Farzan Karimi @jumpycastle
Black Hat + DEFCON Speaker | X-Google Red Team Seattle, WA Joined June 2011-
Tweets57
-
Followers596
-
Following134
-
Likes272
Dropping exploit code from my DEF CON 33 talk: Recursive Request Exploits (RRE) TL;DR: Trace API calls backward from a protected resource. If any upstream API is unauthenticated, you can bypass access to the whole chain. github.com/jumpycastle/rr…
I built Comment Crusader, a Burp Suite extension to uncover one of the more overlooked sources of data leaks in web apps: developer comments. Will be released this month. Enjoy a quick teaser.
Thrilled to share that my former Android Red Team has hit a major milestone with their first blog post! They detailed the exploitation of Android Binder (CVE-2023-20938), achieving root privileges on updated devices. Read more: androidoffsec.withgoogle.com/posts/attackin…
I presented a lightning talk at Google Cloud Security Talks today focused on how our Android Red Team was able to attack modem chips to help drive important baseband mitigations in Android 12+ If you're interested in just the exploit demo, skip to 9:40 youtube.com/watch?v=BMbd2v…
I'll be presenting on the state of Pixel cellular security at Google Cloud Security Talks on Oct 25th. Please register if interested! cloudonair.withgoogle.com/events/2023-oc…
Due to high demand on the market, we're increasing payouts for top-tier mobile exploits. In the scope: — iOS RCE/LPE/SBX/full chain — From $200,000 up to $20,000,000 (twenty millions). — Android RCE/LPE/SBX/full chain — The same. As always, the end user is a non-NATO country.
Our Android Red Team's #defcon31 talk "Over the Air Under the Radar. Attacking and Securing the Pixel Modem" was just posted. Check it out! youtube.com/watch?v=QrkB_e…
Excited to read "The Android Malware Handbook" by co-authors and colleagues Sebastian Porst and Salvador Mandujano on Android malware detection and analysis. It covers reversing, app static and dynamic analysis with hand on examples. Pre-order now! barnesandnoble.com/w/the-android-…
Our Android Attack Tools team (an arm of Android Red Team) just published this article on continuous fuzzing. If your company is new to the fuzzing game and are looking for a recipe to build from, this is an excellent read. security.googleblog.com/2023/08/androi…
Heard on a call today debating the pros and cons of fuzzing: "Fuzzing is just an expensive way to warm your living room in winter" Well said. It's both a pro and a con.
PoC how to trigger Remote Code Execution in Over-the-Air attack targeting Google Pixel 6 #RCE Victim perspective: Connect to attacker's fake base station -> receive call -> PWND! Slides: i.blackhat.com/BH-US-23/Prese… Demo: youtu.be/R-XXpG_mZZI via @jumpycastle @vxradius
Over the air (OTA) RCE proof of concept targeting the Pixel 6 modem demonstrated during our Black Hat and DEFCON talks last week @vxradius This has been patched 👍 youtube.com/watch?v=R-XXpG…
Slide-deck of our talk at BH USA 2023 on attacking & securing Pixel modem are available at i.blackhat.com/BH-US-23/Prese… @jumpycastle, Xuan & Xiling
If you saw our presentation on Red Teaming the Pixel modem at Black Hat and DEFCON this week, we referenced an article that directly captures the mitigations introduced in Android 14. Big steps forward for cellular security. security.googleblog.com/2023/08/androi…
Come see our Android Red Team's review of the Pixel modem at DEF CON. We'll be demoing a full PoC of OTA RCE (all patched) Talk title: Over the Air, Under the Radar defcon.org/html/defcon-31…
Excited to announce our #Android #RedTeam was accepted to speak at both #BlackHat USA and #defcon31. We will be presenting "Over the Air, Under the Radar" covering attack surface we identified and mitigated on cellular comms Stop by if you're there! blackhat.com/us-23/briefing…
A cool recognition to share: Our Android Red Team segment covering cellular communications on Ted Danson's Advancements recently won a silver Telly award! lnkd.in/gquF-W6r Proud to be part of this team.
Our Android Red Team was covered in a recent episode of Ted Danson's Advancements which aired over the weekend. This segment covers the use of sophisticated attack techniques and red teaming to identify and secure weaknesses in cellular communications. vimeo.com/805584605

SentinelOne @SentinelOne
56K Followers 1K Following ONE autonomous platform to prevent, detect, respond, and hunt. Do more, save time, secure your enterprise: https://t.co/N75g1HAnCs 🐱💻
Marcel Böhme👨�... @mboehme_
6K Followers 1K Following Software Security @maxplanckpress (#MPI_SP), PhD @NUSComputing, Dipl.-Inf. @TUDresden_de Research Group: https://t.co/BRnFNNgynB
dmnk.bsky.social @domenuk
5K Followers 512 Following 【DΞCOMPILΞ NΣVΞR】 Android Red Team @google Fuzzing @aflplusplus CTF @enoflag (opinions my own)
Rodrigo Branco @bsdaemon
13K Followers 4K Following Chief Architect, Security Research Binarly. Grsecurity. BYOS - Advisor Dartmouth's Hacker in Residence OffensiveCon, Langsec, DistrictCon, Secdev Committee
Dmitry Vyukov @dvyukov
9K Followers 383 Following I tweet about fuzzing, bugs, sanitizers, security, hardening, kernels, syzkaller, Go, performance, concurrency, lock-free algorithms.
