Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @_s_n_t
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @_s_n_t
-
Pinned Tweet
[ Honored | Thrilled | Terrified ] to be presenting an interesting PHP exploitation technique at
@BlackHatEvents#BHUSA this year https://www.blackhat.com/us-18/briefings/schedule/index.html#its-a-php-unserialization-vulnerability-jim-but-not-as-we-know-it-11078 …pic.twitter.com/x65vqRRCbsThanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
.
@pentestltd researchers have published a detailed write-up of a critical vulnerability in Drupal 8 that left websites open to remote takeoverhttps://pentest.co.uk/labs/research/drupal-8-remote-code-execution-by-estimating-installation-time-of-site/ …Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
Read all about our latest
#research - A Remote Code Execution (RCE) vulnerability our researchers found within#Drupal Core, versions 8 & 9 (CVE-2020-13664). Huge well to Lorenzo Grespan and@_s_n_t for all their hard work on this ---> https://buff.ly/3iyKSr0 pic.twitter.com/iv9z4zL8dFThanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
New CVE added! RCE found within
#Drupal core (under certain circumstances). Make sure you've patched to the latest version & look out for our research blog coming soon---> https://buff.ly/2AXRePE Kudos to
@_s_n_t & Lorenzo Grespan for all their research on thispic.twitter.com/kbZKcA9HD8
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
As promised, here's the research detailing our recent finding in WordPress (CVE-2020-4046 - From XSS in
#WordPress core to RCE) --- > https://buff.ly/2Az8zyi Huge credit to@_s_n_t for all his hard work on thispic.twitter.com/nzkyaz2C76
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
Patch now. We've got a blog coming soon on whyhttps://twitter.com/WordPress/status/1270847554595573760 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
A bit of research done by
@_s_n_t and myself resulted in this CVEhttps://twitter.com/pentestltd/status/1252618547764789248 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
Read the findings for CVE-2020-7055. A flaw we identified within the file upload functionality of the Elementor Wordpress plugin. By abusing this flaw, we found it was possible to upload an executable php shell & execute commands on the remote server. https://buff.ly/3eDVUt1 pic.twitter.com/3WjtRHeOKY
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
New advisory added to the list (CVE-2020-10243). Kudos to
@_s_n_t for all his work on this one! https://buff.ly/3aQqbSJ pic.twitter.com/Lu3obVztuyThanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
Last week we announced CVE-2020-8498, a Cross-Site Scripting (XSS) vulnerability in the GistPress WordPress Plugin. Take a look at the technical findings - https://buff.ly/39aSNVZ pic.twitter.com/apY8WL54Xp
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
Another
#CVE added to the list of advisories, with hopefully more to come soon. Huge well done to@_s_n_t and@kylefleming217 on this onehttps://buff.ly/2RjpFo3 pic.twitter.com/w7GvsN3kYc
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
Forget the last minute Christmas shopping. Stay in, stay warm and have a go at Avalanche 2, our brand new
#CTF. Merry Christmas all! https://buff.ly/2ZgSMf8 pic.twitter.com/arL5vGtyPkThanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
Coming to
#BSidesMCR2019? We're excited to be sponsoring this years after#party!https://buff.ly/2FTSkeF
@BSidesMCRpic.twitter.com/IpNEFQYy5tThanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
Sunday morning blog post: Using Frida to steel credentials from KeePass.https://medium.com/@two06/fun-with-frida-5d0f55dd331a …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
Phartastic work by our head of research
@_s_n_t has been getting recognised. We see you too@trendytofu and@jaywalknet. Stay classy.https://portswigger.net/daily-swig/phar-out-php-deserialization-techniques-offer-rich-pickings-for-security-researchers …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
PHP deserialization techniques offer rich pickings for security researchershttps://portswigger.net/daily-swig/phar-out-php-deserialization-techniques-offer-rich-pickings-for-security-researchers …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
I was very excited when these two
#Drupal bugs came in! I am very glad that I can finally talk abut them. :)https://www.zerodayinitiative.com/blog/2019/4/11/a-series-of-unfortunate-images-drupal-1-click-to-rce-exploit-chain-detailed …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
Although not a full winner in our
#TIP initiative, these 2#Drupal bugs are pretty interesting and can still get RCE.@trendytofu breaks down the details & provides PoC for these now patched bugs at http://bit.ly/2G9cd0h . Read more about#TIP at http://bit.ly/2RDVHK3 .Thanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
Full writeup on exploiting
@_tsuro's Math.expm1 typing bug in V8, from analysis of the bug to RCE. Definitely one of the most difficult bugs I've ever worked on. Enjoy!https://abiondo.me/2019/01/02/exploiting-math-expm1-v8/ …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
It feels somewhat funny to start your new year reading a detailed description of how to turn a seemingly trivial bug of yours truly into a serious security exploit in
@v8js. h/t@anbiondohttps://abiondo.me/2019/01/02/exploiting-math-expm1-v8/ …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Sam Thomas Retweeted
Learn all about Phar Deserializations, a new exploitation technique in PHP that leads to RCE in
#WooCommerce. Open now the third door of our#PHP#Security Calendar 2018 https://www.ripstech.com/php-security-calendar-2018/ …pic.twitter.com/8S3EVKTjASThanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.