Erik Donker @kire_devs_hacks
I develop stuff and I hack things. #6 Microsoft MSRC 2024 Most Valuable Researcher. Two times consecutive #1 Dynamics 365/Power Platform security researcher. github.com/kiredevsandhac… Joined September 2022-
Tweets225
-
Followers611
-
Following461
-
Likes2K
A little bit about what Shift Agents can do! Even Caido got hacked. Hahahah
Small tip for the JavaScript reverse engineers out there, Chrome has a `debug()` function which triggers a breakpoint whenever its first argument is called. It even works on built-in methods, no more wrapping stuff in proxies :D debug(DOMParser.prototype.parseFromString)
How did we (@AmirMSafari) earn $50k using the Punycode technique? I’ve published a detailed blog post about our recent talk, we included 3 attack scenarios, one of which poses a high risk of account takeover on any "Login with GitLab" implementation blog.voorivex.team/puny-code-0-cl…
My first 10.0 CVE ;)
Ok, so @slonser_, some of the folks in the CTBB discord, and I (@Rhynorater) did a bit of follow-up on this and found a couple more useful primitives:
Ok, so @slonser_, some of the folks in the CTBB discord, and I (@Rhynorater) did a bit of follow-up on this and found a couple more useful primitives:
Awesome technique by @slonser_! With this method, you can leak sensitive data using just an 'img' tag, even if the target uses DOMPurify and CSS data exfiltration is not possible
Awesome technique by @slonser_! With this method, you can leak sensitive data using just an 'img' tag, even if the target uses DOMPurify and CSS data exfiltration is not possible https://t.co/lKDi64Jue3
Today I used a technique that’s probably not widely known in the community. In what cases could code like this lead to a vulnerability? ->
This one is from bugbounty target , funny... you will not able to bypass this year ago, Reply with your solution
I wrote about Hackbots on the @Hacker0x01 site! It covers what they are, where they're at now, and most importantly where it's all heading 😊 I hope you'll check it out! Link in first reply.
Blind CSS exfiltration attacks recently got a lot easier! Full details in this thread:
Blind CSS exfiltration attacks recently got a lot easier! Full details in this thread:
I think many people are familiar with the topic of blind CSS exfiltration, especially after the post by @garethheyes However, an important update has occurred since then, which I wrote below ->
Somehow, Chrome 130+ started parsing the hostname from javascript URLs again and this can be used for a constrained XSS 🤯 challenges.ethiack.ninja/leak-the-secre… This was the second solution for the recent CTF challenge.
👨💻 Can you spot the vulnerability? 👇 Let's see in the comments if you can figure out the CSP bypass to trigger an XSS 💉 🔗 Link in the comments to try your payload!
You might have noticed that the recent SAML writeups omit some crucial details. In "SAML roulette: the hacker always wins", we share everything you need to know for a complete unauthenticated exploit on ruby-saml, using GitLab as a case-study. portswigger.net/research/saml-…
For this challenge, it was necessary to abuse a discrepancy between the DOM and the rendered page in Firefox's cache handling 💽 👉 bugzilla.mozilla.org/show_bug.cgi?i… This allows to shift iframe rendering from one to another leading to a sandbox bypass 🔥 👉 mizu.re/post/an-18-yea…
For this challenge, it was necessary to abuse a discrepancy between the DOM and the rendered page in Firefox's cache handling 💽 👉 bugzilla.mozilla.org/show_bug.cgi?i… This allows to shift iframe rendering from one to another leading to a sandbox bypass 🔥 👉 mizu.re/post/an-18-yea… https://t.co/djNmmKrj0M
This is a great infoleak exploit chain targeting YouTube by @brutecat. Love the use of a DoS flaw to make the attack stealthier! brutecat.com/articles/leaki…
I'm very happy to finally share the second part of my DOMPurify security research 🔥 This article mostly focuses on DOMPurify misconfigurations, especially hooks, that downgrade the sanitizer's protection (even in the latest version)! Link 👇 mizu.re/post/exploring… 1/2
We just released a new article on how we made 50,000$ in #BugBounty by doing a really cool Software Supply Chain Attack🔥 🔗Link: landh.tech/blog/20250211-…
T1nt1n @t1nt1nsn0wy
712 Followers 4K Following Noobie H4CK3R and researcher at @qualys. Prev @pwc. Views are my own :)
Faav @efaav
776 Followers 176 Following Developer @ https://t.co/qiMEJOTD1H (& NameMC Extras), Web developer, Bug hunter.
Federal @Federal887223
0 Followers 3 Following
Eeqouodau @Eeqouodau374
17 Followers 401 Following After being single for a long time, I feel lonely and want to find someone to accompany me and fall in love.
