Jarmo Puttonen @putsi
White hat hacking in Team ROT. Also, hacker-for-hire & bug bounty hunter -- https://t.co/5sHK3CHtdm rot.fi Tampere, Finland Joined September 2015-
Tweets963
-
Followers3K
-
Following3K
-
Likes2K
Check out our new blog post! We hacked into Apple Travel Portal (yes, again!) using a 0-day Remote Code Execution exploit. Part 1 is live now, stay tuned for the follow-up on another RCE worth a total bounty of $40k! blog.projectdiscovery.io/hello-lucee-le…
The SSRF/auth bypass affecting Ivanti Pulse Connect Secure (CVE-2024-21893), is a great example of what can be achieved with a fully blind SSRF vulnerability (RCE). Read the @assetnote blog here which includes a reliable payload and generation steps: assetnote.io/resources/rese…
PortSwigger Web Security disclosed a bug submitted by @mattaustin: hackerone.com/reports/1274695 - Bounty: $3,000 #hackerone #bugbounty
Hackers, an important one. e.g.: we heard that CVSS "PR" is handled inconsistently (should be PR:None for self-sign-up). We're transparently listing a set of Detailed Platform Standards for consistency across programs. Need your help -- what to cover next? docs.hackerone.com/organizations/…
Web Security vs. Binary Exploitation
As promised: Here's the first $10,000 @intel bug (aka CVE-2022-33942) that allows to bypass the authentication of Intel's DCM by spoofing Kerberos and LDAP responses. Exploit inside, enjoy 🥳 rcesecurity.com/2022/11/from-z… #BugBounty #security
Earlier this year, the Paranoids Vulnerability Research team disclosed a critical remote code execution (RCE) vulnerability in @GoIvanti’s endpoint management product: yahooinc.com/paranoids/para….
CVE-2023-21939 - Code Exec - PoC gist.github.com/win3zz/308c656…
Here's a write-up on a Browser-Powered Desync bug that I discovered in the Azure CDN service known as Front Door. The entire concept is built upon the excellent research by @albinowax. Initially identified within the @intigriti program. blog.jeti.pw/posts/knocking… #bugbounty
Wow this exploit is SICK. qualys.com/2023/07/19/cve…
The security research team at @assetnote discovered a pre-authentication RCE vulnerability through a cryptographic flaw in Citrix ShareFile. It's been assigned CVE-2023-24489. You can read the technical blog post here: blog.assetnote.io/2023/07/04/cit…
This was an excellent find: summoning.team/blog/vmware-vr… I love the logic flaw found within the nginx rules leadigng to the auth bypass needed to get to the RCE.
Yes, a big hand for the winners of our CTF: team @mintsecurityfi! Yesterday we organized our 2nd #capturetheflag event, and it was again great fun. In an epic last minute twist Jari and Jarmo from Mint Security in Finland sprinted to victory. More #ctf to follow in April!
Love this auth bypass via JSON Injection found by @GHSecurityLab, it's such an underrated attack class. Backslash Powered Scanner can detect JSON Injection but it takes dedication to build a real exploit black-box. github.blog/2023-03-03-git…
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2022! portswigger.net/research/top-1…
LastPass update: The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data as well as fully-encrypted sensitive fields. blog.lastpass.com/2022/12/notice…
We were really thrilled to see cURL founder @bagder write a blog post about our recent security review, and wanted to highlight some important things he pointed out blog.trailofbits.com/2022/12/22/cur…
These are the most impressive chats we've seen with ChatGPT so far. It can...
