pyn3rd @pyn3rd
Security Researcher&Red Team&Cloud Security. BlackHat&HITB&CanSecWest Speaker. blog.pyn3rd.com Melbourne, Victoria Joined February 2016-
Tweets844
-
Followers14K
-
Following607
-
Likes4K
pyn3rd retweeted
I just published From XSS to RCE: Critical Vulnerability Chain in Anthropic MCP Inspector(CVE-2025–58444) medium.com/p/from-xss-to-…
0
7
20
19K
11
pyn3rd retweeted
🚨 New research: A cryptomining campaign is hijacking exposed PostgreSQL, hiding payloads in fake 404 pages, and abusing legit infra. Multiplatform, stealthy, and still active 👉 wiz.io/blog/soco404-m…
Old but GOld! That's a good one!
pyn3rd retweeted
We (+@sagitz_ @ronenshh @hillai) found a series of unauthenticated RCEs in core @kubernetesio project "Ingress-NGINX". The impact? From zero permissions ➡️ to complete cluster takeover 🤯 This is the story of #IngressNightmare 🧵⬇️
It was a genuine pleasure meeting @infosec_au in Sydney and receiving your insightful advice and valuable information. Thank you! Hope to see you again soon!
pyn3rd retweeted
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵
I truly appreciate @albinowax's kind help in adding both my blog and slides to Web Hacking Techniques 2024.Thank you so much!
#CVE-2024-49194 Databricks JDBC Driver via JAAS, Make JDBC Attack Great Again!! I’ve included the link to my write-up below. Enjoy!! blog.pyn3rd.com/2024/12/13/Dat…
Activiti is a lightweight workflow and Business Process Management (BPM) platform that supports Expression Language expressions within its flows. In this example, I demonstrate how to exploit this feature to trigger RCE in a SpringBoot environment.
Use MSSQL CLR Assembly To Bypass EDR blog.pyn3rd.com/2024/11/22/How…
XSS based on DNS CNAME Type Record
I’m developing a DNS server that responds with random IP addresses and tracks response times. It’s designed to handle a high volume of cache-miss queries for DNS caching, like Local DNS Server.
I developed an SSH client rootkit to test EDR detection. When a user logs in, it captures the root password and sends it covertly via a DNS TKEY record. With high daily DNS traffic, EDR systems are unlikely to flag this, as analyzing every query would impact performance.
pyn3rd retweeted
Just read "Make JDBC Attacks Brilliant Again", a fantastic 3-year-old research piece that @pyn3rd recently recommended to me. It starts with JDBC attack principles and root causes, dives deep into implementation issues—including their discovery of a Weblogic RCE—unveils new…
#CVE-2024-21216 Weblogic Remote Code Execution via T3/IIOP
Nicolas Krassas @Dinosn
147K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
Sam Curry @samwcyo
98K Followers 1K Following
payloadartist @payloadartist
42K Followers 284 Following Yapping about AI, AppSec, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my cat's • Part-time shitposter
Julien | MrTuxracer �... @MrTuxracer
37K Followers 443 Following Freelancer | #BugBounty | @Hacker0x01 H1-Elite | $1,500,000 Overall Bounties | ❤️ Reversing | Mobile Hacker | https://t.co/pcWduPOt0n
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
Md Ismail Šojal �... @0x0SojalSec
31K Followers 5K Following Cyber_Security_Re-searcher || 0SINT || Malware Analysis II Pwn || Ai Re-searcher || Project @AIStrikeSec || 0ld Accounts Suspended @0xSojalSec ||
Tuan Anh Nguyen⚡️... @haxor31337
15K Followers 2K Following 29 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
zseano @zseano
79K Followers 702 Following #1 Amazon Bug Bounty Hunter with 24k+ rep. hacking team with @jonathanbouman @fransrosen @avlidienbrunn
张惠倩 @momika233
18K Followers 222 Following Anda boleh melakukan segala-galanya dari syurga ke bumi, wanita kecil!! If you have any questions, please contact me https://t.co/MkzsavUU9V
InfoSec Community @InfoSecComm
52K Followers 635 Following Largest InfoSec publication with 62,000+ followers and 1M+ monthly views.
Frans Rosén @fransrosen
43K Followers 900 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Louis Nyffenegger @snyff
20K Followers 591 Following Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...
