pyn3rd @pyn3rd
Security Researcher&Red Team&Cloud Security. BlackHat&HITB&CanSecWest Speaker. blog.pyn3rd.com Leeds, England Joined February 2016-
Tweets843
-
Followers13K
-
Following605
-
Likes4K
pyn3rd retweeted
🚨 New research: A cryptomining campaign is hijacking exposed PostgreSQL, hiding payloads in fake 404 pages, and abusing legit infra. Multiplatform, stealthy, and still active 👉 wiz.io/blog/soco404-m…
Old but GOld! That's a good one!
pyn3rd retweeted
We (+@sagitz_ @ronenshh @hillai) found a series of unauthenticated RCEs in core @kubernetesio project "Ingress-NGINX". The impact? From zero permissions ➡️ to complete cluster takeover 🤯 This is the story of #IngressNightmare 🧵⬇️
It was a genuine pleasure meeting @infosec_au in Sydney and receiving your insightful advice and valuable information. Thank you! Hope to see you again soon!
pyn3rd retweeted
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵
I truly appreciate @albinowax's kind help in adding both my blog and slides to Web Hacking Techniques 2024.Thank you so much!
#CVE-2024-49194 Databricks JDBC Driver via JAAS, Make JDBC Attack Great Again!! I’ve included the link to my write-up below. Enjoy!! blog.pyn3rd.com/2024/12/13/Dat…
Activiti is a lightweight workflow and Business Process Management (BPM) platform that supports Expression Language expressions within its flows. In this example, I demonstrate how to exploit this feature to trigger RCE in a SpringBoot environment.
Use MSSQL CLR Assembly To Bypass EDR blog.pyn3rd.com/2024/11/22/How…
XSS based on DNS CNAME Type Record
I’m developing a DNS server that responds with random IP addresses and tracks response times. It’s designed to handle a high volume of cache-miss queries for DNS caching, like Local DNS Server.
I developed an SSH client rootkit to test EDR detection. When a user logs in, it captures the root password and sends it covertly via a DNS TKEY record. With high daily DNS traffic, EDR systems are unlikely to flag this, as analyzing every query would impact performance.
pyn3rd retweeted
Just read "Make JDBC Attacks Brilliant Again", a fantastic 3-year-old research piece that @pyn3rd recently recommended to me. It starts with JDBC attack principles and root causes, dives deep into implementation issues—including their discovery of a Weblogic RCE—unveils new…
#CVE-2024-21216 Weblogic Remote Code Execution via T3/IIOP
Nicolas Krassas @Dinosn
146K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
Sam Curry @samwcyo
97K Followers 1K Following Hacker, bug bounty hunter. Run a blog to better explain web application security.
payloadartist @payloadartist
42K Followers 286 Following Yapping about AI, AppSec, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my cat's • Part-time shitposter
Julien | MrTuxracer �... @MrTuxracer
37K Followers 443 Following Freelancer | #BugBounty | @Hacker0x01 H1-Elite | $1,500,000 Overall Bounties | ❤️ Reversing | Mobile Hacker | https://t.co/pcWduPOt0n
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
Md Ismail Šojal �... @0x0SojalSec
30K Followers 5K Following Cyber_Security_Re-searcher || 0SINT || Malware Analysis II Pwn || Ai Re-searcher || Project @AIStrikeSec || 0ld Accounts Suspended @0xSojalSec ||
Tuan Anh Nguyen⚡️... @haxor31337
15K Followers 2K Following 29 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
zseano @zseano
79K Followers 702 Following #1 Amazon Security Researcher. full time hacking team with @jonathanbouman @fransrosen @avlidienbrunn
张惠倩 @momika233
18K Followers 222 Following Anda boleh melakukan segala-galanya dari syurga ke bumi, wanita kecil!! If you have any questions, please contact me https://t.co/MkzsavUU9V
InfoSec Community @InfoSecComm
52K Followers 636 Following Largest InfoSec publication with 62,000+ followers and 1M+ monthly views.
Frans Rosén @fransrosen
43K Followers 897 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Louis Nyffenegger @snyff
20K Followers 590 Following Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...