Intigriti @intigriti
155K Followers 644 Following Global Bug Bounty & VDP Platform. 🌐: https://t.co/fgCupJckrW ▶️: https://t.co/lRfCzZBgb7 👾: https://t.co/Inf7N9VQIlBen Sadeghipour @NahamSec
197K Followers 1K Following Cofounder @hackinghub_io, Advisor @Trick3st @CaidoIO. I hack companies and make content about it. Bug Bounty Village & #NahamCon organizer. ex @hacker0x01🇮🇷Inti De Ceukelaire @securinti
29K Followers 387 Following Hacker | @intidc (Dutch) | Chief Hacker Officer @intigritirenniepak @renniepak
10K Followers 301 Following Self-XSS connoisseur. Elite Hacker. MVH H11337UPBash. One-Percent Man. Co-Founder @HackerHideout (he/him)bugcrowd @Bugcrowd
161K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™shubs @infosec_au
50K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote@mikko @mikko
231K Followers 932 Following Technology speaker and author. Chief Research Officer at WithSecure.Iiro Uusitalo ✳️ @iiuusit
6K Followers 2K Following Security consulting at @Solita_Insights | More security stuff at Team Whack (Yle) and Team ROT.Corben Leo @hacker_
68K Followers 659 Following I hack stuff (legally) | Jesus follower | Co-founder @boringmattressᴡʜᴏɪꜱ @JuhoJauhiainen
3K Followers 490 Following DFIR at @Accenture | Co-Founder of @HelSecurity | Podcaster at @turvakarajat | Holder of OSCP and other abbreviationsHackerOne @Hacker0x01
289K Followers 3K Following The only official HackerOne Twitter account. Peace of mind from security's greatest minds. #HackForGood #togetherwehitharderAkita 🇦🇷 who Am.. @akita_zen
25K Followers 1K Following Hacker / Zen Monk / Energy Master / Bugbounty Hunter Founder of Nothing - Being Nothing - Silence - NoTime - only SpaceCatharina Candolin @candolin2
9K Followers 7K Following In the finance sector. Board Member @ssh. Previously Finnish Defence Forces, NATO HQ. PhD 2005. @hanaholmen Advisory Board. Certified Board Member (HHJ)Justin Gardner @Rhynorater
27K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 2x HackerOne MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️godiego @_godiego__
3K Followers 1K Following Security researcher and bug bounty hunter. https://t.co/ybndhjqZ5z | https://t.co/ALWTKTdgwc | 🇪🇸Tuan Anh Nguyen 🇻�.. @haxor31337
13K Followers 2K Following 28 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @BugcrowdMasonhck357 @Masonhck3571
14K Followers 716 Following 🔍 Top 100 Bug Bounty Hunter @ Bugcrowd | 🇩🇴 Dominican | Ethical hacking fanatic | 🎮🎵 Lover | Keeping the digital world safe.sw33tLie @sw33tLie
7K Followers 819 Following Hacker and CS student, 23yo. Top 50 @ https://t.co/u2ia5UqJZA https://t.co/ukQXXGMJxT https://t.co/LGYK7tMOGoAmir @Amir1375039
27 Followers 939 FollowingIsmael Valenzuela @aboutsecurity
17K Followers 9K Following VP Threat Research & Intelligence @BlackBerry ▪️ Ex @Foundstone @Intel @McAfee ▪️ SANS Senior Instructor, GSE #132 ▪️ Author #SEC530 #SEC568 #ThinkRedActBlueBen Roman @b3yondfi
127 Followers 614 Following web3 GTM Leader I Formerly @b3nFi10 @ Immunefi. On a mission to secure the future of web3. 👀 to connect with Hackers and web3 Projects.morusin @morusin2
24 Followers 41 FollowingSmowas @smowas70554
5 Followers 243 FollowingMadgeCecillia @5dNP1mD3W869y0S
6 Followers 277 FollowingTruong Le Van @HSw_109
2 Followers 49 FollowingReZa#Anker @Cyber97797
48 Followers 331 Following Security Researcher #Ankerミ. Red team & CTF player & hunterArneh @marneh111
5 Followers 148 Followingoktay @okt4y_hunter
6 Followers 100 FollowingChuong 🇻🇳 @caodchuong312
27 Followers 300 Following你压到我腿毛了 @nydowtumol19593
