Giuseppe Trovato @otavorteppesuig
Security Researcher @ Veracode ... [... your usual company disclaimer here ...] giuseppe.trova.to Joined March 2016-
Tweets463
-
Followers119
-
Following558
-
Likes756
🔥Multiple XSS vulnerabilities in popular CMS Joomla! (CVE-2024-21726) 🔥 PHP bug could be used to bypass sanitization - We just disclosed the technical details behind the recent Joomla vulnerability: sonarsource.com/blog/joomla-mu…
🔥Multiple XSS vulnerabilities in popular CMS Joomla! (CVE-2024-21726) 🔥 PHP bug could be used to bypass sanitization - We just disclosed the technical details behind the recent Joomla vulnerability: sonarsource.com/blog/joomla-mu… https://t.co/k8s28WDD7f
NEW WALKTHROUGH ROOM: Cloud-Based IaC ⚒️ 🏗️ Learn the basics, benefits, drawbacks, and best practices for securing your cloud-based infrastructure as code 💻 🔗 hubs.la/Q02lN9H10
We're naming names 🔥 because the harm is not hypothetical. Today we share "Buying Spying", our new report diving into the commercial surveillance/spyware industry. We dive into the players, the campaigns, the spyware, & the harm it perpetuates. blog.google/threat-analysi…
The CVE system is an essential tool for tracking vulnerabilities, but also flawed in several ways. An interesting story: lwn.net/Articles/94420…
Did you know that JS supports shebang as a comment, and that multiline comments change behaviour depending on what they contain? Is there more?avlidienbrunn.se/jscomments.php
We finally have more info about how exactly Microsoft was hacked by Chinese threat actors. It’s a doozy, so strap in. Back in June, hacking group Storm-0558 accessed the cloud-based Outlook email systems for 25 organizations, including at least two US government agencies. We…
Holy shit Microsoft figured out how their signing key was leaked msrc.microsoft.com/blog/2023/09/r…
Registration for DC’s Next Top Threat Model @defcon is NOW OPEN! threatmodel.us/register/ #DEFCON #DEFCON31 #threatmodeling #threat_modeling #appsec #security #DCNTTM
my gf tries to quit vim...
Next time you find Jolokia - Local File Inclusion jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/passwd
🔥CVE-2023-38408: "Surprisingly, by chaining 4 common side effects of shared libs from official distribution packages, we were able to transform this very limited primitive (dlopen and dlclose of shared libraries from /usr/lib*) into a reliable, one-shot remote code execution"
vm2 is now officially deprecated due to several vulnerabilities under disclosure process. github.com/patriksimek/vm…
Should Software Companies Be Held Liable for Security Flaws? The former U.S. National Cyber Director and the vice president of the Information Technology and Innovation Foundation face off wsj.com/articles/shoul…
JavaScript equality operator (==) explained in one easy to remember diagram reddit.com/r/programmerhu…
Infosec practitioners: do you use CAPEC (capec.mitre.org)? And if your response is "actively", if you could reply and outline the use case(s), it would be very useful. Thanks!
Putting your company’s code into ChatGPT is leaking it. "This is important because your inputs may be used as training data for a further iteration of ChatGPT," futurism.com/the-byte/amazo…
Just learned you can exploit blind file-reads in PHP by combining the dechunk filter with the PHP memory limit. This crazy finding by @hash_kitten is a great reminder to pay attention to CTF writeups! github.com/DownUnderCTF/C…
Angie Marcinka @marci_ang
52 Followers 5K FollowingRobin Sterk @RobinSterk6411
63 Followers 5K FollowingMyra Mckewen @MyMcke
36 Followers 5K FollowingNoude @Noude745344
2 Followers 966 Following Follow me, maybe it's the beginning of our fate, we can talkShirley Clifford @ShirleiqCliffo
19 Followers 626 Following Gathered on the site of girls from all US states 🙀 Ready for a 1 on 1 meeting Some have naked profile photos! Watching this https://t.co/1fGez0qQhewen👩🏻💻 @DS_Wen_
24K Followers 16K Following 👋 senior data scientist. i do = data science + ai + lifelong learning with a growth mindsetHellen @hellen44barnes
939 Followers 3K FollowingMr. Mojo Risin @whenthemusicver
84 Followers 337 Following sopravvivere. ogni tanto sorridi. non puoi ucciderli tutti.Luigi 🇪🇺👨.. @_zg_c
397 Followers 2K Following CompSci for work & fun. I enjoy reading about physics and maths, even if I don't understand much about them @ Milano, Imperia, Pogallo, Codera, Orta, Sexten...Josh Grossman 👻(@J.. @JoshCGrossman