BINARLY🔬 @binarly_io
4K Followers 433 Following ⛓️Binarly is the world’s most advanced automated software supply chain security platform.
Alex Matrosov @matrosov
19K Followers 2K Following 🔬Founder & CEO @Binarly_io, #codeXplorer, #efiXplorer, @REhints and "Rootkits and Bootkits" book. Previously worked at Nvidia, Cylance, Intel, ESET, Yandex.
Erfan @erfnranjbar
19 Followers 350 Following
Ashish Kunwar @D0rkerDevil
13K Followers 5K Following ex @Microsoft Security Researcher| Vulnerability Research | Threat Intel | Red Teaming | Penetration Testing
0xBinaryOrbit (Faisal... @0xBinaryOrbit
7 Followers 170 Following Ethical hacker | Obsessed with 0s & 1s | CTF warrior | Security researcher | Exploring networks, breaking logic, and building digital resilience.
Vinny de revolunist @DeRevolunist
8 Followers 119 Following
Peyman Zinati @Scar3cr0vv_
207 Followers 291 Following
mo22dy @mr__crypted
40 Followers 309 Following
Wakanabi @_wakanabi
340 Followers 1K Following Living in castles a bit at a time, the King started laughing and talking in rhyme... NOTHING I POST IS FINANCIAL ADVICE $HEX
Susheel Polani @INXSJOY
0 Followers 4 Following
Ola Linczewska @p_syche_
1K Followers 785 Following I am more active on bsky: 🦋 https://t.co/VqJbijf48H
M @cptnsumo
54 Followers 187 Following Got everyone out here convinced we making Planet of the Apes on YouTube or some shit but I don't buy it.
Sylvain HAJRI @navlys__
3K Followers 909 Following Founder @Epieos – Leveraging reverse engineering to deliver #OSINT 0days for tracking criminals. @_leHACK_ #OsintVillage founder | @OsintFr co-founder.
Parker Daudt @PDaudt_InfoSec
3K Followers 3K Following Jack of all trades | Sr. Web App Penetration Tester | Founder @InfoSecTogether
m0π9r37 @JeremiahGuest4
313 Followers 3K Following Father, Security researcher, 3D🔫 lover, Hardware Hacking, 2nd Amendment Supporter & living sober since 2019 w/ 3D 🔫 being my NEW drugs of choice 😅🤑😁😮💨
Cloner XZ @clonerxz8080
3 Followers 528 Following
s0net @s0net_
0 Followers 45 Following Older telecom Technician. Interests are in cybersecurity, Malware, Vintage PCs. I also race motorcycles. The bikes in the pics are mine.
cool9 @coolooc9
103 Followers 612 Following
Sheet Abdullah @0xsheet
206 Followers 642 Following certified:#capt #eCPPTv3 #eWPTXv3 #eMAPT Cyber Security Researcher Bug Bounty part time
loiute buio @LoiuteB4155
5 Followers 416 Following
Natalie Knight @LifeSoul25
0 Followers 3 Following
Shahed Hosen @ShahedHose76892
109 Followers 1 Following
luch box @BoxLunch49961
8 Followers 135 Following
dukpt @DUKPT_
42 Followers 925 Following
Cyber Security Pengui... @CySecPenguin
56 Followers 3K Following Cyber security information is collected.
Grekov @Grekov25279
3 Followers 225 Following
seedkingz @313_network
500 Followers 5K Following
Henrique Maximus @h_maximvs
4 Followers 33 Following ¡La vida es una gran aventura de la que nadie sale vivo! Life is a great adventure that nobody gets out of alive!
Sutaslo @Sutaslo9MFHZT
43 Followers 995 Following
Sotaclau @sotaclau43894
23 Followers 2K Following
Pouria @Pouria___sh
392 Followers 605 Following Lifelong Student of Security, Always Learning, Always Growing !
Mike Kearn @michaelkearn
2K Followers 1K Following Senior Infosec Leader within Financial Services. My 1st computer was an Apple IIe & I remember 300 baud modems. Been doing this awhile.