184 Followers 3K FollowingCazuri @0xCazurii
1 Followers 57 FollowingAman Hasan @Aman_Hasan01
55 Followers 260 Following Web Security | Python | Django Developer #BackbenchersFred HTB @FredHtb
11 Followers 55 FollowingDavid Valenzuela @david_v4l3n
566 Followers 507 Following 🟥 Red Team & Ethical Hacking | CRTP | eCPPTv2 | eJPTGuilherme Xavier @guilnx
86 Followers 545 FollowingKari Mattsson @KariMattsson
335 Followers 327 Following bsky user, infosys architect, philosopher, critic interested in myriad of things, politically homeless, and an oxford comma user.Sammy Zepulis @zepulis
64 Followers 105 FollowingJayraj Nakum @Jayraj0x01
3 Followers 103 Followingcmisl @cmisl123
5 Followers 70 FollowingMatin Sdn @MatinSdn
1 Followers 67 Followingcarlos lopez @Darko_skc
1 Followers 63 FollowingStenoez @stenoez8379
248 Followers 3K FollowingU3 @U3nerd
13 Followers 152 Following White Hacker | Infosec | Bug Bounty | AI | サイバーセキュリティに興味有り | 脆弱性診断 | 筋トレ| Stay Locally, Work Globally | Tweets my own |Yu @YuTanikawa
16 Followers 231 Following Ethical hacker🧑💻 Cyber Security, bug bounty🐞, CEH, CCNA, Linux. mainly tweets about cyber security. tweets are my own. Org🏢: https://t.co/hmTWfG4GdQSeated @Seated180681
165 Followers 3K FollowingAmMaR aLi NoOhAni @AmmarNoohani
86 Followers 926 Following Computer Science Student | Cybersecurity Enthusiast | Penetration Tester | OSINT | Database Managernadav kashti @nkashtix
0 Followers 10 FollowingMutiF @FaadhilahMuti
58 Followers 165 FollowingSeateau @Seateau119096
88 Followers 2K FollowingRob Moss @MrRobInIT
98 Followers 353 Following IT Infrastructure Operations | Ethical Hacker | PJPT | CompTIA Security+朝东 @7KEvhQhWMD9717
12 Followers 96 Following ให้ความอดทนแก่ชีวิต และชีวิตจะกลับตอบแทนความแข็งแกร่งให้เราZoneFull @Zon3Full
128 Followers 2K Following Gaming Video Creator https://t.co/axYotscOo4 https://t.co/k6dQ17RnR20xozhy @0xozhy
9 Followers 32 FollowingIntigriti @intigriti
155K Followers 644 Following Global Bug Bounty & VDP Platform. 🌐: https://t.co/fgCupJckrW ▶️: https://t.co/lRfCzZBgb7 👾: https://t.co/Inf7N9VQIlBen Sadeghipour @NahamSec
197K Followers 1K Following Cofounder @hackinghub_io, Advisor @Trick3st @CaidoIO. I hack companies and make content about it. Bug Bounty Village & #NahamCon organizer. ex @hacker0x01🇮🇷Sam Curry @samwcyo
77K Followers 949 Following Hacker, bug bounty hunter. Run a blog to better explain web application security.Jason Haddix @Jhaddix
147K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. @arcanuminfosec 18 years hacking + sec leadership. ex:BuddoBot-Ubisoft-Bugcrowd-Fortify-HP-Redspin-Citrix.STÖK ✌️ @stokfredrik
127K Followers 1K Following Hi.. im that hacker / creative that your friends told you about. Creative Director & Hacks all the things at @truesecJulien | MrTuxracer �.. @MrTuxracer
30K Followers 418 Following Freelancer | Full-time #BugBounty | @Hacker0x01 H1-Elite & $1,500,000 Hacker | ❤️ IDA ProJoseph Thacker @rez0__
49K Followers 874 Following the promptfather. christian. hacker. hobby jogger. principal ai engineer @appomnisecurity.Inti De Ceukelaire @securinti
29K Followers 387 Following Hacker | @intidc (Dutch) | Chief Hacker Officer @intigritiHussein Daher @HusseiN98D
43K Followers 151 Following Entrepreneur, Hacker 🇱🇧🇨🇮 @WebImmunify 27th/270000 BugCrowd Hacking Platformrenniepak @renniepak
10K Followers 301 Following Self-XSS connoisseur. Elite Hacker. MVH H11337UPBash. One-Percent Man. Co-Founder @HackerHideout (he/him)bugcrowd @Bugcrowd
