec
4K Followers 7K Following ︎ ︎︎ ︎︎ ︎︎ ︎︎ ︎🏴☠️ ︎︎ ︎︎ ︎︎ ︎︎ ︎🌹︎ ︎︎ ︎︎ ︎︎ ︎︎ ︎ ︎︎🏴☠️︎ ︎︎ ︎︎ ︎︎ ︎︎ ︎💚︎︎ ︎︎ ︎︎ ︎︎ ︎︎ ︎🇺🇦 ︎︎ ︎︎ ︎︎ ︎︎ ︎︎|︎ ︎︎ ︎︎ ︎︎ ︎︎603,628 km² ︎ ︎︎
Mathew Solnik @msolnik
3K Followers 2K Following CEO @ OffCell Research / Head of Security Engineering @ WitnessAI
lukas seidel @pr0me
2K Followers 413 Following Firmware Security • Embedded Systems • AI x Infosec • Researcher @binarly_io • PhD Candidate @TUBerlin • Capturing Flags for @ENOFLAG
Devon Maloney @plailect
1K Followers 166 Following Security Engineering and Architecture at @Apple. Vulnerability research. Embedded systems in @SwiftLang. Alumnus @RPISEC. Previously @ReSwitchedTeam. 🏳️🌈
Rowan Cheung @rowancheung
564K Followers 513 Following Founder of the world’s most read daily AI newsletter @therundownai. Sharing the latest developments in the world of artificial intelligence.
Jayesh Madnani @Jayesh25_
14K Followers 470 Following CEO and Hacker in charge @ EIS | HackerOne Top 10 | https://t.co/JSX03WutFN
Angelboy @scwuaptx
5K Followers 932 Following Senior Security Researcher at @d3vc0r3 MSRC 2024/2025 MVR Top 100
Tracy 💎 ✨ @hackerpinup
2K Followers 705 Following Bug Huntress and Embedded dev. Actress. Singer. Bikini fitness competitor. Pole dancer. 🏙 nyc. she/her
Quentin Kaiser @qkaiser
2K Followers 823 Following Offensive security / vulnerability finder. security researcher @onekey_sec / @konkretesec founder / @ecoswtf initiator
Maxime Rossi Bellom @max_r_b
917 Followers 801 Following Android security geek. My tweets are all yours. https://t.co/OfQN5AZ6ij
0xTeles @0xTeles
880 Followers 502 Following security consultant ~ oswe hof across fortune 50 companies @Hacker0x01 brand ambassador
Black Hat @BlackHatEvents
420K Followers 2K Following The World's Premier Technical Cybersecurity Conference Series
Nikolay Elenkov @kapitanpetko
2K Followers 1K Following
soaphorn seuo @soaphornseuo
3K Followers 7K Following
Guanxing @hhj4ck
748 Followers 163 Following
Kha1ifuzz @kha1ifuzz
4K Followers 1K Following Someone adores Information Security! Founder of https://t.co/lQ6VWRar1P and https://t.co/Jfjek6yI0F https://t.co/zrCVcrn1MJ
James Forshaw @tiraniddo
49K Followers 339 Following Security researcher in Google Project Zero. Author of Attacking Network Protocols. Tweets are my own etc. Mastodon: @[email protected]
Saif Noor Prottoy ⚔... @saifnoorprottoy
294 Followers 600 Following independent security researcher 🔨 : https://t.co/VOaAgGn5k6
Jann Horn - jann@info... @tehjh
16K Followers 229 Following occasional human borrow checker; works at Google Project Zero; personal account; mastodon: [email protected]
Nishant Puri is at #D... @TwoBitSorcerer
134 Followers 637 Following Attending @defcon | Security Intern @Adobe | Grad Student @inicmu | Ex-SWE @Microsoft | Views are my own
Andrei Avădănei @AndreiAvadanei
2K Followers 1K Following Founder of @defcampro security conference & Bit Sentinel. President at Cyber Security Research Center from Romania - CCSIR
Mobile Hacker @androidmalware2
54K Followers 49 Following Mobile Offensive Security 🔴 #redteam Android Reverse Engineering | malware analysis