Authentic Spare Part @AuthenticPart
2K Followers 998 Following Dealer of authentic and quality auto parts in Nigeria. We sell oem, quality aftermarket parts and used (tokunbo) parts.
mightocho @mightocho
3 Followers 162 Following
ValueStockFinder🇺�... @Tlagic5174
40 Followers 2K Following 15-30% Monthly | 2 High-Conviction Stocks.Short-Term Gains: 15-20% in Days/Weeks.DM "JOIN" for WhatsApp Alerts. Live Trade Signals • Market Analysis
Dodge This Security @shotgunner101
7K Followers 5K Following Computer Security Professional. Tweets are my own. Rooster Teeth Archive Project: https://t.co/gawoj5ZZyG
Marlin Schaden @SchadenMar98375
65 Followers 3K Following
Azi_Sec @Azi_Sec
2 Followers 122 Following
Douglas @Como3h
2 Followers 288 Following
Aldo Fathoni @realfathonix
91 Followers 3K Following Software developer, retrocomputing and Unix enthusiast, computer hobbyist in general.
Maverick🇵🇸 @mavric1337
205 Followers 2K Following Our sweetest songs are those that tell of saddest thoughts
Ayman Mo @MoMo1a9
2 Followers 333 Following
\ @g620_hd278_
0 Followers 1K Following
Lewis @LewisLee53
295 Followers 388 Following
lubak @1ubak
73 Followers 1K Following
Sika Ben @benjamin_n7307
44 Followers 913 Following Offensive Security Enthusiast | AppSec Researcher
Aleck Plouffe @veFwLujd
0 Followers 10 Following
Tevfik DEMİREL @tevfikdemirel_
0 Followers 202 Following 🖥️Cyber Security💻|@microsoft World🏆Top10🏆Ranking Cyber Security Vulnerability Researcher | Digital Technology Sustainability Communication |#Tedx 🎤🇹🇷
Artem Morozov @artem___morozov
3 Followers 15 Following
zhiwang.chen @ring0rz
3 Followers 450 Following
x11250000 @x11250000
23 Followers 1K Following
MindflayerX @MindFlayerV
15 Followers 848 Following
sush shar @sushshar11
1 Followers 271 Following
Eduardo Cunha @Goat84537618
122 Followers 3K Following
Vaisov Bek @vaisovbek
856 Followers 6K Following Security Researcher aka Bug Bounty Hunter | CTF Player
Lexie @hashtaglexie
142 Followers 1K Following
Ahmed Elheny @Ahmex000
774 Followers 815 Following Security Researcher | BUG HUNTER. eJPT | eWAPTX | OSCP♻️
Anis LOUNIS @AnixPasBesoin
150 Followers 2K Following I turn bugs 🐞 into features 🕵️ one gadget 🤖 at a time. Follows || Retweets ≠ Endorsement
Arda Ay @Query1337
62 Followers 398 Following
Jessie Montana @montana68005
2 Followers 567 Following
T1nt1n @t1nt1nsn0wy
712 Followers 4K Following Noobie H4CK3R and researcher at @qualys. Prev @pwc. Views are my own :)
Felipe Warrener-Igles... @fwrnr
3K Followers 596 Following Hacking vagrant? Flexing on computers, every bone and muscle, and previously: Vulnerability Research @NCSC / @interruptlabs / @pwc_uk
Faav @efaav
776 Followers 176 Following Developer @ https://t.co/qiMEJOTD1H (& NameMC Extras), Web developer, Bug hunter.
Terribly Interesting @TerriblyHQ
10K Followers 3 Following Terribly Interesting. Where curiosity clicks.
Renwa @RenwaX23
8K Followers 60 Following
posterlad @posterlad
26K Followers 2K Following Colorful art for your walls. 🖼️ SHOP: https://t.co/kU4daqVgCG (Free shipping) • INSTA: https://t.co/gdmmi6XObS (480K) • NFT: https://t.co/iqhCiPhyj6 • Email for collabs.
The World R🅰️nki... @worldranking_
275K Followers 50 Following World facts, stats and rankings. Follow and Tap the .... (🔔 +Notify)
Elementallis @elementallis
8K Followers 931 Following ⚔️ Top-down action adventure with Elemental Magic 🔥 Use the Elements for combat and puzzles 🎮 PC & Consoles Wishlist on Steam! 👉 https://t.co/cVXRyLWn8K
0x999 🇮🇱 @_0x999
1K Followers 275 Following "ɪ ᴛᴏᴏᴋ ᴛʜᴇ ʜᴇʟʟ ɪ ᴡᴀꜱ ɢᴏɪɴɢ ᴛʜʀᴏᴜɢʜ (666) ᴀɴᴅ ꜰʟɪᴘᴘᴇᴅ ɪᴛ ᴏᴠᴇʀ ɪɴᴛᴏ ꜱᴏᴍᴇᴛʜɪɴɢ ᴘᴏꜱɪᴛɪᴠᴇ (999)"💔
Artem Morozov @artem___morozov
3 Followers 15 Following
Wolanski @maciekwolanski
12K Followers 719 Following illustrator | starwatcher | creative expert at @11bitstudios 🚫 no AI https://t.co/bEzqVeqK02 PRINTS: https://t.co/8wfwuNyWAZ
MorboAalst - Kitty @MorboAalst
1K Followers 581 Following Amateur dartplayer, repping the hello kitty brand. Part of the @Intigriti family
Johan Carlsson @joaxcar
6K Followers 182 Following Father and full time bug hunter 🐞 currently on https://t.co/CMDtCLppy8
slonser @slonser_
4K Followers 164 Following Co-Founder @neploxaudit. CTF team @C4TBuTS4D Security Researcher at Solidlab.
