Mastho @masthoon Twitter Profile

Mastho

@masthoon

Security Researcher

137Posts 1KFollowers 608Following

Similar User

@elvanderb

@Synacktiv

@0xf4b

@_p0ly_

@0vercl0k

@hexacon_fr

@vdehors

@saidelike

@T00uF

@__x86

@SidewayRE

@Karion_

@OnlyTheDuck

@hakril

@Heurs

Mastho Reposted

Synacktiv

@Synacktiv

18 Nov

The report of the #FreeBSD audit conducted by @masthoon and @jbcayrou is finally out! freebsdfoundation.org/blog/strengthe…

Mastho Reposted

Hexacon

@hexacon_fr

3 Sep

"0-click RCE on Tesla Model 3 through TPMS Sensors" 🚗 by David BERARD (@_p0ly_) & Thomas Imbert (@masthoon)

Mastho Reposted

Angelboy

@scwuaptx

23 Aug

Excited to share our research on Kernel Streaming! We discovered several vulnerabilities in it that we used at Pwn2Own this year. Check it out: devco.re/blog/2024/08/2…

Mastho Reposted

After nearly 10 years of existence, years of use in production on 10k+ computers. The new PythonForWindows release is 1.0.0 \o/ This release adds three important things: official python 3 support, full Unicode support for py2/py3 & CI testing on GitHub ! github.com/hakril/PythonF…

GitHub - hakril/PythonForWindows: A codebase aimed to make interaction with Windows and native...

Source: https://t.co/MZFd0SfPhE

Mastho Reposted

Hexacon

@hexacon_fr

3 Jun

Ticket sales for #HEXACON2024 are now OPEN! 📆 4th & 5th of October 2024 🎫 Standard price: 1210€ 🎟 Reduced price: 660€ hexacon.fr/register/

Hexacon - Register

Source: https://t.co/vZUo5mP3o4

Mastho Reposted

Hexacon

@hexacon_fr

29 May

#HEXACON2024's call for paper is officially open! 📅 29 May - Mid July ▶️ cfp.hexacon.fr/hexacon-2024/ As always, thanks again for our committee members who are willing to dedicate some of their valuable time to assess and review the submissions!

Mastho Reposted

Hexacon

@hexacon_fr

29 Apr

Registration for trainings is now open! ⏳ Don't miss your chance to learn from the best and have a great time in Paris 🥐 hexacon.fr/register/

Mastho Reposted

Synacktiv

@Synacktiv

18 Mar

The team is getting ready for the next #Pwn2Own with some good stuff, stay tuned 😉

Zero Day Initiative

@thezdi

14 Mar

Just hours left to enter. See you next week!

Mastho Reposted

Synacktiv

@Synacktiv

26 Jan

Here we are! 🥷 Masters of pwn for the third time 🎉 Congratulations to all the ninjas involved! #Pwn2Own

Mastho Reposted

Synacktiv

@Synacktiv

8 Jan

Have you ever wondered what the attack surface of Counter Strike: Global Offensive looks like? Our ninjas @myr463 and @v1csec studied it and found a server to client bug! Read more details about this research in our latest blogpost. synacktiv.com/publications/e…

Exploring Counter-Strike: Global Offensive Attack Surface

Source: https://t.co/QaoheZbQoi

Mastho Reposted

Synacktiv

@Synacktiv

5 Jan

Our ninja @masthoon solved a tough challenge during @PotluckCTF with an ingenious approach: he built a decompiler for a custom ISA by lifting instructions to Binary Ninja IL. Read the "Pot of Gold" write-up (kudos to @bl4sty for creating the challenge): synacktiv.com/publications/l…

Leveraging Binary Ninja IL to Reverse a Custom ISA: Cracking the “Pot of Gold” 37C3

Source: https://t.co/jNJPIwqg5H

Mastho Reposted

Axel Souchet

@0vercl0k

2 Jan

Here is a tool that helped me looking for tricky ROP gadgets when manual search failed 🔎 Grab a Windows user-dump of your target, write a pre/post condition and let it try to emulate every candidate in the address space. github.com/0vercl0k/rp-bf…

Mastho Reposted

blasty

@bl4sty

1 Jan

I contributed a task to this year's @PotluckCTF that contains an emulator for a custom ISA. one of the players actually implemented a decompiler for it by lifting to binja's IL. mind you: this is a 24h long CTF! very neat to see current tooling makes things like this feasible!

Mastho Reposted

David B.

@_p0ly_

21 Nov

The details of our Tesla #pwn2own exploit chain are now public !