Zero Trust @0Trust1337
10 Followers 321 Following Zero Trust framework. Sharing tips, strategies, and the latest updates on data protection, access management, and threat prevention. Join us to secure.
Ojaswi Kumar Mishra�... @0xojaxwi
77 Followers 2K Following Old-school Malware & Offensive Security REsearcher | ⚡Kernel Pwner⚡
Mlecchaslayer @Mlecchasla75893
195 Followers 8K Following
P4Planet @pforplanet
2 Followers 43 Following
Kamba @S0LARISTech
1 Followers 18 Following
dnhk @dnhk1991
19 Followers 645 Following
Cathy Steiner @cathy_stei89505
89 Followers 1K Following
tonghuaroot @tonghuaroot
454 Followers 3K Following Staff Security Engineer. Cyber Security enthusiast, not Hacker. Focus on Application Security, Penetration testing. #OSCP #OSEP #RedTeam #AppSec #WebSec
The reaper @THE_CICADA_3301
26 Followers 1K Following
chompie @chompie1337
83K Followers 1K Following hacker, weird machine mechanic, X-Force Offensive Research (XOR)
vx-underground @vxunderground
377K Followers 294 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
SentinelOne @SentinelOne
56K Followers 1K Following ONE autonomous platform to prevent, detect, respond, and hunt. Do more, save time, secure your enterprise: https://t.co/N75g1HAnCs 🐱💻
Marcel Böhme👨�... @mboehme_
6K Followers 1K Following Software Security @maxplanckpress (#MPI_SP), PhD @NUSComputing, Dipl.-Inf. @TUDresden_de Research Group: https://t.co/BRnFNNgynB
David Weston (DWIZZZL... @dwizzzleMSFT
25K Followers 2K Following Corporate Vice President, OS Security and Enterprise @Microsoft
dmnk.bsky.social @domenuk
5K Followers 512 Following 【DΞCOMPILΞ NΣVΞR】 Android Red Team @google Fuzzing @aflplusplus CTF @enoflag (opinions my own)
Rodrigo Branco @bsdaemon
13K Followers 4K Following Chief Architect, Security Research Binarly. Grsecurity. BYOS - Advisor Dartmouth's Hacker in Residence OffensiveCon, Langsec, DistrictCon, Secdev Committee
Dmitry Vyukov @dvyukov
9K Followers 383 Following I tweet about fuzzing, bugs, sanitizers, security, hardening, kernels, syzkaller, Go, performance, concurrency, lock-free algorithms.
BINARLY🔬 @binarly_io
4K Followers 433 Following ⛓️Binarly is the world’s most advanced automated software supply chain security platform.
Alex Matrosov @matrosov
19K Followers 2K Following 🔬Founder & CEO @Binarly_io, #codeXplorer, #efiXplorer, @REhints and "Rootkits and Bootkits" book. Previously worked at Nvidia, Cylance, Intel, ESET, Yandex.
Moose @LitMoose
38K Followers 5K Following DFIR | Violinist | Former medical/vet tech | I work for everyone and no one. Infosec retellings obfuscated. Salty and tired. Also Litmoose on BlueSky
Ola Linczewska @p_syche_
1K Followers 785 Following I am more active on bsky: 🦋 https://t.co/VqJbijf48H
M @cptnsumo
54 Followers 187 Following Got everyone out here convinced we making Planet of the Apes on YouTube or some shit but I don't buy it.
Parker Daudt @PDaudt_InfoSec
3K Followers 3K Following Jack of all trades | Sr. Web App Penetration Tester | Founder @InfoSecTogether
Sylvain HAJRI @navlys__
3K Followers 909 Following Founder @Epieos – Leveraging reverse engineering to deliver #OSINT 0days for tracking criminals. @_leHACK_ #OsintVillage founder | @OsintFr co-founder.
Sam Curry @samwcyo
98K Followers 1K Following
Costa Mesa Police @CostaMesaPD
12K Followers 573 Following Official account of the police department serving the citizens of Costa Mesa, CA. It is not monitored 24/7, please call 911 in case of an emergency.