Justin Gardner @Rhynorater
35K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
Clandestine @akaclandestine
49K Followers 5K Following | Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting | Humint |
siri@fu4k1 @sirifu4k1
7K Followers 309 Following Web Pentest & girl hh & share anything ithink useful about infosec. follow me! 🇸🇬
At0M1C @SeyitogluSerdar
0 Followers 250 Following
chen fu @chenfu71288030
0 Followers 18 Following
Mathew Musango @MathewMusango
17 Followers 2K Following
Rohit Rajwansi @rajwansi_rohit
18 Followers 390 Following IIT Bombay EE 2018 भारतीय अभियंता, Network Security, Red Team, White Hat, Backend developer, Python, Lang-chain, LLM, Bug Bounty, DHH, Music production 🎁
Mor Bikovsky @MorBikovsky
53 Followers 325 Following VP Product & Alliances @GYTPOL | Focused on macro trends, future risks & building what’s next in cybersecurity
x @xshadowya
0 Followers 15 Following
Pay Me @DonofDigitalpur
4 Followers 373 Following
Saad Saeed @saadsaeed1019
36 Followers 2K Following Security researcher in progress | Exploring adversaries & defenses | Aspiring Purple Teamer | Building skills, breaking barriers.
kkkkk12345 @kkkkk123456722
1 Followers 50 Following
Bheema @Bheema_0x01
20 Followers 732 Following
xiaoming @getdate
47 Followers 619 Following
Smilent @ismilent
2 Followers 59 Following
Mohamed Ismail @moismaila1
1 Followers 61 Following
tomkrist @jieliuhouzi
0 Followers 46 Following
Nill Armstrong @NillArmstrong5
10 Followers 409 Following
DevNg @NgocNguyen92096
1 Followers 409 Following
alexdev @alexdev____
80 Followers 817 Following 💡 Je développe des petits programmes en cybersécurité. 🛠️ Des outils simples, autonomes et prêts à l’emploi.
HKR PI @HKRPI1
5 Followers 1K Following
jz han @jzhan196468
3 Followers 29 Following
Rohan Kumar Mandal @mandalrohan798
14 Followers 1K Following
qring ii @IiQring11301
0 Followers 4 Following
Du. Gu @DuGu589198
0 Followers 14 Following
Jishnu Kala @kala_jishn48043
3 Followers 357 Following
Quan Nguyen @zer01010001
0 Followers 65 Following
King Magic @7MagicKing
0 Followers 29 Following
luckyeast @Luckyyjjy
1 Followers 49 Following
Someone @fr33s0ftw4r3
90 Followers 2K Following
CyberObserve @_cyberobserve
15 Followers 274 Following
Intigriti @intigriti
193K Followers 658 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Nicolas Krassas @Dinosn
146K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
Sam Curry @samwcyo
97K Followers 1K Following Hacker, bug bounty hunter. Run a blog to better explain web application security.
payloadartist @payloadartist
42K Followers 286 Following Yapping about AI, AppSec, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my cat's • Part-time shitposter
Julien | MrTuxracer �... @MrTuxracer
37K Followers 443 Following Freelancer | #BugBounty | @Hacker0x01 H1-Elite | $1,500,000 Overall Bounties | ❤️ Reversing | Mobile Hacker | https://t.co/pcWduPOt0n
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
Gareth Heyes \u2028 @garethheyes
37K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
bugcrowd @Bugcrowd
187K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
PortSwigger Research @PortSwiggerRes
111K Followers 7 Following Web security research from the team at @PortSwigger
Tuan Anh Nguyen⚡️... @haxor31337
15K Followers 2K Following 29 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
zseano @zseano
79K Followers 702 Following #1 Amazon Security Researcher. full time hacking team with @jonathanbouman @fransrosen @avlidienbrunn
James Kettle @albinowax
79K Followers 92 Following Director of Research at PortSwigger aka Burp Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
HackerOne @Hacker0x01
324K Followers 3K Following The only official HackerOne Twitter account. A global leader in offensive security solutions. #HackForGood #togetherwehitharder
Frans Rosén @fransrosen
43K Followers 897 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Louis Nyffenegger @snyff
20K Followers 590 Following Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...
Nicolas Grégoire @Agarri_FR
27K Followers 630 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
Clint Gibler @clintgibler
22K Followers 563 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletter
Kara Sprague @ksprague08
1K Followers 277 Following CEO @ HackerOne and board member @ Trimble with over 20 years of experience delivering growth and transformation for public and private technology companies.