Justin Gardner @Rhynorater
35K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
Clandestine @akaclandestine
50K Followers 5K Following | Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting | Humint |
siri@fu4k1 @sirifu4k1
7K Followers 309 Following Web Pentest & girl hh & share anything ithink useful about infosec. follow me! 🇸🇬
Eva @Eddie122299
92 Followers 2K Following
xxy534 @8yt1s
1 Followers 202 Following
DuckywantDucky @DuckyWantDucky
0 Followers 63 Following
Godfrey Grady @GodfreyGra6142
81 Followers 3K Following
John @Ramtic233
1 Followers 263 Following
Jeffery Thompson @JefferyTho59341
3 Followers 139 Following
Adam Lowery @DevOpsPops
14 Followers 48 Following
PollyAdolph @1V0GtlwUcaG7Hv1
1 Followers 335 Following
ElviraSpender @H8rI5zL075Q27ZV
1 Followers 149 Following
Young @Young0038474843
0 Followers 25 Following
high tech low life @buffer_0verwh0a
98 Followers 1K Following bug bounty 🪲| recovering script kiddie 🏴☠️ | lockpicking 🔑 | tech trash 🗑 | day job breaching the cloud ☁️ | emulating adversaries 😈 |
Dr2M @mohammed2454111
32 Followers 457 Following
Emiliano Emilio @emilio_emi51084
9 Followers 171 Following
erdgalay @erdgalay55555
18 Followers 511 Following
CX @cxaqhq
4K Followers 407 Following BG6VVA OSWP 备考OSCP business card:https://t.co/2eYXkaAi6C Github:https://t.co/9HXCpbOWqe
Muhammad Farid @Mu7ammadfared
3 Followers 640 Following
Majdeddine Ben Hadj B... @whoismajd
49 Followers 9 Following Penetration Tester & Python Automation Enthusiast | 3x CVE's | PT1 | eWPTXv3 | CEHv12 | eCPPTv3 | CRTP | eWPTv2 | eJPTv2 | RHC(SA/E) | PCAP | ISC2 CC
Sara-oh @Sara_oh_ny
0 Followers 5 Following
莫玄宇 @btcxuanyu
27 Followers 932 Following
lin FAT @linFAT4
28 Followers 989 Following
🍒 Yuqiskk @skk8232
277 Followers 4K Following I-DLE + Soojin (OT6), TWICE, Han Sun-Hwa + SECRET, BIBI, YENA, Hyuna, Hong Jinyoung, ATARASHII GAKKO! and Phantom Siita fan | NO TO STAN culture | pfp by @Gaea_
kktwo @kenobiwan666
21 Followers 374 Following
Agnani Sanjay @sagnani
32 Followers 3K Following
Soebody @Sameforbody
2 Followers 144 Following
Arflooavaus @Arflooavaus831
44 Followers 3K Following
At0M1C @SeyitogluSerdar
0 Followers 266 Following
chen fu @chenfu71288030
0 Followers 20 Following
Mathew Musango @MathewMusango
27 Followers 2K Following
Rohit Rajwansi @rajwansi_rohit
17 Followers 418 Following IIT Bombay EE 2018 भारतीय अभियंता, Network Security, Red Team, White Hat, Backend developer, Python, Lang-chain, LLM, Bug Bounty, DHH, Music production 🎁
Mor Bikovsky @MorBikovsky
62 Followers 473 Following VP Product & Alliances @remediosecurity | Focused on macro trends, future risks & building what’s next in cybersecurity
x @xshadowya
0 Followers 15 Following
Pay Me @DonofDigitalpur
3 Followers 419 Following
Saad Saeed @saadsaeed1019
33 Followers 2K Following Security researcher in progress | Exploring adversaries & defenses | Aspiring Purple Teamer | Building skills, breaking barriers.
kkkkk12345 @kkkkk123456722
0 Followers 52 Following
Bheema @Bheema_0x01
22 Followers 766 Following
xiaoming @getdate
35 Followers 620 Following
Smilent @ismilent
2 Followers 59 Following
Mohamed Ismail @moismaila1
0 Followers 60 Following
tomkrist @jieliuhouzi
0 Followers 48 Following
Intigriti @intigriti
194K Followers 657 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Nicolas Krassas @Dinosn
147K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
Sam Curry @samwcyo
98K Followers 1K Following
payloadartist @payloadartist
42K Followers 284 Following Yapping about AI, AppSec, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my cat's • Part-time shitposter
Julien | MrTuxracer �... @MrTuxracer
37K Followers 443 Following Freelancer | #BugBounty | @Hacker0x01 H1-Elite | $1,500,000 Overall Bounties | ❤️ Reversing | Mobile Hacker | https://t.co/pcWduPOt0n
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
Gareth Heyes \u2028 @garethheyes
37K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
bugcrowd @Bugcrowd
188K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
PortSwigger Research @PortSwiggerRes
111K Followers 7 Following Web security research from the team at @PortSwigger
Tuan Anh Nguyen⚡️... @haxor31337
15K Followers 2K Following 29 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
zseano @zseano
79K Followers 702 Following #1 Amazon Bug Bounty Hunter with 24k+ rep. hacking team with @jonathanbouman @fransrosen @avlidienbrunn
James Kettle @albinowax
79K Followers 94 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
HackerOne @Hacker0x01
325K Followers 3K Following The only official HackerOne Twitter account. A global leader in offensive security solutions. #HackForGood #togetherwehitharder
Frans Rosén @fransrosen
43K Followers 900 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Louis Nyffenegger @snyff
20K Followers 591 Following Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...