2K Followers 2K Following Friendly AppSec Ghost 👻 @OWASP_IL | @OWASP_ASVS Mastodon: https://t.co/9rixZWAHqr Training courses: https://t.co/Oz0rbtLXeu and https://t.co/XwPech2ZzxRick Johnson @rickjohnson5525
96 Followers 986 Following Security@Posit PBC. Security is in the mind and all over the desk. Neurodivergent and thriving most of the time. This may be a bot account. (he/him)梅子酒 @Meizjm3i
3K Followers 230 Following Founder of https://t.co/HcoTvxqDHi CTF player in Nu1L https://t.co/4ltBVv46VIJohn Smith @aJohnSmith
25 Followers 85 Followingssm00lY @ssm00lY
22 Followers 254 Following Cyber Security Analysts | PEN200 | OSCP | University student researcher https://t.co/Lk9MC8TrLZMindfulMacho @EhernandezEvin
716 Followers 4K Following Entrepreneur| Hacker | Stoic |Sec Researcher Malware killer, compliance applier| Ex Owasp chapter President & Leader-NYC, tats motorcycles|books|MartialArtsꜳꝛꝍꞥ @TheTarquin
2K Followers 2K Following I just want to do hacker shit with my nerd friends. Mastodon: https://t.co/SgMaY0ClRn or [email protected] if you're into federationgps @gps54376480
6 Followers 442 FollowingJohn Simpson ( gone t.. @thracky
530 Followers 1K Following Primarily on mastodon at @[email protected] (primary) or @[email protected] (backup)David Fisher @DaveAtVeracode
162 Followers 757 FollowingJanet Worthington @janet_w2
6 Followers 156 Followingvixentael 🛡🇺�.. @vixentael
27K Followers 2K Following I do software security, security engineering and applied cryptography | problem-solver @cossacklabs | she | part of @wwcodekyiv | UkraineDany Tango @DanyTango2
298 Followers 3K Following Scuola di tango argentino , informazioni al 3713778146. DanyNinjaLikesCheez @NinjaLikesCheez
1K Followers 733 Following Destroyer of dreams. Maintainer of dissident's shitty code. Clutch Developer. Security & Tech mainly, with a hint of personal rage.Arun V @skylord606
30 Followers 323 Following Customer Success and CyberSecurity bloke, Gooner for lifeJ. Totzek-Hallhuber @d3v_rand0m
146 Followers 335 Following Random stuff or 42 - The Answer to the Ultimate Question of Life, The Universe, and Everything.Angelo Poerio @angelo_p8
106 Followers 628 Following@[email protected].. @GPEOConnor
876 Followers 1K Following Hd of #Infosec, #Defence & #AI. #Cybersecurity European, Irish, horses, sailor and all-round bon vivant. Tweets & rants are my own opinion. (Rick/Morty).Anne Nielsen @annenielsen
658 Followers 695 Following Product Manager in security. I like grumpycats, the oxford comma, and fonts. I hate everything else. she/herGjovani 🛸 @0xGio
621 Followers 514 Following Chief Overthinking Officer | @countdownY2K38, @bioskopiCG | tell your dog/cat i said hiBran Mac Muffin @BranMacMuffin
513 Followers 2K Following DevSecOps dude, InfoSec investigator. 👨💻 he/him. This is me, and nothing to do with my employer. Avatar: https://t.co/Q4eDn8Hgib @branmacmuffin.bsky.socialth3y @_th3y
2K Followers 2K Following Pentester | webapp security researcher | OSCP/OSWE | Personal account | opinions are mine 😶Giorgio Fedon 🕸️ @n0def
875 Followers 1K Following Co-founder and Technical Director @ Minded Security. Application security and bug researcher. Flash-to-Bang vulns are the bugs I love.eccrypt @eccryptx
15 Followers 475 FollowingNFT RADAR @Charlotte_21811
15 Followers 902 Following Crypto investor + Web3 M2E 👟#StepN #Runblox #Calorun #Fitmint #Genopets #Walken #StepApp #Primal 🔥Alessandro B. @rhpco
160 Followers 936 FollowingDario Taveri @DarioTaveri
75 Followers 447 Following @Veracode Territory Manager Africa, Israel & Turkey Application Security, DevSecOps, Sales & Marketing More https://t.co/HoSGr0wOr2Cybergibbons 🚲🚲.. @cybergibbons
49K Followers 3K Following Head of hardware. IoT hacker. Alpha Male.TryHackMe @RealTryHackMe
233K Followers 103 Following An online platform that makes it easy to break into and upskill in cyber security, all through your browser.Aakash Shah @ProvablyInsecur
82 Followers 455 Following Co-founder and CTO @oak9io | Building security for modern development | #CloudSecurity #InformationSecurity #DevOpsRedTeam Pentesting @RedTeamPT
6K Followers 168 Following Official RedTeam Pentesting GmbH account -- Impressum: https://t.co/pS9oK62LsuOperation Zero @opzero_en
4K Followers 1 Following A zero-day vulnerability platform. Reach us via email: [email protected]STÖK ✌️ @stokfredrik
126K Followers 1K Following Hi.. im that hacker / creative that your friends told you about. Creative Director & Hacks all the things at @truesecOpenAI @OpenAI