Codean @CodeanIO
410 Followers 175 Following Ethical hackers rock and we think they do not get enough love (tool wise). So we are creating a tool for security analysts, by security analysts!
HackingHub @hackinghub_io
9K Followers 12 Following Educating the next generation of ethical hackers.
Horizon3 Attack Team @Horizon3Attack
12K Followers 56 Following @Horizon3ai Attack Team | Security Research | Exploit Dev | TTPs
sw33tLie @sw33tLie
10K Followers 909 Following Web application hacker, 25yo. Top 30 @ https://t.co/wX0yr85Tzk https://t.co/ZI7a8oJJcQ https://t.co/LGYK7tMOGo
Angel Hacker @4ng3lhacker
515 Followers 25 Following George Mason Cyber Security Engineering Student | Databuoy Software Engineering Intern | Bug Hunter ✝️
Hacking Articles @hackinarticles
276K Followers 453 Following House of Pentesters Join us: https://t.co/Y6XOlSOA92
KNOXSS @KN0X55
15K Followers 0 Following Announcements, tips and support via DM of KNOXSS - Online #XSS PoC Tool by @BRuteLogic
Claude @claudeai
108K Followers 1 Following Claude is an AI assistant built by @anthropicai to be safe, accurate, and secure. Talk to Claude on https://t.co/ZhTwG8dz3D or download the app.
TECNO Security Respon... @TecnoSRC
2K Followers 804 Following 🎯TECNO Security Vulnerability Reward Program. 📧Email: [email protected] #AndroidSecurity #bugbounty #AppSec #cybersecurity #hack #TECNOsecurity
xss0r @xss0r
6K Followers 3K Following xss0r Deploying an alert box in a web app is like having a tiny pop-up comedian shout 'Surprise!' whenever you least expect it! #xss0r #ibrahimXSS #Blindxss0r
fwd:cloudsec @fwdcloudsec
5K Followers 68 Following Non-profit cloud security conference. June 17-18, 2024 in Arlington, VA. September 17, 2024 in Brussels, Belgium.
H1 Disclosed - Public... @h1Disclosed
10K Followers 1 Following User friendly unofficial HackerOne public disclosures, keeps you updated about the recently disclosed bugs. Made With ♥ By Hackers For Hackers. - @rohsec
sudi @sudhanshur705
5K Followers 697 Following Remember, whatever happens... There's always a vulnerability https://t.co/FFVfnf39jY
Matan Berson @MtnBer
4K Followers 267 Following Hacker and bug bounty hunter mostly focusing on client-side security. h1-702 Vigilante, h1-65 Eliminator, AWC23 Best New Hacker
Sreeram KL @kl_sree
2K Followers 891 Following Infosec enthusiast! | @googlevrp fan boy 😍 | CTF @thehackerscrew1 | Web Security
publiclyDisclosed @disclosedh1
65K Followers 2 Following This is an unofficial HackerOne public disclosure watcher who keeps you up to date about the recently disclosed bugs. By @NOBBD
BruCON @brucon
9K Followers 2K Following Belgian Information Security Conference | #BruCON0x11 (17th edition) Spring Training 23-25 April 2025 | Training 22-24 Sept - Conference 25-26 Sept 2025
Roy Davis @Hack_All_Things
3K Followers 175 Following Security Engineer, Penetration Tester, Security Researcher, Bug Bounty Manager @ Zoom, 2+ year ALS Survivor.
Dirk-jan @_dirkjan
28K Followers 206 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Trend Micro @TrendMicro
113K Followers 4K Following We're a global leader in cybersecurity that helps make the world safe for exchanging digital information.
