Marc Montpas

@marcS0H

Software Entomologist focusing on dangerous species. Security Research Engineer .

République de la Poutine
montpas.me
Inscrit en avril 2014
12 Photos et vidéos Photos et vidéos

Tweets

Vous avez bloqué @marcS0H

Êtes-vous sûr de vouloir voir ces Tweets ? Les voir ne débloquera pas @marcS0H

  1. a retweeté
    26 déc. 2021

    The end of PHP LFI challenges (?) -

    1 réponse 50 Retweets 175 j'aime
    Supprimer
  2. a retweeté
    15 déc. 2021

    Today we're publishing a detailed technical writeup of FORCEDENTRY, the zero-click iMessage exploit linked by Citizen Lab to the exploitation of journalists, activists and dissidents around the world.

    73 réponses 1 830 Retweets 4 928 j'aime
    Afficher cette discussion
    Afficher cette discussion
    Supprimer
  3. 14 déc. 2021

    Update ASAP.

    During an internal audit of the All In One SEO plugin, we uncovered an SQL Injection vulnerability and a Privilege Escalation bug. If you're using this plugin, we recommend you update it as soon as possible.
    5 j'aime
    Supprimer
  4. a retweeté
    4 nov. 2021

    2 réponses 6 Retweets 14 j'aime
    Supprimer
  5. a retweeté
    4 nov. 2021

    I'm excited to be able to let you all know that WPScan has been acquired by . I want to thank everybody that has ever supported me and believed in me.

    35 réponses 38 Retweets 221 j'aime
    Supprimer
  6. a retweeté
    4 nov. 2021

    Jetpack is acquiring WPScan, a WordPress vulnerability database used across the WordPress ecosystem to learn about new vulnerabilities. Read more about how we're planning to make malware data and APIs more open source for all.

    4 réponses 16 Retweets 31 j'aime
    Supprimer
  7. a retweeté
    29 oct. 2021

    We uncovered security issues in Smash Balloon Social Post Feed Plugin (also known as Custom Facebook Feed) that could grant attackers access to your privileged information. Click below to find out more on how you can protect your site.

    6 Retweets 8 j'aime
    Supprimer
  8. a retweeté
    27 oct. 2021

    This might be the vuln with the highest impact I found so far.. and it is very simple to exploit. Please patch your instances

    Warning: We discovered a critical vulnerability in GoCD that can be exploited by unauthenticated attackers to takeover CI/CD pipelines. We recommend patching your GoCD immediately. Find out more:
    1 réponse 3 Retweets 20 j'aime
    Supprimer
  9. 25 oct. 2021

    If you love technical write-ups as I do, this should be the one thing you read this morning. Awesome find!

    Read the details about -2021-21703 on our Ambionics' blog, a 10 year-old Local Root vulnerability affecting PHP-FPM, FastCGI's server. PHP-FPM is often used with major HTTPd servers such as and .
    1 Retweet 4 j'aime
    Supprimer
  10. a retweeté
    19 oct. 2021

    GoSecure ethical hackers found a bug in MySQL that left AWS WAF users vulnerable to SQL injection. Our team further confirmed modsecurity to be affected, but protection is within reach as described in the blog.

    30 Retweets 42 j'aime
    Supprimer
  11. a retweeté
    14 oct. 2021

    WP Fastest Cache Patches Authenticated SQL Injection and Stored XSS Via CSRF Vulnerabilities

    2 réponses 9 Retweets 12 j'aime
    Supprimer
  12. 14 oct. 2021

    I found something...

    We uncovered multiple vulnerabilities in WP Fastest Cache plugin that could grant attackers access to your privileged information. Click below to find out more on how you can protect your site.
    4 j'aime
    Supprimer
  13. 11 oct. 2021

    Of Crickets And Blockchain

    1 réponse
    Supprimer
  14. 4 oct. 2021

    Facebook, Instagram and WhatsApp are down. Appears to be DNS related.
    Afficher cette discussion
    Supprimer
  15. 23 juil. 2021

    ♫♫♫ Don’t just be stabbing in the darkness Using grep, and using less You should probably check them
 DNS ♫♫♫

    Today DNS was down.. it had global impact impacting some of the biggest brands on the web... So important, here is a song about it... "DNS.. DNS... DNS... DNS... there is not way it could be.... DNS.. DNS DNS.. DNS.. DNS... "
    Afficher cette discussion
    Supprimer
  16. a retweeté
    22 juil. 2021

    We just patched a severe vulnerability in the WooCommerce Currency Switcher plugin. If you are using an older version of this plugin, we encourage you to update immediately.

    4 Retweets 3 j'aime
    Supprimer
  17. a retweeté
    16 juil. 2021

    Great technical write up on the latest Woocomerce vulnerability by

    4 Retweets 8 j'aime
    Supprimer
  18. a retweeté
    22 juin 2021

    CTF write up of a cool problem I solved with using prototype pollution and a graphql injection in a PDF renderer --

    37 Retweets 93 j'aime
    Supprimer
  19. a retweeté
    16 juin 2021

    Happy Birthday !

    5 réponses 13 Retweets 97 j'aime
    Supprimer
  20. a retweeté
    20 mai 2021

    Here is the link for the conference! Starting with an amazing talk by and moderated by yours truly.

    5 Retweets 6 j'aime
    Supprimer

@marcS0H n'a pas encore tweeté.

Le chargement semble prendre du temps.

Twitter est peut-être en surcapacité ou rencontre momentanément un incident. Réessayez ou rendez-vous sur la page Twitter Status pour plus d'informations.

    Vous aimerez peut-être aussi

    ·