161K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™shubs @infosec_au
50K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnoteNathaniel @nnwakelam
38K Followers 1K Following@mikko @mikko
231K Followers 932 Following Technology speaker and author. Chief Research Officer at WithSecure.Yassine Aboukir 🐐 @Yassineaboukir
26K Followers 338 Following HackerOne Top 20, Pentest Lead, Ambassador, MVH Title and Hacker Advisory Board • Digital Nomad • Aspiring Athlete.hakluke @hakluke
88K Followers 2K Following Hacker, bounties, entrepreneur. I help cybersecurity companies produce amazing content for their blogs and socials. Founder of: @haksecio and @hacker_contentJobert Abma @jobertabma
42K Followers 752 Following I tweet about security and my experience as a hacker. Co-founder of HackerOne (@Hacker0x01).Iiro Uusitalo ✳️ @iiuusit
6K Followers 2K Following Security consulting at @Solita_Insights | More security stuff at Team Whack (Yle) and Team ROT.Oli (C..1..P.H.Y) @marcolivermunz
1K Followers 449 Following Infosec addicted IT guy 🕵️♂️👨💻 | HTB Guru | Researcher & Pentester 🖊️ | White-Hat 🎩 | Bugs find me 🪲 | Part of the awesome #kaeferjaeger crew 💥Quang Vo @mr_r3bot
659 Followers 647 Following Offensive Security Engineer | Security Researcher | Mastodon: [email protected]. Tweets are my ownGromak123 Security @Gromak123_Sec
2K Followers 77 Following French Security Researcher at @Unumkey | BugBounty Hunter at @YesWeHack & @Hacker0x01 | 3 times #LeHack Bugbounty's Winner | H1 2022 Ambassador World champion/ XNL -н4cĸ3r (@Xnl.. @xnl_h4ck3r
7K Followers 823 Following Aspiring Bug Bounty Hunter & dev of tools: GAP, xnLinkFinder & waymore, featured in "Bug Hunter’s Methodology: Application Analysis v1" by JHaddix 🤘 RTFM🧐godiego @_godiego__
3K Followers 1K Following Security researcher and bug bounty hunter. https://t.co/ybndhjqZ5z | https://t.co/ALWTKTdgwc | 🇪🇸shmoul @shm0ul
510 Followers 84 Following 20 year old bug bounty hunter & security researcher from FinlandAndrew Morris @Andrew___Morris
20K Followers 3K Following 🔳 Internet listener. Founder/Chief Architect of GreyNoise Intelligence (@GreyNoiseIO)Caido @CaidoIO
6K Followers 29 FollowingAnthony. @AnthonySecurity
2K Followers 2K Following Director, Red Team @ Praetorian. Alumni Mandiant, MWR, NCCyttriumzz @yttriumzz
420 Followers 128 Following 🦉Blockchain independent security researcher - Life-long learningMaciej Piechota @haqpl
4K Followers 1K Following I’m a security enthusiast and technology polyglot, pug lover and drum’n’bass head. Vice Captain @justCatTheFish, HTB @AlphaPwners, Daily Pwning @ElectrovoltSecAssetnote @assetnote
8K Followers 0 Following Assetnote combines advanced reconnaissance and high-signal continuous security analysis to help enterprises gain insight and control of their evolving exposure.Emil Lerner @emil_lerner
3K Followers 243 Following Independent security researcher. CTO & co-founder of https://t.co/F296lUgKA8. Bushwhackers CTF team.Ivan Kwiatkowski @JusticeRage
9K Followers 73 Following Lead cyber threat researcher @HarfangLab. Maintainer of Manalyze, Gepetto, and writer. Trolling on a purely personal capacity.sudo_jeli @sudo_jeli
428 Followers 242 Following India 🇮🇳 • Infosec • Security Researcher • Penetration Tester • Self Taught HackerKilled by Google @killedbygoogle
53K Followers 201 Following Disappointment as a Service #TransRightsAreHumanRights #StandWithUkraine 👋🔪💀 (they/he)Linus Henze @LinusHenze
27K Followers 22 Following macOS and iOS Fan. CTF with @allesctf and @Sauercl0ud. Founder @pinauten. they/themH0W_THlNGS_W0RK @HowThingsWork_
