pyn3rd @pyn3rd
Security Researcher&Red Team&Cloud Security. BlackHat&HITB&CanSecWest Speaker. blog.pyn3rd.com Melbourne, Victoria Joined February 2016-
Tweets844
-
Followers14K
-
Following607
-
Likes4K
I just published From XSS to RCE: Critical Vulnerability Chain in Anthropic MCP Inspector(CVE-2025–58444) medium.com/p/from-xss-to-…
🚨 New research: A cryptomining campaign is hijacking exposed PostgreSQL, hiding payloads in fake 404 pages, and abusing legit infra. Multiplatform, stealthy, and still active 👉 wiz.io/blog/soco404-m…
Old but GOld! That's a good one!
We (+@sagitz_ @ronenshh @hillai) found a series of unauthenticated RCEs in core @kubernetesio project "Ingress-NGINX". The impact? From zero permissions ➡️ to complete cluster takeover 🤯 This is the story of #IngressNightmare 🧵⬇️
It was a genuine pleasure meeting @infosec_au in Sydney and receiving your insightful advice and valuable information. Thank you! Hope to see you again soon!
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵
I truly appreciate @albinowax's kind help in adding both my blog and slides to Web Hacking Techniques 2024.Thank you so much!
#CVE-2024-49194 Databricks JDBC Driver via JAAS, Make JDBC Attack Great Again!! I’ve included the link to my write-up below. Enjoy!! blog.pyn3rd.com/2024/12/13/Dat…
Activiti is a lightweight workflow and Business Process Management (BPM) platform that supports Expression Language expressions within its flows. In this example, I demonstrate how to exploit this feature to trigger RCE in a SpringBoot environment.
Use MSSQL CLR Assembly To Bypass EDR blog.pyn3rd.com/2024/11/22/How…
XSS based on DNS CNAME Type Record
I’m developing a DNS server that responds with random IP addresses and tracks response times. It’s designed to handle a high volume of cache-miss queries for DNS caching, like Local DNS Server.
I developed an SSH client rootkit to test EDR detection. When a user logs in, it captures the root password and sends it covertly via a DNS TKEY record. With high daily DNS traffic, EDR systems are unlikely to flag this, as analyzing every query would impact performance.
Just read "Make JDBC Attacks Brilliant Again", a fantastic 3-year-old research piece that @pyn3rd recently recommended to me. It starts with JDBC attack principles and root causes, dives deep into implementation issues—including their discovery of a Weblogic RCE—unveils new…
#CVE-2024-21216 Weblogic Remote Code Execution via T3/IIOP

Nicolas Krassas @Dinosn
147K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
Sam Curry @samwcyo
98K Followers 1K Following
payloadartist @payloadartist
42K Followers 284 Following Yapping about AI, AppSec, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my cat's • Part-time shitposter
Julien | MrTuxracer �... @MrTuxracer
37K Followers 443 Following Freelancer | #BugBounty | @Hacker0x01 H1-Elite | $1,500,000 Overall Bounties | ❤️ Reversing | Mobile Hacker | https://t.co/pcWduPOt0n
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
Md Ismail Šojal �... @0x0SojalSec
31K Followers 5K Following Cyber_Security_Re-searcher || 0SINT || Malware Analysis II Pwn || Ai Re-searcher || Project @AIStrikeSec || 0ld Accounts Suspended @0xSojalSec ||
Tuan Anh Nguyen⚡️... @haxor31337
15K Followers 2K Following 29 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
zseano @zseano
79K Followers 702 Following #1 Amazon Bug Bounty Hunter with 24k+ rep. hacking team with @jonathanbouman @fransrosen @avlidienbrunn
张惠倩 @momika233
18K Followers 222 Following Anda boleh melakukan segala-galanya dari syurga ke bumi, wanita kecil!! If you have any questions, please contact me https://t.co/MkzsavUU9V
InfoSec Community @InfoSecComm
52K Followers 635 Following Largest InfoSec publication with 62,000+ followers and 1M+ monthly views.
Frans Rosén @fransrosen
43K Followers 900 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Louis Nyffenegger @snyff
20K Followers 591 Following Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...