Brian Armstrong @brian_armstrong
1.6M Followers 782 Following Co-founder & CEO at @Coinbase. Creating more economic freedom in the world. ENS: barmstrong.eth Co-founder @researchhub @newlimit
Matan Berson @MtnBer
4K Followers 270 Following Hacker and bug bounty hunter mostly focusing on client-side security. h1-702 Vigilante, h1-65 Eliminator, AWC23 Best New Hacker
Joel Margolis (teknog... @0xteknogeek
16K Followers 1K Following AppSec by day, Hacker by night || Puzzle addict
xssdoctor @xssdoctor
4K Followers 373 Following hacker and cardiologist… not necessarily in that order
Historic Vids @historyinmemes
5.8M Followers 359 Following Daily history lessons. Education through memes!
Yes, But @_yesbut_
734K Followers 1 Following Official YES, BUT series by @like_gudim https://t.co/SubYEcH8wY cooperation: [email protected]
The Azure Security Po... @AzureSecPod
2K Followers 31 Following Your twice-monthly Azure Security podcast. News and security chats with special guests. Hosted by @marksimos, @_sarahyo, @michael_howard and @Cyber_batgirl.
Aspa 🤖 (find me in... @aspabot
2K Followers 1K Following (ESP/ENG) Pixel artist. Sometimes I make games too. Comms closed. Looking for work (not freelance!). ✉️ hola(at)aspabot(dot)com 🚫 N_F_T / C_r_y_p_t_o / A_I🚫
Dead Weight @DeadWeight_OF
13K Followers 45 Following An upcoming tactical RPG adventure set in the mysterious realm of pirate steampunk. Conquer flying ships and islands floating over the Abyss!
Positive Side of 𝕏 @positivesideofx
246K Followers 427 Following If our content brings you joy or inspiration, your support through the link below would mean so much. Even a dollar helps keep this going! 👇❤️
Osama Al-Tahish @Al_Tahish
213 Followers 4K Following Artificial Intelligence and Cyber Security Researcher
Talk Church @churchtalkative
548K Followers 649 Following ©Fair Use | Thought-provoking Bible Questions 📖 | Christ-Centered Videos 🎥 | X Spaces 🎙️ | Collabs: [email protected]
The Figen @TheFigen_
2.4M Followers 13 Following PhD musicology/Teacher/ - Posting positive warm and art content ...
Mårten Mickos @martenmickos
31K Followers 112 Following On a mission to empower the world to build a safer internet. Believer in the freedom of speech.
MorningStar @0xMstar
19K Followers 1K Following security researcher , bug bounty hunter ,bugcrowd top 10, co-founder https://t.co/1bT321Ayen, https://t.co/WqLPzN7PyL
Johann Rehberger @wunderwuzzi23
7K Followers 598 Following Hacking neural networks so that we don’t get stuck in the matrix. Builder and Breaker. Opinions are my own. https://t.co/ij8buvMaXg
frycos @frycos
4K Followers 518 Following Private account! Red teamer @codewhitesec. @[email protected] @frycos.bsky.social
Kamil Onur Özkaleli @ko2sec
1K Followers 238 Following Security @intertechIT , @SynackRedTeam, Engineer, OSCP, MBA, tweets TR | EN
derek guy @dieworkwear
1.4M Followers 956 Following Menswear writer. Editor at @putthison. Bylines at The New York Times, The Financial Times, Politico, Esquire, and Mr. Porter
Rick and Morty @RickandMorty
2.5M Followers 203 Following Watch Rick and Morty on @adultswim and @streamonmax
The Plucky Squire �... @apossf
44K Followers 11 Following The Plucky Squire is available now! Made by All Possible Futures, a game studio run by @JamesTurner_42 & @onebitbeyond Bugs and support➡️ @PluckySupport
Lord of the Rings Mem... @TheLOTRMemes
43K Followers 1K Following I don’t know half of you half as well as I should like and I like less than half of you half as well as you deserve ~Best LOTR Memes ~ [email protected]
Assembly Man @avishai_efrat
233 Followers 627 Following AI Agents & LCNC Security | Senior Security Researcher @zenitysec | Speaker @ Black Hat LV Arsenal, SecTor, BSides TLV | Singer-Songwriter
Dhiral Patel (4o4) @dhiralpatel94
558 Followers 738 Following Security Researcher | Stocks | Cryptocurrency | Freelancer | Forever Student | Peace ✌️
Daniel Abay @Ab4y98
185 Followers 1K FollowingTrends for United States
You might like
