Marc Montpas

@marcS0H

Software Entomologist focusing on dangerous species. Security Research Engineer .

République de la Poutine
montpas.me
Joined April 2014
12 Photos and videos Photos and videos

Tweets

You blocked @marcS0H

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @marcS0H

  1. Retweeted
    26 Dec 2021

    The end of PHP LFI challenges (?) -

    1 reply 50 retweets 175 likes
    Undo
  2. Retweeted
    15 Dec 2021

    Today we're publishing a detailed technical writeup of FORCEDENTRY, the zero-click iMessage exploit linked by Citizen Lab to the exploitation of journalists, activists and dissidents around the world.

    73 replies 1,830 retweets 4,928 likes
    Show this thread
    Show this thread
    Undo
  3. 14 Dec 2021

    Update ASAP.

    During an internal audit of the All In One SEO plugin, we uncovered an SQL Injection vulnerability and a Privilege Escalation bug. If you're using this plugin, we recommend you update it as soon as possible.
    5 likes
    Undo
  4. Retweeted
    4 Nov 2021

    2 replies 6 retweets 14 likes
    Undo
  5. Retweeted
    4 Nov 2021

    I'm excited to be able to let you all know that WPScan has been acquired by . I want to thank everybody that has ever supported me and believed in me.

    35 replies 38 retweets 221 likes
    Undo
  6. Retweeted
    4 Nov 2021

    Jetpack is acquiring WPScan, a WordPress vulnerability database used across the WordPress ecosystem to learn about new vulnerabilities. Read more about how we're planning to make malware data and APIs more open source for all.

    4 replies 16 retweets 31 likes
    Undo
  7. Retweeted
    29 Oct 2021

    We uncovered security issues in Smash Balloon Social Post Feed Plugin (also known as Custom Facebook Feed) that could grant attackers access to your privileged information. Click below to find out more on how you can protect your site.

    6 retweets 8 likes
    Undo
  8. Retweeted
    27 Oct 2021

    This might be the vuln with the highest impact I found so far.. and it is very simple to exploit. Please patch your instances

    Warning: We discovered a critical vulnerability in GoCD that can be exploited by unauthenticated attackers to takeover CI/CD pipelines. We recommend patching your GoCD immediately. Find out more:
    1 reply 3 retweets 20 likes
    Undo
  9. 25 Oct 2021

    If you love technical write-ups as I do, this should be the one thing you read this morning. Awesome find!

    Read the details about -2021-21703 on our Ambionics' blog, a 10 year-old Local Root vulnerability affecting PHP-FPM, FastCGI's server. PHP-FPM is often used with major HTTPd servers such as and .
    1 retweet 4 likes
    Undo
  10. Retweeted
    19 Oct 2021

    GoSecure ethical hackers found a bug in MySQL that left AWS WAF users vulnerable to SQL injection. Our team further confirmed modsecurity to be affected, but protection is within reach as described in the blog.

    30 retweets 42 likes
    Undo
  11. Retweeted
    14 Oct 2021

    WP Fastest Cache Patches Authenticated SQL Injection and Stored XSS Via CSRF Vulnerabilities

    2 replies 9 retweets 12 likes
    Undo
  12. 14 Oct 2021

    I found something...

    We uncovered multiple vulnerabilities in WP Fastest Cache plugin that could grant attackers access to your privileged information. Click below to find out more on how you can protect your site.
    4 likes
    Undo
  13. 11 Oct 2021

    Of Crickets And Blockchain

    1 reply
    Undo
  14. 4 Oct 2021

    Facebook, Instagram and WhatsApp are down. Appears to be DNS related.
    Show this thread
    Undo
  15. 23 Jul 2021

    ♫♫♫ Don’t just be stabbing in the darkness Using grep, and using less You should probably check them
 DNS ♫♫♫

    Today DNS was down.. it had global impact impacting some of the biggest brands on the web... So important, here is a song about it... "DNS.. DNS... DNS... DNS... there is not way it could be.... DNS.. DNS DNS.. DNS.. DNS... "
    Show this thread
    Undo
  16. Retweeted
    22 Jul 2021

    We just patched a severe vulnerability in the WooCommerce Currency Switcher plugin. If you are using an older version of this plugin, we encourage you to update immediately.

    4 retweets 3 likes
    Undo
  17. Retweeted
    16 Jul 2021

    Great technical write up on the latest Woocomerce vulnerability by

    4 retweets 8 likes
    Undo
  18. Retweeted
    22 Jun 2021

    CTF write up of a cool problem I solved with using prototype pollution and a graphql injection in a PDF renderer --

    37 retweets 93 likes
    Undo
  19. Retweeted
    16 Jun 2021

    Happy Birthday !

    5 replies 13 retweets 97 likes
    Undo
  20. Retweeted
    20 May 2021

    Here is the link for the conference! Starting with an amazing talk by and moderated by yours truly.

    5 retweets 6 likes
    Undo

@marcS0H hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·