Similar User
@KONCRETE
@IAmMandatory
@hi_im_d4rkn3ss
@testanull
@hir0ot
@VietPetrus
@Junior_Baines
@PTDuy
@tony_tsep
@kpeori
@JillPar32808675
@dloreto007
staying at least a little busy during time off / self (un?) employment.
Congratulations to all the researchers recognized in this quarter’s MSRC 2024 Q3 Security Researcher Leaderboard! 🎉Thanks to all the researchers who partnered with us for your hard work and continued dedication to securing our customers. Learn more in our blog post:…
Nice! Tenable Researcher used their second attempt to compromise the Lorex 2K Indoor Wi-Fi in the most subtle of way. They head off to the disclosure room with the details. #Pwn2Own #P2OIreland
Some Fortinet Nday.. for now.... :-) CVE-2024-23113 labs.watchtowr.com/fortinet-forti…
Our latest post detailing compromising the #PaloAlto #Expedition. While investigating CVE-2024-5910, we discovered and reported 3 additional vulnerabilities allowing an attacker to obtain RCE and leak integration credentials across the ecosystem. horizon3.ai/attack-researc…
At @assetnote, we identified DNS poisoning on an estimated 30M+ domains. We noticed this in 2021, but suspect that it's been happening for a lot longer. We detail the analysis, theories and two practical and reliable client-side exploitation vectors. dnspoison.com
💀Here is my unauthenticated whatsup gold SQL injection to authentication bypass exploit P.S: my Friday starts now github.com/sinsinology/CV…
Fortra FileCatalyst Workflow CVE-2024-6633: dbPassword="GOSENSGO613"
PORT STATE SERVICE VERSION 4406/tcp open jdbc HSQLDB JDBC (Network Compatibility Version 2.3.4.0)
feels important to mention that the first thing that came to mind when drafting this was a mockup of this image, and the “SSRFing” pun for the title. Understand why it didn’t get used, but feel the need to share the vision.
This was the last thing I found / worked on while still at Tenable. A fun SSRF via Microsoft Copilot Studio leading to a critical info disclosure (CVE-2024-38206). Thanks to @DinoBytes and the team for helping get this one out. tenable.com/blog/ssrfing-t…
This was the last thing I found / worked on while still at Tenable. A fun SSRF via Microsoft Copilot Studio leading to a critical info disclosure (CVE-2024-38206). Thanks to @DinoBytes and the team for helping get this one out. tenable.com/blog/ssrfing-t…
over the last half a year, @rhinozzcode and i have worked on an investigation into Tracki, a "world leader in GPS tracking", and ExploreTalent, one of the biggest talent listing services in the world. what the hell do those two have in common? (feature art by @fourleafisland)
Cool find from @DinoBytes tenable.com/blog/compromis…
.@SinSinology dropped some great tips for anyone struggling to stay motivated and wanted to share them with y'all. Here they are: 1. Get the reps in, you can’t avoid this part (continued in thread).
Another product, another deserialization vulnerability, another RCE from @mwulftange: Patch your Telerik Report Server (CVE-2024-6327 & CVE-2024-6096) code-white.com/public-vulnera…
Meet ConfusedFunction 😕 - A privilege escalation vulnerability I recently discovered in GCP: tenable.com/blog/confusedf…
Progress just un-embargoed a very closely guarded auth bypass in MOVEit Transfer's SFTP mechanism - CVE-2024-5806. We were lucky enough to receive a tip-off :-) Enjoy our analysis, we had a lot of fun. labs.watchtowr.com/auth-bypass-in…
🚨🚨🚨PoC DROP! Full Details 🔥 of the Veeam Enterprise Manager Authentication Bypass🩸CVE-2024-29849 is out now! 🪲 summoning.team/blog/veeam-ent…
Grandstream, a leading manufacturer of IP voice and video communication equipment, has had significant vulnerabilities in their cloud identified and reported by Atropos. These flaws could compromise the VoIP infrastructure of thousands of companies. atropos.ai/third-times-a-…
Our deep-dive, IOCs, and exploit for CVE-2023-34992, an unauth command injection as root, effecting #Fortinet #FortiSIEM appliances. horizon3.ai/attack-researc…
#TenableResearch has discovered a critical memory corruption vulnerability dubbed Linguistic Lumberjack in #FluentBit, a core component in the monitoring infrastructure of many cloud services. ⚠️ CVE-2024-4323 spr.ly/6017dmkbd
Speaker Feature: Evan Grant & Jimi Sebree (@dinobytes / @stargravy) - "Consumer Routers Still Suck" Come see Jimi / Evan at RVAsec 13! buff.ly/3Uh2Fq4
![Coder, inquisitive, tech enthusiast, car lover :-]](https://pbs.twimg.com/profile_images/1107400462519676928/BhQI_gu8.jpg)
United States Trends
- 1. #TheOfficialTSTheErasTourBook 6.763 posts
- 2. #TTPDTheAnthology 5.456 posts
- 3. #socialpanel24_com N/A
- 4. #socideveloper_com N/A
- 5. Black Friday 467 B posts
- 6. Great War 7.996 posts
- 7. #TaylorSwift 1.198 posts
- 8. Secured 36,7 B posts
- 9. YOKO AT BVLGARI 192 B posts
- 10. Datsun 11,8 B posts
- 11. Pledis 55,7 B posts
- 12. Winter Ahead 892 B posts
- 13. Barron 34,3 B posts
- 14. Algebra 9.868 posts
- 15. The Party Never Ends 21,6 B posts
- 16. YMCA 16,4 B posts
- 17. Swiftie 15,1 B posts
- 18. Rental 15,4 B posts
- 19. Bibby 1.656 posts
- 20. Cyber Monday 11,9 B posts
Who to follow
-
Danny Jones Podcast
@KONCRETE -
mandatory.bsky.social
@IAmMandatory -
Thach Nguyen Hoang 🇻🇳
@hi_im_d4rkn3ss -
Janggggg
@testanull -
Dinh Hoang
@hir0ot -
Petrus Viet
@VietPetrus -
Jacob Baines
@Junior_Baines -
Phan Thanh Duy 🇻🇳
@PTDuy -
Antonios Tsepouras
@tony_tsep -
Aurora Temporalis
@kpeori -
Jill Parsons
@JillPar32808675 -
Dennis Loreto
@dloreto007
Something went wrong.
Something went wrong.