Christopher Stanley @cstanley
112K Followers 524 Following {title: "Security Engineering", company: 〚"@SpaceX", "@X", “@xAI”〛, education: "M.S Computer Science // Cyber Security"}
George Conway 👊�... @gtconway3d
2.3M Followers 3K Following
Dana Goldberg @DGComedy
88K Followers 2K Following I write jokes, tell them on stages, & do some other things to make the world better. 🏳️🌈 she/her #BlackLivesMatter SiriusXM 127 and co-host of @dailybeanspod
Dave Aitel @daveaitel
28K Followers 2K Following Cyber Security Researcher | Policy Analyst | Partner at https://t.co/OpZchMm8Sz | @[email protected]
Anderson Nascimento @andersonc0d3
3K Followers 4K Following Founder & Security Researcher @allelesecurity Mastodon: @[email protected] Bluesky: @andersonc0d3.bsky.social
Ethical Hacker @offethhacker
2K Followers 5K Following
kmkz @kmkz_security
19K Followers 2K Following Offensive Security, pom-pom girl... Who cares ?? Bourbon Offensive Security Services | BOSS
Philipp @spiegeltonline
74 Followers 188 Following Pwn2Own Automotive 2024 | Automotive Security, Pentesting, Embedded
Daniel Barber @gaijindan
12K Followers 6K Following Co-founder & CEO @DataGrail | Columnist @VentureBeat @FastCompany @Forbes | Advisor @Chorus_ai @Outreach_io @SignOnSite #CyberSecurity #Privacy #AI #Marketing
︎ ︎ @0xocdsec
4K Followers 7K Following ︎ ︎︎ ︎︎ ︎︎ ︎︎ ︎🏴☠️ ︎︎ ︎︎ ︎︎ ︎︎ ︎🌹︎ ︎︎ ︎︎ ︎︎ ︎︎ ︎ ︎︎🏴☠️︎ ︎︎ ︎︎ ︎︎ ︎︎ ︎💚︎︎ ︎︎ ︎︎ ︎︎ ︎︎ ︎🇺🇦 ︎︎ ︎︎ ︎︎ ︎︎ ︎︎|︎ ︎︎ ︎︎ ︎︎ ︎︎603,628 km² ︎ ︎︎
Mathew Solnik @msolnik
3K Followers 2K Following CEO @ OffCell Research / Head of Security Engineering @ WitnessAI
lukas seidel @pr0me
2K Followers 404 Following Firmware Security • Embedded Systems • AI x Infosec • Researcher @binarly_io • PhD Candidate @TUBerlin • Capturing Flags for @ENOFLAG
Devon Maloney @plailect
1K Followers 165 Following Security Engineering and Architecture at @Apple. Vulnerability research. Embedded systems in @SwiftLang. Alumnus @RPISEC. Previously @ReSwitchedTeam. 🏳️🌈
Rowan Cheung @rowancheung
567K Followers 515 Following Founder of the world’s most read daily AI newsletter @therundownai. Sharing the latest developments in the world of artificial intelligence.
Jayesh Madnani @Jayesh25_
14K Followers 471 Following CEO and Hacker in charge @ EIS | HackerOne Top 10 | https://t.co/JSX03WutFN
Angelboy @scwuaptx
5K Followers 944 Following Senior Security Researcher at @d3vc0r3 MSRC 2024/2025 MVR Top 100
Tracy 💎 ✨ @hackerpinup
2K Followers 704 Following Bug Huntress and Embedded dev. Actress. Singer. Bikini fitness competitor. Pole dancer. 🏙 nyc. she/her
Quentin Kaiser @qkaiser
2K Followers 824 Following Offensive security / vulnerability finder. security researcher @onekey_sec / @konkretesec founder / @ecoswtf initiator
Maxime Rossi Bellom @max_r_b
921 Followers 800 Following Android security geek. My tweets are all yours. https://t.co/OfQN5AZ6ij
0xTeles @0xTeles
879 Followers 514 Following security consultant ~ oswe hof across fortune 50 companies @Hacker0x01 brand ambassador
Black Hat @BlackHatEvents
421K Followers 2K Following The World's Premier Technical Cybersecurity Conference Series
Nikolay Elenkov @kapitanpetko
2K Followers 1K Following
soaphorn seuo @soaphornseuo
3K Followers 7K Following
Guanxing @hhj4ck
753 Followers 162 Following
Kha1ifuzz @kha1ifuzz
4K Followers 1K Following Someone adores Information Security! Founder of https://t.co/lQ6VWRar1P and https://t.co/Jfjek6yI0F https://t.co/zrCVcrn1MJ
James Forshaw @tiraniddo
49K Followers 339 Following Security researcher in Google Project Zero. Author of Attacking Network Protocols. Tweets are my own etc. Mastodon: @[email protected]
Saif Noor Prottoy ⚔... @saifnoorprottoy
295 Followers 601 Following independent security researcher 🔨 : https://t.co/VOaAgGn5k6
Jann Horn - jann@info... @tehjh
16K Followers 229 Following occasional human borrow checker; works at Google Project Zero; personal account; mastodon: [email protected]
Nishant Puri @TwoBitSorcerer
134 Followers 640 Following Grad Student @inicmu | Ex-Security Intern @Adobe | Ex-SWE @Microsoft | Views are my own
Andrei Avădănei @AndreiAvadanei
2K Followers 1K Following Founder of @defcampro security conference & Bit Sentinel. President at Cyber Security Research Center from Romania - CCSIR