3.4M Followers 0 Following OpenAI’s mission is to ensure that artificial general intelligence benefits all of humanity. We’re hiring: https://t.co/dJGr6LgzPAGoogle AI @GoogleAI
2.2M Followers 23 Following Google AI is focused on bringing the benefits of AI to everyone. In conducting and applying our research, we advance the state-of-the-art in many domains.Clandestine @akaclandestine
35K Followers 5K Following | Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting |LLM Security @llm_sec
8K Followers 295 Following Research, papers, jobs, and news on large language model security. Got something relevant? DM / tag @llm_secAndrew Ng @AndrewYNg
1.0M Followers 907 Following Co-Founder of Coursera; Stanford CS adjunct faculty. Former head of Baidu AI Group/Google Brain. #ai #machinelearning, #deeplearning #MOOCsCyber Detective💙�.. @cyb_detective
42K Followers 3K Following Every day I write about #osint (Open Source Intelligence) tools and techniques. Also little bit about forensics and cybersecurity in general. Work in @netlas_ioLinux Handbook @LinuxHandbook
118K Followers 50 Following Learn to use Linux commands, SysAdmin tools, Self-hosting, Docker and other DevOps stuff with us.Luigi 🇪🇺👨.. @_zg_c
397 Followers 2K Following CompSci for work & fun. I enjoy reading about physics and maths, even if I don't understand much about them @ Milano, Imperia, Pogallo, Codera, Orta, Sexten...Mr. Mojo Risin @whenthemusicver
84 Followers 337 Following sopravvivere. ogni tanto sorridi. non puoi ucciderli tutti.Context @context_labs
997 Followers 65 Following AI-powered chat for your product documentation. Context is the simplest way turn your existing knowledge base into an automated 24/7 tech support bot.Trickest @trick3st
9K Followers 140 Following Enabling bug bounty hunters, penetration testers, and SecOps teams to build and automate workflows from start to finish.AssemblyAI @AssemblyAI
37K Followers 403 Following Access powerful AI models to transcribe and understand speech via a simple API. Try our no-code playground for free 👉 https://t.co/YPCK9mq5QyAndrew Ruddick @arudd1ck
474 Followers 214 Following Breaking software. Security Researcher, MSRC @msftsecresponse. Views are my own.梅子酒 @Meizjm3i
3K Followers 230 Following Founder of https://t.co/HcoTvxqDHi CTF player in Nu1L https://t.co/4ltBVv46VINeuralink @neuralink
1.4M Followers 1 Following Creating a general-purpose, high-bandwidth interface to the brainColorize_Bot 🤖🌈 @colorize_bot
231K Followers 1 Following I'm a little bot that transforms black and white photos into color using artificial intelligence ✨. Also on Instagram 📸:https://t.co/Lddw2anzOiQuestgen @questgen_ai
247 Followers 3 Following Generate quizzes from text in seconds using AI: https://t.co/OOl9Hluv0s Solo built by @ramsri_goutham #edtech #nlprocJohn Smith @aJohnSmith
25 Followers 85 FollowingCrazy Ass Moments in .. @CrazyItalianPol
111K Followers 1K Following The craziest news about Italy and Italian politics. 'A crazy good Twitter feed' - @nytimes 📧 [email protected] 👇 Follow CrazyItalianPol on Substack!Santiago @svpino
350K Followers 444 Following I tell stories about technology and teach hard-core Machine Learning at https://t.co/iZifcK7n47. YouTube: https://t.co/pROi08OZYJPython Coding @clcoding
367K Followers 53 Following Learn #python tips and tricks with code I Free Certification course https://t.co/ENgI7hh0H4 https://t.co/d07YF7dBNoInti De Ceukelaire @intidc
16K Followers 250 Following ꪜ Official Hacker @securinti (EN) | @[email protected] | 📩 [email protected] | views are my ownJohn Simpson ( gone t.. @thracky
530 Followers 1K Following Primarily on mastodon at @[email protected] (primary) or @[email protected] (backup)Marco Lancini @lancinimarco
6K Followers 411 Following 💼 Principal Security Engineer 📚 Writing https://t.co/TrQKzxfnYg 💬 I tweet about Cloud Security and technical leadership ✍🏻 Subscribe to https://t.co/MR69KiF8RHDevoxxUK 🇬🇧 8-1.. @DevoxxUK
6K Followers 376 Following 8-10 May, 2024 | A Developer Community Conference Watch all the recorded talks from previous years on our YouTube channel: https://t.co/xl6kaJVaEpShodan @shodanhq
101K Followers 2 Following Monitor your external network, search the Internet of Things and perform empirical market research. You can also find us on https://t.co/nPLFbFy8R5Camlis Org @CamlisOrg
1K Followers 53 Following Conference on Applied Machine Learning for Information SecurityGitHub Security @GitHubSecurity