Michael Skelton @codingo_
44K Followers 751 Following VP of Operations @bugcrowd, Hacking Content @ https://t.co/Ov3ZXfNg5P tools @ https://t.co/4X3ot71JLf @SecTalks_GC & @BSidesGC co-organiser
ghostlulz @ghostlulz1337
14K Followers 1K Following Founder /CEO @StealthNetAI , Author - Bug Bounty Playbook. @DakotaState Alum , Founder/Former CTO RedSentry , Ex @bishopfox. #bugbounty #infosec #redteam
ZoomEye @zoomeye_team
9K Followers 508 Following A cyberspace search engine built for security researcher Daily Tricks || Latest Vulnerability Updates Email: [email protected] https://t.co/AUq5jNpKkl
Hacktron AI @HacktronAI
2K Followers 6 Following Hacktron is an autonomous vulnerability hunter for ambitious engineering teams. Built by world-class security researchers. Powered by one principle: PoC || GTFO
NullSecX @NullSecurityX
5K Followers 91 Following See New Threats Before They Strike ~ Hacking Group https://t.co/4D4Ewi7xmL
arXiv.org @arxiv
42K Followers 187 Following News from https://t.co/enurGFxpcS, a free distribution service and an open archive for scholarly articles. For help with arXiv, see https://t.co/LcWuhM0BOl
Spirent @Spirent
5K Followers 2K Following From the lab to the real world - Spirent is a leading global provider of automated #test and #assurance solutions for networks, cybersecurity, and positioning
SecureIQLab @SecureIQlab
62 Followers 68 Following SecureIQLab is a Austin-based solution validation and advisory service provider.
Anton @therceman
26K Followers 779 Following 👋 I’m Anton (therceman) 🪲 Bug Bounty Hunter 💰 📖 Bug Bounty Book - https://t.co/Y9nGrZydBV
ς๏гєɭคภς0�... @corelanc0d3r
26K Followers 552 Following Corelan | Infosec Researcher&Trainer, Hacker | Outgoing Introvert (INFJ-A) | Book lover | Fountain pen affictionado | Chess amateur | Foodie
VIEH Group @viehgroup
4K Followers 468 Following An Innovative Cyber Security Company | Think Secure, Think V.I.E.H
deepsec.cc @deepsec_cc
254 Followers 0 Following
ET Labs @ET_Labs
6K Followers 219 Following ET Labs is the research team of Emerging Threats - Bionic threat intelligence specialists from Fantasia.
DARKNAVY @DarkNavyOrg
2K Followers 50 Following Cybersecurity enthusiasts from DARKNAVY. Achieve, Analyze, Attack *Oops.
Mark Mitchell @coremwm
945 Followers 249 Following Security Engineering and Architecture. Opinions my own.
Joseph M @cedoxX
9K Followers 4K Following Keynote Spkr • Best Selling Author • DarkWeb Trainer. Builder of Secure DC Agents/GPT/AI/Qbit +28yr Defcon/BlackHat & Darkweb +22yr Securing ICS/SCADA/BMS
Web Security Academy @WebSecAcademy
130K Followers 36 Following Free web security training from @PortSwigger
Nico Waisman @nicowaisman
13K Followers 952 Following Head of Security at @XBOW. Former CISO @Lyft. Binary entomologist
Luca Beurer-Kellner @lbeurerkellner
2K Followers 354 Following working on secure agentic AI @invariantlabsai PhD @the_sri_lab, ETH Zürich. Prev: @lmqllang and @projectlve.
Matt Beton @MattBeton
2K Followers 179 Following democratizing ai @exolabs | prev maths @Cambridge_Uni
Positive Technologies... @PTsecurity_EN
3K Followers 872 Following Embrace any digitalization challenge—we'll secure your cyber-resilienceTrends for United States
83,5 B posts
76,7 B posts
201 B posts
57,6 B posts
252 B posts
68,5 B posts
198 B posts
24,3 B posts
4.143 posts
41,8 B posts
55,6 B posts
5.773 posts
8.199 posts
14,3 B posts
5.394 posts
5.588 posts
6.440 posts
3.070 posts
You might like
Cyber Advising
@cyber_advising
14K Followers
Orange Tsai 🍊
@orange_8361
60K Followers
XSS Payloads
@XssPayloads
52K Followers
James Kettle
@albinowax
79K Followers
pikpikcu
@pikpikcu
7K Followers
ch
@chybeta
14K Followers
Nuclei by ProjectDisc...
@pdnuclei
36K Followers
PT SWARM
@ptswarm
19K Followers
Gareth Heyes \u2028
@garethheyes
37K Followers
André Baptista
@0xacb
17K Followers
Swissky
@pentest_swissky
20K Followers
Soroush Dalili
@irsdl
20K Followers
Janggggg
@testanull
9K Followers
Adam Chester 🏴�...
@_xpn_
36K Followers
Alvaro Muñoz 🇺�...
@pwntester
13K Followers