Justin Gardner @Rhynorater
35K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
Clandestine @akaclandestine
50K Followers 5K Following | Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting | Humint |
siri@fu4k1 @sirifu4k1
7K Followers 309 Following Web Pentest & girl hh & share anything ithink useful about infosec. follow me! 🇸🇬
Eva @Eddie122299
92 Followers 2K Following
xxy534 @8yt1s
1 Followers 202 Following
DuckywantDucky @DuckyWantDucky
0 Followers 63 Following
Godfrey Grady @GodfreyGra6142
81 Followers 3K Following
John @Ramtic233
1 Followers 263 Following
Jeffery Thompson @JefferyTho59341
3 Followers 139 Following
Adam Lowery @DevOpsPops
14 Followers 48 Following
PollyAdolph @1V0GtlwUcaG7Hv1
1 Followers 335 Following
ElviraSpender @H8rI5zL075Q27ZV
1 Followers 149 Following
Young @Young0038474843
0 Followers 25 Following
high tech low life @buffer_0verwh0a
98 Followers 1K Following bug bounty 🪲| recovering script kiddie 🏴☠️ | lockpicking 🔑 | tech trash 🗑 | day job breaching the cloud ☁️ | emulating adversaries 😈 |
Dr2M @mohammed2454111
32 Followers 457 Following
Emiliano Emilio @emilio_emi51084
9 Followers 171 Following
erdgalay @erdgalay55555
18 Followers 511 Following
CX @cxaqhq
4K Followers 407 Following BG6VVA OSWP 备考OSCP business card:https://t.co/2eYXkaAi6C Github:https://t.co/9HXCpbOWqe
Muhammad Farid @Mu7ammadfared
3 Followers 640 Following
Majdeddine Ben Hadj B... @whoismajd
49 Followers 9 Following Penetration Tester & Python Automation Enthusiast | 3x CVE's | PT1 | eWPTXv3 | CEHv12 | eCPPTv3 | CRTP | eWPTv2 | eJPTv2 | RHC(SA/E) | PCAP | ISC2 CC
Sara-oh @Sara_oh_ny
0 Followers 5 Following
莫玄宇 @btcxuanyu
27 Followers 932 Following
lin FAT @linFAT4
28 Followers 989 Following
🍒 Yuqiskk @skk8232
277 Followers 4K Following I-DLE + Soojin (OT6), TWICE, Han Sun-Hwa + SECRET, BIBI, YENA, Hyuna, Hong Jinyoung, ATARASHII GAKKO! and Phantom Siita fan | NO TO STAN culture | pfp by @Gaea_
kktwo @kenobiwan666
21 Followers 374 Following
Agnani Sanjay @sagnani
32 Followers 3K Following
Soebody @Sameforbody
2 Followers 144 Following
Arflooavaus @Arflooavaus831
44 Followers 3K Following
At0M1C @SeyitogluSerdar
0 Followers 266 Following
chen fu @chenfu71288030
0 Followers 20 Following
Mathew Musango @MathewMusango
27 Followers 2K Following
Rohit Rajwansi @rajwansi_rohit
17 Followers 418 Following IIT Bombay EE 2018 भारतीय अभियंता, Network Security, Red Team, White Hat, Backend developer, Python, Lang-chain, LLM, Bug Bounty, DHH, Music production 🎁
Mor Bikovsky @MorBikovsky
62 Followers 473 Following VP Product & Alliances @remediosecurity | Focused on macro trends, future risks & building what’s next in cybersecurity
x @xshadowya
0 Followers 15 Following
Pay Me @DonofDigitalpur
3 Followers 419 Following
Saad Saeed @saadsaeed1019
33 Followers 2K Following Security researcher in progress | Exploring adversaries & defenses | Aspiring Purple Teamer | Building skills, breaking barriers.