Synacktiv

@Synacktiv

21 Nov

Slides of our latest talks during #GreHack23 and @codeblue_jp are now available on our website! synacktiv.com/ressources

Mastho Reposted

Synacktiv

@Synacktiv

13 Oct 2023

Now, @masthoon and @MajorTomSec are on stage to present their VirtualBox chain used during #Pwn2Own

Mastho Reposted

Hexacon

@hexacon_fr

11 Sep 2023

This year, #HEXACON2023 will introduce the social event with a lightning talks session! 💡 ⏳ 5 minutes long ⛔️ No bullshit/commercials 🎠 Fun topics appreciated 🍻 Beers allowed 🫵Open to everyone Short talks submission will take place during the event

Mastho Reposted

Hexacon

@hexacon_fr

7 Sep 2023

The writeups of our challenges are online, go check them out! 🏆 GG and thanks to the authors @nneonneo, @CyrilleChatras and mercymercy_6ft3_DOajNY 🔥 hexacon.fr/challenge/#cha…

Mastho Reposted

Synacktiv

@Synacktiv

1 Sep 2023

Sometimes simple is best. See how @SidewayRE exploited a 9-year-old Linux kernel bug at #Pwn2Own Vancouver 2023! synacktiv.com/publications/o…

Old bug, shallow bug: Exploiting Ubuntu at Pwn2Own Vancouver 2023

Source: https://t.co/epmiEQZcD4

Mastho Reposted

Synacktiv

@Synacktiv

25 Aug 2023

Later today, @masthoon will talk at #HITB2023HKT about two bugs he exploited in Windows kernel during #Pwn2Own and how the future mitigations will make them harder to exploit (or not 😱) conference.hitb.org/hitbsecconf202…

Windows Kernel Security: A Deep Dive into Two Exploits Demonstrated at Pwn2Own - HITBSecConf2023 -...

Source: https://t.co/bPLyxiZHcb

Mastho Reposted

Hexacon

@hexacon_fr

17 Jul 2023

📦 Breaking Out of the Box: Technical analysis of VirtualBox VM escape with Windows LPE, by Thomas Bouzerar (@MajorTomSec) and Thomas Imbert (@masthoon)

Offensive security company. Dojo of many ninjas. Red teaming, reverse engineering, vuln research, dev of security tools and incident response.

Synacktiv

@Synacktiv

hacker, weird machine mechanic, exploit dev @xforce

chompie

@chompie1337

employer: @LexfoSecurite @ambionics
~ blogs: https://t.co/cLoNdCGPU7 https://t.co/JVMLjUzTJU https://t.co/t9a5IcOXSU

Charles Fol

@cfreal_

$¯\_(ツ)_/¯, blogging on https://t.co/36oOc8Mgha and posting codes on https://t.co/P83Oen94Rc.$

Axel Souchet

@0vercl0k

blasty

@bl4sty

Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFH

Richard Johnson

@richinseattle

# Exploit Reliability Engineer
# Developing a full-system snapshot fuzzer: https://t.co/mfVXhwoGYD
# Avi: https://t.co/3fsQfVprCf

h0mbre

@h0mbre_

Vulnerability Research, Kernel Exploitation, Reverse Engineering, Exploit Development, Program Analysis, Malware Research, Web, Machine Learning

HackSys Team

@HackSysTeam

Technical Director, Platform Operations and Research at @cse_cst. Windows Internals author and trainer. He/Him. RTs are not endorsements, opinions are my own.

Alex Ionescu

@aionescu

Mehdi Talbi 🇵🇸

@abu_y0ussef

Ex street racer. Hermetic Initiate. Exploring conscience and the nature of reality. I also hack and ride things. 🧘🏻‍♂️

ϻг_ϻε

@steventseeley

wannabe hacker... he/him

🌱 grow your hacking skills @hextreeio

LiveOverflow 🔴

@LiveOverflow

David B.

@_p0ly_

Mayfly

@M4yFly

johncool

@JohnCool__

En charge du recrutement chez @Synacktiv 🥷
Si vous souhaitez des informations, n'hésitez pas à me contacter (MP ou elsa.thiebaut@synacktiv.com)

Thiebaut Elsa

@thiebaut_elsa

Offensive Security fanatic... pom-pom girl... Who fuckin' cares ??

Whoami ? 👉
https://t.co/WId3WL9vNk

kmkz

@kmkz_security

🥷 @Synacktiv | CTF with @RMUBYGG, @Hexagonctf, @ECSC_TeamFrance 20/21/22/23/24

voydstack

@voydstack

Security engineer working on Android, reverse-engineering & obfuscation.