Nicolas Grégoire @Agarri_FR
27K Followers 631 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
Altered Security @AlteredSecurity
7K Followers 2K Following Global leader in hands-on learning for enterprise and cloud security education. Join 40000+ infosec professionals from 130+ countries
Clint Gibler @clintgibler
22K Followers 563 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletter
Kara Sprague @ksprague08
1K Followers 277 Following CEO @ HackerOne and board member @ Trimble with over 20 years of experience delivering growth and transformation for public and private technology companies.
Codean @CodeanIO
410 Followers 175 Following Ethical hackers rock and we think they do not get enough love (tool wise). So we are creating a tool for security analysts, by security analysts!
HackingHub @hackinghub_io
10K Followers 12 Following Educating the next generation of ethical hackers.
Horizon3 Attack Team @Horizon3Attack
12K Followers 56 Following @Horizon3ai Attack Team | Security Research | Exploit Dev | TTPs
sw33tLie @sw33tLie
10K Followers 916 Following Web application hacker, 25yo. Top 30 @ https://t.co/wX0yr85Tzk https://t.co/ZI7a8oJJcQ https://t.co/LGYK7tMOGo
Angel Hacker @4ng3lhacker
520 Followers 25 Following George Mason Cyber Security Engineering Student | Databuoy Software Engineering Intern | Bug Hunter ✝️
Hacking Articles @hackinarticles
277K Followers 452 Following House of Pentesters Join us: https://t.co/Y6XOlSOA92
KNOXSS @KN0X55
15K Followers 0 Following Announcements, tips and support via DM of KNOXSS - Online #XSS PoC Tool by @BRuteLogic
Claude @claudeai
130K Followers 1 Following Claude is an AI assistant built by @anthropicai to be safe, accurate, and secure. Talk to Claude on https://t.co/ZhTwG8dz3D or download the app.
TECNO Security Respon... @TecnoSRC
2K Followers 804 Following 🎯TECNO Security Vulnerability Reward Program. 📧Email: [email protected] #AndroidSecurity #bugbounty #AppSec #cybersecurity #hack #TECNOsecurity
xss0r @xss0r
6K Followers 3K Following xss0r Deploying an alert box in a web app is like having a tiny pop-up comedian shout 'Surprise!' whenever you least expect it! #xss0r #ibrahimXSS #Blindxss0r
fwd:cloudsec @fwdcloudsec
5K Followers 68 Following Non-profit cloud security conference. June 17-18, 2024 in Arlington, VA. September 17, 2024 in Brussels, Belgium.
H1 Disclosed - Public... @h1Disclosed
10K Followers 1 Following User friendly unofficial HackerOne public disclosures, keeps you updated about the recently disclosed bugs. Made With ♥ By Hackers For Hackers. - @rohsec
sudi @sudhanshur705
5K Followers 707 Following Remember, whatever happens... There's always a vulnerability https://t.co/FFVfnf39jY
Matan Berson @MtnBer
4K Followers 269 Following Hacker and bug bounty hunter mostly focusing on client-side security. h1-702 Vigilante, h1-65 Eliminator, AWC23 Best New Hacker
Sreeram KL @kl_sree
2K Followers 895 Following Infosec enthusiast! | @googlevrp fan boy 😍 | CTF @thehackerscrew1 | Web Security
publiclyDisclosed @disclosedh1
65K Followers 2 Following This is an unofficial HackerOne public disclosure watcher who keeps you up to date about the recently disclosed bugs. By @NOBBD
BruCON @brucon
9K Followers 2K Following Belgian Information Security Conference | #BruCON0x11 (17th edition) Spring Training 23-25 April 2025 | Training 22-24 Sept - Conference 25-26 Sept 2025
Roy Davis @Hack_All_Things
3K Followers 175 Following Security Engineer, Penetration Tester, Security Researcher, Bug Bounty Manager @ Zoom, 2+ year ALS Survivor.