kkkkk12345 @kkkkk123456722
0 Followers 52 Following
Bheema @Bheema_0x01
22 Followers 766 Following
xiaoming @getdate
35 Followers 620 Following
Smilent @ismilent
2 Followers 59 Following
Mohamed Ismail @moismaila1
0 Followers 60 Following
tomkrist @jieliuhouzi
0 Followers 48 Following
Intigriti @intigriti
194K Followers 657 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Nicolas Krassas @Dinosn
147K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
Sam Curry @samwcyo
98K Followers 1K Following
payloadartist @payloadartist
42K Followers 284 Following Yapping about AI, AppSec, Hacking, & Cybersecurity • Helped secure organizations like Google • Opinions are my cat's • Part-time shitposter
Julien | MrTuxracer �... @MrTuxracer
37K Followers 443 Following Freelancer | #BugBounty | @Hacker0x01 H1-Elite | $1,500,000 Overall Bounties | ❤️ Reversing | Mobile Hacker | https://t.co/pcWduPOt0n
shubs @infosec_au
56K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
Gareth Heyes \u2028 @garethheyes
37K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
bugcrowd @Bugcrowd
188K Followers 6K Following The leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world...Unleash Ingenuity™
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
PortSwigger Research @PortSwiggerRes
111K Followers 7 Following Web security research from the team at @PortSwigger
Tuan Anh Nguyen⚡️... @haxor31337
15K Followers 2K Following 29 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
zseano @zseano
79K Followers 702 Following #1 Amazon Bug Bounty Hunter with 24k+ rep. hacking team with @jonathanbouman @fransrosen @avlidienbrunn
James Kettle @albinowax
79K Followers 94 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
HackerOne @Hacker0x01
325K Followers 3K Following The only official HackerOne Twitter account. A global leader in offensive security solutions. #HackForGood #togetherwehitharder
Frans Rosén @fransrosen
43K Followers 900 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Louis Nyffenegger @snyff
20K Followers 591 Following Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...
Nicolas Grégoire @Agarri_FR
27K Followers 631 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
Altered Security @AlteredSecurity
7K Followers 2K Following Global leader in hands-on learning for enterprise and cloud security education. Join 40000+ infosec professionals from 130+ countries
Clint Gibler @clintgibler
22K Followers 563 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletter
Kara Sprague @ksprague08
1K Followers 277 Following CEO @ HackerOne and board member @ Trimble with over 20 years of experience delivering growth and transformation for public and private technology companies.
Codean @CodeanIO
410 Followers 175 Following Ethical hackers rock and we think they do not get enough love (tool wise). So we are creating a tool for security analysts, by security analysts!
HackingHub @hackinghub_io
10K Followers 12 Following Educating the next generation of ethical hackers.
Horizon3 Attack Team @Horizon3Attack
12K Followers 56 Following @Horizon3ai Attack Team | Security Research | Exploit Dev | TTPs
sw33tLie @sw33tLie
10K Followers 916 Following Web application hacker, 25yo. Top 30 @ https://t.co/wX0yr85Tzk https://t.co/ZI7a8oJJcQ https://t.co/LGYK7tMOGo
Angel Hacker @4ng3lhacker
520 Followers 25 Following George Mason Cyber Security Engineering Student | Databuoy Software Engineering Intern | Bug Hunter ✝️
Hacking Articles @hackinarticles
277K Followers 452 Following House of Pentesters Join us: https://t.co/Y6XOlSOA92
KNOXSS @KN0X55
15K Followers 0 Following Announcements, tips and support via DM of KNOXSS - Online #XSS PoC Tool by @BRuteLogic
Claude @claudeai
130K Followers 1 Following Claude is an AI assistant built by @anthropicai to be safe, accurate, and secure. Talk to Claude on https://t.co/ZhTwG8dz3D or download the app.
TECNO Security Respon... @TecnoSRC
2K Followers 804 Following 🎯TECNO Security Vulnerability Reward Program. 📧Email: [email protected] #AndroidSecurity #bugbounty #AppSec #cybersecurity #hack #TECNOsecurity
xss0r @xss0r
6K Followers 3K Following xss0r Deploying an alert box in a web app is like having a tiny pop-up comedian shout 'Surprise!' whenever you least expect it! #xss0r #ibrahimXSS #Blindxss0r
fwd:cloudsec @fwdcloudsec
5K Followers 68 Following Non-profit cloud security conference. June 17-18, 2024 in Arlington, VA. September 17, 2024 in Brussels, Belgium.