Author of @LIEF_project and @open_obfuscator

Romain THOMAS

@rh0main

Sh0ck

@Sh0ckFR

🌹 🏴‍☠️ | Українка за кров’ю | https://t.co/F5dgX7AEoL

︎ ︎

@0xocdsec

Gowrishankar

@g0wricsMD

Kayznn

@Kayznnnz

Brightiup

@realBrightiup

He/Him; Pre-/Post-breach Cyber Responder

Andre Gironda

@AndreGironda

19yo😼|Junior Pentester|Bug Hunter|Discoverer of 2 CVEs

Roland Hack

@RolandHack6

OwO
Pentester at I-Tracing, Re enthousiast, Msfs24 fanboi. Love some good shitpost.
Views are mine blah blah blah

Klcium

@klcium

강찬송

@ssong_k1

Yet another information security guy, CTF junkie. All tweets are my own.
#FreePalestine until its backwards ✌️

M411K 🔻

@m411k_

CTO@78ResearchLab
Ph.D.@Cybersecurity
I'm interested in Windows LPE exploit, APT, Password Cracking, Deep Learning(specially GANs)

Sungyup Nam

@REDPACK_kr

_4vil4ric$

@zhuan1243

Hacker | Automotive, IoT, Drone & Robotics Security | Undergrad with Cloud & Security | Check out CARSS↙️

Sourav

@souravbaghz

Machine intelligence and system security. Cypherpunk and Neo-Calvinist. Founder of @HardenedLinux and @HardenedVault.

Shawn C - [email protected]

@citypw

Edna 😌

@EdnaBrylee3087

Sprinter

@0xSpr1nter

dragosr

@dragosr

Hsrish Babu Manam

@Harish_Manam

Securing the future through modern technology. Founder and Software Security Specialist at @magnetitesec

Joshua J. Drake

@jduck

uCurious?

@NOTlongerHere_

AcrapX

@AcrapX

All Systems Security Expert. F12 your hardware! Tweets and opinions are my own.

Ferdi

@s1ckcc

Zed

@Zeroved0x5A

Fred Woodyard

@FWoodyard44711

Bronwyn 😳

@BronwynP1843

KW

@KW79938885

kolaki

@jiroskd0

manoozie

@__manoozie__

19ph

gnnlknntapiiaiahwanhbaiaponittgylsmaannayphnhamkayogygtnaiauknalgaggakahpaignaaankbaaaypwo

nmitnpiaatniganapauolalmangaypaaioyngsatagrngnkgphpakmaankii

Datsuraku

@MDatsuraku

Your Cyber Gal is Hunting Your Next Top Talent!

Artemis Calvi

@CyberHunterGal

sewersleuth

@sewersleuth4686

Lucas Troncy

@lokoumd

Nate Golick

@nate6268

.

@bshsnakskxjws

x1a0

@x1aoxia0xiao

Ginoah

@g1n04h

Pierre

@pierrecdg

ℭ𝔲𝔪 𝔇𝔢𝔲𝔰 𝔠𝔞𝔩𝔠𝔲𝔩𝔞𝔱 𝔢𝔱 𝔠𝔬𝔤𝔦𝔱𝔞𝔱𝔦𝔬𝔫𝔢𝔪 𝔢𝔵𝔢𝔯𝔠𝔢𝔱, 𝔣𝔦𝔱 𝔪𝔲𝔫𝔡𝔲𝔰. Cybersecurity engineer. (ES/EN/DE). Polymath 🇪🇦

MVS

@MVSGVS

Jack

@addr_limit

Penetration Tester @ShielderSec | Bachelor's Degree in Computer Engineering | IT and Cyber Security lover!

Paolo Cavaglià

@Paupu_95

0x

@aWM4xwtnUQ

M3noetius

@M3noetius

Pentester | Ex MD (Intensivist) | (Black) Arch Linux enthusiast - AD - Python - MalDev | DCS, Gaming, Metal+++, Geopolitics.
Opinions are my own.

💻🥷 WarthogTK 🩺 🇺🇦✈️

@tracrium

0xblank

@0xblank

Wayne

@ssh_rootAlpine

I find 0 days. Android/Linux Kernel/Crap written in C. Will trade 0 days for bottles of DRC

Scott Bauer | [email protected]

@ScottyBauer1

I'm not breaking things, they are already broken.

D020

@chmiels

#CybersecurityResearcher#Pentester
#wirrlesssecurity #Automotive
#NatureEnthusiast

Oxdine

@DINESHPrathi12

eth

@KHL_ETHA

CTO of @infosectcbr. Co-founder of @bsidescbr. Still hacking.

Silvio Cesare

@silviocesare

Cyber-security researcher at Cardiff University

Matthew Nunes

@MatthewANunes

Synacktiv

@Synacktiv

Zero Day Initiative

@thezdi

chompie

@chompie1337

Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Tweets about 0day, OS, mobile and embedded security.

Alex Plaskett

@alexjplaskett

Charles Fol

@cfreal_

The largest collection of malware source code, samples, and papers on the internet.