2.1M Followers 8K Following The Official How Things Work page. Tech,AI,Art,Science & loads more. Also all the best news & viral content from around the globe.Codean @CodeanIO
32 Followers 189 Following Ethical hackers rock and we think they do not get enough love (tool wise). So we are creating a tool for security analysts, by security analysts!Antti Määttänen @0x41ntti
24 Followers 277 FollowingCubed @h1Cubed
2K Followers 303 Following Career in hacking into stuff on https://t.co/9wUU4HbNMO | Security Researcher @hacker0x01. Half 🇷🇴 and half 🇪🇬TESS @ArmanSameer95
6K Followers 818 Following Application Security Researcher https://t.co/g0QPLb24tI | https://t.co/XuUMBUWl0x | Most Valuable Hacker 2022 thanks to @bugcrowd | ex @pdiscoveryioB:\a.zza @mcbazza
3K Followers 2K Following I.T. geek. Does things with computers/tech. All views are own. Don't take seriously. Or, should you? Servant to ̷5̷ 4x cats. He/him @[email protected]Seth Jenkins @__sethJenkins
1K Followers 79 Following Project Zero Security Researcher - Hang glider pilot - Jesus Follower @[email protected]Octagon Networks @OctagonNetworks
8K Followers 0 Following We are a global company made up of hackers and security researchers working together to tackle advanced threats and vulnerabilities.Avoin Puolue @AvoinP
1K Followers 2K Following Vapaus, tiede, tulevaisuus, ihmiset. Avoin ja yksinkertainen yhteiskunta.💚Moayad Almalat 🇵�.. @MoayadAlmalat
272 Followers 865 Following Pentester |#Proxmox |#OSCP |#RastaLabs |#OffShore |#Cybernetics |#ATPLabs |#VirtualHackingLabs |#HackTheBoxWeb Immunify @WebImmunify
688 Followers 2 Following Web Immunify works with business owners, startups and individuals to identify vulnerabilities in their assets.Emre Övünç @EmreOvunc
2K Followers 464 Following Cyber Security Engineer #KickBox #SuperCar #Python #CyberSecurity #Debian #Linux #Sysadmin | #BugHunter @SynackRedTeam @Bugcrowd @Hacker0x01Dr. Parik Patel, BA, .. @ParikPatelCFA
631K Followers 983 Following Aswath Damodaran 🙏🏾 Dhandho Investor Chapter 3:4 🐂 | God first, full employment second 😤 | Investor @SamosaCapital | Subscribe to my newsletter 👇🏾Davis Sojan @davis_sojan
20 Followers 251 Following Lead Security Engineer | OSCP | eWPTx | CRTP | eJPT | Penetration Tester | Red Team | Volunteer Adversary VillageKeiZo @KeiZo_Zo
51 Followers 64 Following Bug Bounty hobbyist | https://t.co/pf6uqzDPHl | https://t.co/kDDcoqVA9P | https://t.co/rJTuxUr6PLSantiago @svpino
353K Followers 445 Following I tell stories about technology and teach hard-core Machine Learning at https://t.co/iZifcK7n47. YouTube: https://t.co/pROi08OZYJEemil S. (Esinko) @EsinkoNet
36 Followers 56 Following Developer, whitehat hacker, artist, nature/hiking maniac. Co-Founder & Board Member at Testausserveri ryRené Kroka @rene_kroka
15K Followers 997 Following Co-Founder of Talaria Security Labs (formerly @UGWST_COM) https://t.co/GZvIBzM15g - https://t.co/FCscJzlt8t - https://t.co/SQSo9hhqQQHackerOnTwoWheels @HackerOn2Wheels
11K Followers 549 Following I hack things and ride motorcycles. Co-Founder of Talaria Security Labs and UGWST. OSCP | OSCE | OSWE | eWPT | RTO 🇧🇷🇺🇲🇯🇵🇪🇸 Jesus is Lord.Johan Carlsson @joaxcar
4K Followers 156 Following Father and developer during the day, looking for bugs at night 🐞. Using Twitter for infosec only. Also on: @[email protected]Łukasz @maldr0id