H1 Disclosed - Public... @h1Disclosed
10K Followers 1 Following User friendly unofficial HackerOne public disclosures, keeps you updated about the recently disclosed bugs. Made With ♥ By Hackers For Hackers. - @rohsec
sudi @sudhanshur705
5K Followers 707 Following Remember, whatever happens... There's always a vulnerability https://t.co/FFVfnf39jY
Matan Berson @MtnBer
4K Followers 269 Following Hacker and bug bounty hunter mostly focusing on client-side security. h1-702 Vigilante, h1-65 Eliminator, AWC23 Best New Hacker
Sreeram KL @kl_sree
2K Followers 895 Following Infosec enthusiast! | @googlevrp fan boy 😍 | CTF @thehackerscrew1 | Web Security
publiclyDisclosed @disclosedh1
65K Followers 2 Following This is an unofficial HackerOne public disclosure watcher who keeps you up to date about the recently disclosed bugs. By @NOBBD
BruCON @brucon
9K Followers 2K Following Belgian Information Security Conference | #BruCON0x11 (17th edition) Spring Training 23-25 April 2025 | Training 22-24 Sept - Conference 25-26 Sept 2025
Roy Davis @Hack_All_Things
3K Followers 175 Following Security Engineer, Penetration Tester, Security Researcher, Bug Bounty Manager @ Zoom, 2+ year ALS Survivor.
Dirk-jan @_dirkjan
29K Followers 206 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Trend Micro @TrendMicro
113K Followers 4K Following We're a global leader in cybersecurity that helps make the world safe for exchanging digital information.
Michael Skelton @codingo_
42K Followers 755 Following VP of Operations @bugcrowd, Hacking Content @ https://t.co/Ov3ZXfNg5P tools @ https://t.co/4X3ot71JLf @SecTalks_GC & @BSidesGC co-organiser
ghostlulz @ghostlulz1337
14K Followers 1K Following Founder /CEO @StealthNetAI , Author - Bug Bounty Playbook. @DakotaState Alum , Founder/Former CTO RedSentry , Ex @bishopfox. #bugbounty #infosec #redteam
ZoomEye @zoomeye_team
9K Followers 507 Following A cyberspace search engine built for security researcher Daily Tricks || Latest Vulnerability Updates Email: [email protected] https://t.co/AUq5jNpKkl
Hacktron AI @HacktronAI
2K Followers 7 Following Hacktron is an autonomous vulnerability hunter for ambitious engineering teams. Built by world-class security researchers. Powered by one principle: PoC || GTFO
NullSecX @NullSecurityX
6K Followers 101 Following Hacking Group https://t.co/4D4Ewi7xmL collaborations & sponsorships; [email protected]
arXiv.org @arxiv
42K Followers 186 Following News from https://t.co/enurGFxpcS, a free distribution service and an open archive for scholarly articles. For help with arXiv, see https://t.co/LcWuhM0BOl
Spirent @Spirent
5K Followers 2K Following From the lab to the real world - Spirent is a leading global provider of automated #test and #assurance solutions for networks, cybersecurity, and positioning
SecureIQLab @SecureIQlab
62 Followers 68 Following SecureIQLab is a Austin-based solution validation and advisory service provider.
Anton @therceman
26K Followers 794 Following 👋 I’m Anton (therceman) 🪲 Bug Bounty Hunter 💰 📖 Bug Bounty Book - https://t.co/Y9nGrZydBV
ς๏гєɭคภς0�... @corelanc0d3r
26K Followers 555 Following Corelan | Infosec Researcher&Trainer, Hacker | Outgoing Introvert (INFJ-A) | Book lover | Fountain pen affictionado | Chess amateur | Foodie
deepsec.cc @deepsec_cc
258 Followers 0 Following
ET Labs @ET_Labs
6K Followers 218 Following ET Labs is the research team of Emerging Threats - Bionic threat intelligence specialists from Fantasia.
DARKNAVY @DarkNavyOrg
2K Followers 50 Following Cybersecurity enthusiasts from DARKNAVY. Achieve, Analyze, Attack *Oops.
Mark Mitchell @coremwm
945 Followers 248 Following Security Engineering and Architecture. Opinions my own.
Joseph M @cedoxX
9K Followers 4K Following Keynote Spkr • Best Selling Author • DarkWeb Trainer. Builder of Secure AI DC & Agents/GPT/AI/Qbit +28yr Defcon/BlackHat & Darkweb +22yr Securing ICS/SCADA/BMS
Web Security Academy @WebSecAcademy
131K Followers 36 Following Free web security training from @PortSwigger
Nico Waisman @nicowaisman
13K Followers 952 Following Head of Security at @XBOW. Former CISO @Lyft. Binary entomologist