Sam Thomas

@_s_n_t

Director of research at , previously an independent researcher (). Opinions are my own etc..

pentest.co.uk
Joined September 2008
20 Photos and videos Photos and videos

Tweets

You blocked @_s_n_t

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @_s_n_t

  1. Pinned Tweet
    19 May 2018

    [ Honored | Thrilled | Terrified ] to be presenting an interesting PHP exploitation technique at this year

    12 replies 32 retweets 121 likes
    Undo
  2. Retweeted
    Jul 3

    . researchers have published a detailed write-up of a critical vulnerability in Drupal 8 that left websites open to remote takeover

    1 reply 15 retweets 29 likes
    Show this thread
    Show this thread
    Undo
  3. Retweeted
    Jul 3

    Read all about our latest - A Remote Code Execution (RCE) vulnerability our researchers found within Core, versions 8 & 9 (CVE-2020-13664). Huge well to Lorenzo Grespan and for all their hard work on this --->

    1 reply 36 retweets 55 likes
    Undo
  4. Retweeted
    Jun 22

    New CVE added! RCE found within core (under certain circumstances). Make sure you've patched to the latest version & look out for our research blog coming soon 👀 ---> Kudos to & Lorenzo Grespan for all their research on this 🙌

    1 reply 11 retweets 21 likes
    Undo
  5. Retweeted
    Jun 17

    As promised, here's the research detailing our recent finding in WordPress (CVE-2020-4046 - From XSS in core to RCE) --- > Huge credit to for all his hard work on this 🙌

    1 reply 41 retweets 79 likes
    Undo
  6. Retweeted
    Jun 11

    Patch now. We've got a blog coming soon on why

    WordPress 5.4.2 Security and Maintenance Release
    2 replies 10 retweets 24 likes
    Undo
  7. Retweeted
    Apr 21

    A bit of research done by and myself resulted in this CVE 😊

    Read the findings for CVE-2020-7055. A flaw we identified within the file upload functionality of the Elementor Wordpress plugin. By abusing this flaw, we found it was possible to upload an executable php shell & execute commands on the remote server.
    2 retweets 8 likes
    Undo
  8. Retweeted
    Apr 21

    Read the findings for CVE-2020-7055. A flaw we identified within the file upload functionality of the Elementor Wordpress plugin. By abusing this flaw, we found it was possible to upload an executable php shell & execute commands on the remote server.

    5 retweets 10 likes
    Undo
  9. Retweeted
    Mar 11

    New advisory added to the list (CVE-2020-10243). Kudos to for all his work on this one!

    2 replies 4 retweets 11 likes
    Undo
  10. Retweeted
    Feb 10

    Last week we announced CVE-2020-8498, a Cross-Site Scripting (XSS) vulnerability in the GistPress WordPress Plugin. Take a look at the technical findings -

    4 retweets 7 likes
    Undo
  11. Retweeted
    Jan 15

    Another added to the list of advisories, with hopefully more to come soon. Huge well done to and on this one 🙌

    6 retweets 10 likes
    Undo
  12. Retweeted
    23 Dec 2019

    Forget the last minute Christmas shopping. Stay in, stay warm and have a go at Avalanche 2, our brand new . Merry Christmas all!

    1 reply 7 retweets 11 likes
    Undo
  13. Retweeted
    5 Jul 2019

    Coming to ? We're excited to be sponsoring this years after ! 🎈🎉

    10 retweets 25 likes
    Undo
  14. Retweeted
    2 Jun 2019

    Sunday morning blog post: Using Frida to steel credentials from KeePass.

    12 replies 206 retweets 519 likes
    Undo
  15. Retweeted
    12 Apr 2019

    Phartastic work by our head of research has been getting recognised. We see you too and . Stay classy.

    1 reply 18 retweets 27 likes
    Undo
  16. Retweeted
    12 Apr 2019

    PHP deserialization techniques offer rich pickings for security researchers

    1 reply 3 retweets 7 likes
    Show this thread
    Show this thread
    Undo
  17. Retweeted
    11 Apr 2019

    I was very excited when these two bugs came in! I am very glad that I can finally talk abut them. :)

    4 retweets 8 likes
    Undo
  18. Retweeted
    11 Apr 2019

    Although not a full winner in our initiative, these 2 bugs are pretty interesting and can still get RCE. breaks down the details & provides PoC for these now patched bugs at . Read more about at .

    13 retweets 29 likes
    Undo
  19. Retweeted
    2 Jan 2019

    Full writeup on exploiting 's Math.expm1 typing bug in V8, from analysis of the bug to RCE. Definitely one of the most difficult bugs I've ever worked on. Enjoy!

    4 replies 189 retweets 427 likes
    Undo
  20. Retweeted
    3 Jan 2019

    🙈 It feels somewhat funny to start your new year reading a detailed description of how to turn a seemingly trivial bug of yours truly into a serious security exploit in . h/t

    2 replies 15 retweets 68 likes
    Undo
  21. Retweeted
    3 Dec 2018

    Learn all about Phar Deserializations, a new exploitation technique in PHP that leads to RCE in . Open now the third door of our Calendar 2018

    Day 3 - WooCommerce #2
    8 retweets 24 likes
    Undo

@_s_n_t hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·