Alvaro Muñoz

@pwntester

Security Researcher with . CPO (Chief Pwning Officer) at ;) CTF . Opinions here are mine!

Madrid  
pwntester.com
Vrijeme pridruživanja: prosinac 2008.
169 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @pwntester

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @pwntester

  1. proslijedio/la je Tweet
    3. velj

    OK Google: bypass the authentication! :D by

    4 proslijeđena tweeta 12 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    30. sij

    Does anyone remember any explicit (or highly suspected/suspicious) bugdoor attempts in OSS history besides the = vs == uid thing in the Linux kernel?

    25 replies 15 proslijeđenih tweetova 27 korisnika označava da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    30. sij

    In my team at GitHub, we'd like to study examples of "nefarious commits" in open source, which introduce a bug on purpose. Can you point me at such commits? Could it have been detected by analysing the committer's behaviour as well as the code change itself?

    275 proslijeđenih tweetova 795 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    27. sij

    Indeed, some of the new challenges were somewhat hard, but I enjoyed them and learned new tricks. Fortunately, I solved them all fast enough, so I didn't lose my first place in the ranking. 😀 These labs are totally recommended, as always!

    We told you our new XSS labs were difficult. No one has managed to solve them all yet.
    1 reply 6 proslijeđenih tweetova 21 korisnik označava da mu se sviđa
    Poništi
  5. 25. sij

    Nice! Glad the DotNetNuke gadget helped you win ! Feel free to contribute the new bridge gadget to if you want :)

    Tweet je nedostupan.
    3 proslijeđena tweeta 18 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    23. sij

    And now Alvaro Muñoz is breaking SAML at the GitHub Security Meetup.

    3 proslijeđena tweeta 18 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    21. sij

    Welcome to 2 new security researchers in the GitHub Security Lab: and !

    3 proslijeđena tweeta 33 korisnika označavaju da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    20. sij

    Once again, an app without any permission could access restricted information from the Download and TV Providers. The proof-of-concept apps and source code are public too: Fixes for all of them were released in November 2019.

    2 proslijeđena tweeta 6 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    20. sij

    Last year I published 3 high-severity vulnerabilities in Android () I did some additional research and reported new similar issues some months ago. These advisories are now public:

    1 reply 25 proslijeđenih tweetova 21 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    16. sij

    If you are using TLS client authentication with Java 11 or Java 13 you should patch your servers NOW.

    7 replies 81 proslijeđeni tweet 119 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    16. sij

    Here are some examples of vulnerabilities found in the past: CVE-2019-16763 () and CVE-2019-9844 ()

    1 reply 1 proslijeđeni tweet 8 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    16. sij

    Thursday mini-challenge: Triage some of the bugs on and report interesting ones to the maintainers! We have pretty cool GitHub swag waiting for you.

    1 reply 6 proslijeđenih tweetova 8 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    11. sij

    1. Never stop learning. 2. See failure as a beginning. 3. Teach others what you know. 4. Assume nothing, question everything. 5. Analyze objectively. 6. Practice humility. 7. Respect constructive criticism. 8. Love what you do. 9. Give credit where it's due. 10. Take initiative.

    61 reply 5.464 proslijeđena tweeta 13.632 korisnika označavaju da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    10. sij

    Awesome line-up of speakers for the GitHub Security Meetup, January 22 in San Francisco:

    4 proslijeđena tweeta 11 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    8. sij

    We are excited to announce that , will be presenting "Breaking SAML (.NET Edition)" at the GitHub Security Meetup, Jan 22 San Francisco.

    5 proslijeđenih tweetova 18 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. 10. sij

    Thank you all for the best wishes. I will be joining a team of great security researchers at . Excited to start contributing to a better and more secure OSS!

    7 replies 5 proslijeđenih tweetova 91 korisnik označava da mu se sviđa
    Poništi
  17. 10. sij

    After 9 years at , its time to move on and take on new challanges. Thanks to all the amazing people I met on the way!

    17 replies 1 proslijeđeni tweet 70 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    23. pro 2019.

    a kid with a weird obsession can invest more free time into something than an adult might have in a decade a nontrivial number of people I know are living off returns on human capital they accidentally created as 14 year olds

    67 replies 1.116 proslijeđenih tweetova 7.741 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. 5. pro 2019.

    Seems like is hot again! Two talks with great findings at BlackHat EU this week:

    26 proslijeđenih tweetova 69 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    5. pro 2019.

    New deserialisation attack vector discussed at which can lead to RCE, done via Jdbc uri ( usually found in fundamental classes, such as URLClassLoader) Combining this attack vector, can bypass all of the blacklists and gain Remote Code Execution.

    31 proslijeđeni tweet 89 korisnika označava da im se sviđa
    Poništi

@pwntester još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·