Dirk-jan @_dirkjan
29K Followers 206 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Trend Micro @TrendMicro
113K Followers 4K Following We're a global leader in cybersecurity that helps make the world safe for exchanging digital information.
Michael Skelton @codingo_
42K Followers 755 Following VP of Operations @bugcrowd, Hacking Content @ https://t.co/Ov3ZXfNg5P tools @ https://t.co/4X3ot71JLf @SecTalks_GC & @BSidesGC co-organiser
ghostlulz @ghostlulz1337
14K Followers 1K Following Founder /CEO @StealthNetAI , Author - Bug Bounty Playbook. @DakotaState Alum , Founder/Former CTO RedSentry , Ex @bishopfox. #bugbounty #infosec #redteam
ZoomEye @zoomeye_team
9K Followers 507 Following A cyberspace search engine built for security researcher Daily Tricks || Latest Vulnerability Updates Email: [email protected] https://t.co/AUq5jNpKkl
Hacktron AI @HacktronAI
2K Followers 7 Following Hacktron is an autonomous vulnerability hunter for ambitious engineering teams. Built by world-class security researchers. Powered by one principle: PoC || GTFO
NullSecX @NullSecurityX
6K Followers 101 Following Hacking Group https://t.co/4D4Ewi7xmL collaborations & sponsorships; [email protected]
arXiv.org @arxiv
42K Followers 186 Following News from https://t.co/enurGFxpcS, a free distribution service and an open archive for scholarly articles. For help with arXiv, see https://t.co/LcWuhM0BOl
Spirent @Spirent
5K Followers 2K Following From the lab to the real world - Spirent is a leading global provider of automated #test and #assurance solutions for networks, cybersecurity, and positioning
SecureIQLab @SecureIQlab
62 Followers 68 Following SecureIQLab is a Austin-based solution validation and advisory service provider.
Anton @therceman
26K Followers 794 Following 👋 I’m Anton (therceman) 🪲 Bug Bounty Hunter 💰 📖 Bug Bounty Book - https://t.co/Y9nGrZydBV
ς๏гєɭคภς0�... @corelanc0d3r
26K Followers 555 Following Corelan | Infosec Researcher&Trainer, Hacker | Outgoing Introvert (INFJ-A) | Book lover | Fountain pen affictionado | Chess amateur | Foodie
deepsec.cc @deepsec_cc
258 Followers 0 Following
ET Labs @ET_Labs
6K Followers 218 Following ET Labs is the research team of Emerging Threats - Bionic threat intelligence specialists from Fantasia.
DARKNAVY @DarkNavyOrg
2K Followers 50 Following Cybersecurity enthusiasts from DARKNAVY. Achieve, Analyze, Attack *Oops.
Mark Mitchell @coremwm
945 Followers 248 Following Security Engineering and Architecture. Opinions my own.
Joseph M @cedoxX
9K Followers 4K Following Keynote Spkr • Best Selling Author • DarkWeb Trainer. Builder of Secure AI DC & Agents/GPT/AI/Qbit +28yr Defcon/BlackHat & Darkweb +22yr Securing ICS/SCADA/BMS
Web Security Academy @WebSecAcademy
131K Followers 36 Following Free web security training from @PortSwigger
Nico Waisman @nicowaisman
13K Followers 952 Following Head of Security at @XBOW. Former CISO @Lyft. Binary entomologist
Luca Beurer-Kellner @lbeurerkellner
2K Followers 359 Following working on secure agentic AI @invariantlabsai PhD @the_sri_lab, ETH Zürich. Prev: @lmqllang and @projectlve.Trends for United States
8.585 posts
1.101 posts
43,5 B posts
110 B posts
34,2 B posts
4.756 posts
43,9 B posts
9.718 posts
13,6 B posts
1.932 posts
17,1 B posts
188 B posts
15,4 B posts
25 B posts
1.781 posts
82,9 B posts
1.984 posts
You might like
Cyber Advising
@cyber_advising
14K Followers
Orange Tsai 🍊
@orange_8361
60K Followers
XSS Payloads
@XssPayloads
52K Followers
James Kettle
@albinowax
79K Followers
ch
@chybeta
14K Followers
Nuclei by ProjectDisc...
@pdnuclei
37K Followers
PT SWARM
@ptswarm
19K Followers
Gareth Heyes \u2028
@garethheyes
37K Followers
André Baptista
@0xacb
17K Followers
Swissky
@pentest_swissky
20K Followers
Soroush Dalili
@irsdl
20K Followers
Janggggg
@testanull
9K Followers
Adam Chester 🏴�...
@_xpn_
36K Followers
Alvaro Muñoz
@pwntester
13K Followers
heige
@80vul
11K Followers