Password: infected

vx-underground

@vxunderground

$¯\_(ツ)_/¯, blogging on https://t.co/36oOc8Mgha and posting codes on https://t.co/P83Oen94Rc.$

Axel Souchet

@0vercl0k

Saar Amar

@AmarSaar

Orange Tsai 🍊

@orange_8361

A circus artist with a visual studio license

Yarden Shafir

@yarden_shafir

0day Researcher @ ████████████ / Baker / 0wl

b1ack0wl

@b1ack0wl

A bot that posts the latest blog posts and disclosures from Google's Project Zero

Project Zero Bugs

@ProjectZeroBugs

blasty

@bl4sty

Richard Johnson

@richinseattle

HackSys Team

@HackSysTeam

Alex Ionescu

@aionescu

Mehdi Talbi 🇵🇸

@abu_y0ussef

ϻг_ϻε

@steventseeley

LiveOverflow 🔴

@LiveOverflow

David B.

@_p0ly_

#RE #Pwn #FPV ~ Learning is endless ~ 🇫🇷 ~ @Synacktiv @AperiKube

Baptiste M.

@Creased_

Vulnerability researcher 🐛 | DOMLogger++ developer 👨🏻‍💻 | CTF with @FlatNetworkOrg, @rhackgondins 🦦 | @ECSC_TeamFrance 2023 🇫🇷

Kévin - Mizu

@kevin_mizu

Security Bug Aggregator

@BugsAggregator

Security Engineering and Architecture at @Apple. Vulnerability research. Embedded systems in @SwiftLang. Alumnus @RPISEC. Previously @ReSwitchedTeam. 🏳️‍🌈

Devon Maloney

@plailect

19 | CTF @EmuExploit / @malta_ctf | pwn/rev/crypto | Security Researcher | https://t.co/dbtTCoZMI8

Riley

@toasterpwn

xvonfers

@xvonfers

shuffle2

@shuffle2

Console hacker, former Kaspersky Team Lead of Exploits & Network Threat Detection, security researcher. For tips (thx!): https://t.co/VxJMiawFpP

Aleksei Kulaev

@flat_z

0mWindyBug

@0xwindybug

RE//verse

@REverseConf

PL 🤘🦇🤘

@phLaul

I like video games and cars, arcade lover, console and game hacker, coffee enthusiast. All tweets represent my own opinions.

Ryan M

@Grimdoomer

Frost

@Fr0st1706

Founder @ Bora Insights
👨‍💻Cybersec enthusiast
🍃Energy transition enabler

Development | Advising | Consulting 💼

Jeremy Berast

@jeremyberast

Taeyang Lee, a security researcher at @theori_io.

5unkn0wn

@5unKn0wn

Bùi Quang Hiếu 🇻🇳

@tykawaii98

cyber torture pioneer. bug bounty billionaire. most controversial pwn2own winner (contested). en🇺🇸/ru🇰🇿. she/her 🏳️‍⚧️. @emdersz 🏳️‍🌈💕

emma

@carrot_c4k3

flexing on computers, every bone and muscle. Prev. Vulnerability Research @withsecure / @pwc_uk

Felipe Warrener-Iglesias

@fwrnr

Entrepreneur, Hacker 🇱🇧🇨🇮

@WebImmunify
23th/270000 BugCrowd Hacking Platform

Hussein Daher

@HusseiN98D

Open source privacy and security focused mobile OS with Android app compatibility.

Forum, Discord, Telegram, Matrix: https://t.co/C0RaJbZosj

GrapheneOS

@GrapheneOS

Leonardo Galli

@galli_leo_

Gabriel Landau

@GabrielLandau

Security Engineer at @trailofbits. Pwndbg maintainer, justCatTheFish CTF team captain. Opinions are my own =)

Disconnect3d

@disconnect3d_pl

🤷‍♂️

@floesen_

Binary Security😉VMware Escape at TFC 2018/21/23. Hyper-V Escape in 2021. Top3 of MSRC 23 Q3/Q4, 24 Q1/Q3/24 Annual. Watchlist for security news.

VictorV

@vv474172261

Organizer of Zer0Con, POC and MOSEC #POC2024 (https://t.co/6pIiBKhgxm)

POC_Crew 👨‍👩‍👦‍👦

@POC_Crew

🐍

DRM Developer & Reverse Engineer.
My girlfriend rates me 4/5 stars

Maurice Heumann

@momo5502

Janggggg

@testanull

@[email protected]

@gabe_k

$Security but not as in "national security". Playing CTFs with @redrocket_ctf (and @Sauercl0ud). Pwn2Own Vancouver 2020..=2024\{2023}. @manf@infosec.exchange$