15K Followers 96 Following The @github Security team. 🚨 Report vulnerability: https://t.co/wTLhTm60PQ. Security Research: @GHSecurityLab. We're hiring!Seba Deleersnyder @sebadele
1K Followers 394 Following OWASP volunteer. BruCON co-founder. Co-founder and CTO at Toreon. Threat Modeling training at Data Protection Institute.Christian Folini / @f.. @ChrFolini
3K Followers 1K Following Author of the #ModSecurity Handbook 2ed, OWASP @CoreRuleSet project co-lead and trainer. Also OWASP @ModSecurity co-lead and program chair @SwissCyberStorm.Will Dormann @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. @[email protected]OWASP Luxembourg @OWASPLux
298 Followers 17 FollowingOWASP Netherlands @owasp_NL
1K Followers 65 Following The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software.OWASP Belgium @owasp_be
849 Followers 5 FollowingGood Guy @BandEAtoZ
562 Followers 103 Following Fan of everything from Surreptitious Entry to Forcible Entry Techniques. My mama had me tested: seems I am Out Of Scope. Chief, Special Requirements Staff.CERT Orange Cyberdefe.. @CERTCyberdef
8K Followers 419 Following First Private CERT in Europe. Tweets are about vulnerability and cyber threats. Corporate account: @OrangeCyberDef / @OrangeCyberFR GPG KeyID: 0xBD54B276Recon Village @ReconVillage
9K Followers 43 Following A #DEFCON #Village focused on Open Source Intelligence and #Recon. Follow us for tweets around #OSINT #Infosec #Recon. Threads: https://t.co/0D3JgVJ9Wr🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)! I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis…
Interesting note on the #xz backdoor: If you plot Jai Tan's commit history over time, the cluster of offending commits occurs at an unusual time compared to rest of their activity. If the dev was pwned, it could be a sign that the threat actor contributed in their own timezone
If you are worried about backdoors think of bugdoors…
I wrote this Format dialog back on a rainy Thursday morning at Microsoft in late 1994, I think it was. We were porting the bajillion lines of code from the Windows95 user interface over to NT, and Format was just one of those areas where WindowsNT was different enough from…
Google is launching a new IDE / Copilot called IDX (still behind waitlist) Can’t wait for it to get 20 million users and shut down without warning
It's 9 years since the ASDA in my hometown of Ellesmere Port noticed DVD stocks depleting. Given that the DVDs had security tags on, they couldn't understand it. Eventually, it came to light that thieves had found a way to steal DVDs without taking them out of the shop...🧵
I got a fully maxed out MacBook, mostly so I can run local models fast. And omg here is mixtral running on @ollama... almost cannot believe how fast it is. This is with no internet!! A model that beats GPT-3.5 running locally! What!
Everyone who is planning to attend my @BSidesLondon Offensive Payment Security 101 workshop, a quick reminder: - there're only 20 slots, first come - first served - download the VM drive.google.com/file/d/1WhQ-5k… otherwise you will slow down the workshop. IT DOESN'T SUPPORT MAC M1
Video of my PoC for CVE-2023-43641: out-of-bounds array access in libcue. libcue is used by tracker-miners, which automatically scans new files in ~/Downloads, so the bug is triggered by downloading a file.
How did fighter planes in the 1950s perform calculations before compact digital computers were available? With the Bendix Central Air Data Computer! This electromechanical analog computer used gears and cams to compute "air data" for fighter planes such as the F-101. 1/13
When your cat knows more about Buffer Overflow than you.
IDORs are often simple bugs with critical impact. But sometimes, we can't predict the ID of the victim's object. To see what hunters do in these situations, I did the case study of 187 bug bounty reports and in this video, I'll show you what types of identifiers were used and how…
@fesshole You could bottle it and sell it as the next super glue. Bogey stick
We finally have more info about how exactly Microsoft was hacked by Chinese threat actors. It’s a doozy, so strap in. Back in June, hacking group Storm-0558 accessed the cloud-based Outlook email systems for 25 organizations, including at least two US government agencies. We…
Needless to say, any cubicle is still vastly inferior to working from home. 😂
Worst statement ever “To date, we’ve seen no evidence that this vulnerability has been exploited” Stop using it. It means nothing. There is no all-seeing eye that could possibly give you such insights.