13K Followers 999 Following Military-grade @Android malware reverse engineer @Google || "Tom Brady of malware strings analysis" - @MalwareTech || Tweets are my own opinions || he/him ✨🌈🦄The Finnish Air Force’s agile combat employment concept includes the use of highway strips also in winter conditions. During exercise #Hanki24, the F/A-18 Hornets operating from Tikkakoski Air Base take off from a strip of Highway 4 adjacent to the base. #ilmavoimat
Check out our new blog post! We hacked into Apple Travel Portal (yes, again!) using a 0-day Remote Code Execution exploit. Part 1 is live now, stay tuned for the follow-up on another RCE worth a total bounty of $40k! blog.projectdiscovery.io/hello-lucee-le…
The SSRF/auth bypass affecting Ivanti Pulse Connect Secure (CVE-2024-21893), is a great example of what can be achieved with a fully blind SSRF vulnerability (RCE). Read the @assetnote blog here which includes a reliable payload and generation steps: assetnote.io/resources/rese…
@renniepak It does happen to me when I go months without doing any BB but at the same time, I remind myself of the joy and fulfilment that all things I currently do bring me and for me, that's far more important than chasing money. Everyone is carving their own path after all.
An amazing find. Grateful to mega7 for finding the vulnerability, which we fixed within 24 hours. When ethical hackers find and report software bugs, adversaries cannot exploit them. Everyone should invite ethical hackers to help.
mega7 found a neat SSRF vulnerability in H1 and got $25,000 for it: hackerone.com/reports/2262382!
Huomenna hakkeroidaan hyvää tapiolanmäellä Espoossa 💪⚡️💻💥 @Lahi_Tapiola epressi.com/tiedotteet/vak…
PortSwigger Web Security disclosed a bug submitted by @mattaustin: hackerone.com/reports/1274695 - Bounty: $3,000 #hackerone #bugbounty
Hackers, an important one. e.g.: we heard that CVSS "PR" is handled inconsistently (should be PR:None for self-sign-up). We're transparently listing a set of Detailed Platform Standards for consistency across programs. Need your help -- what to cover next? docs.hackerone.com/organizations/…
Web Security vs. Binary Exploitation
As promised: Here's the first $10,000 @intel bug (aka CVE-2022-33942) that allows to bypass the authentication of Intel's DCM by spoofing Kerberos and LDAP responses. Exploit inside, enjoy 🥳 rcesecurity.com/2022/11/from-z… #BugBounty #security
A colleague pointed me today to an insane exploit primitive if you control a PHP include() with a fixed .php extension and no upload: leavesongs.com/PENETRATION/do…
Yay, I was awarded a $10,001 bounty on @Hacker0x01! hackerone.com/apox #TogetherWeHitHarder More than you @putsi (from this program!) 😁
Earlier this year, the Paranoids Vulnerability Research team disclosed a critical remote code execution (RCE) vulnerability in @GoIvanti’s endpoint management product: yahooinc.com/paranoids/para….
Suomen kovimmat hakkeritiimit 👉 Leftovers, Italian Spiderman, Team ROT, Pink Hat Hackers ja Makkoset #hackforgood #hackday
Very excited to be invited to the #1337up1023 LHE by @intigriti 😎Looking forward to seeing both new and familiar faces 🤙
Here's a write-up on a Browser-Powered Desync bug that I discovered in the Azure CDN service known as Front Door. The entire concept is built upon the excellent research by @albinowax. Initially identified within the @intigriti program. blog.jeti.pw/posts/knocking… #bugbounty
Routes to RCE Braindump: * SSRF -> AWS Metadata * Command injection * Code Injection * Arbitrary file write * RFI * LFI + dirty file write * Configuration file injection (See @ctbbpodcast ep 27) * Deserialization bugs * SSTI * Binary Exploitation bugs (Stack/Heap Overflow,…