Sabitlenmiş Tweet
Ivan
119 posts
Ivan
@Ivanklydz
Security researcher with deep focus on vulnerability detection.
Katılım Nisan 2025
67 Takip Edilen265 Takipçiler
@ArnaldoCapo @LiamKearney99 @valigo that's still not the case, the key they got is a github pat, allows attackers to enumerate and read/write all repos in the org, that's how they exfiltrated everything
English
@Ivanklydz @LiamKearney99 @valigo Let me explain. The extension got the user’s keys. The keys allowed the hacker to ssh into github.com and when you ls in the ssh terminal they got all the code that the hacked user had access. Pretty basic if you’ve ever ssh’ed or used *nix terminal
English
🚨 BREAKING 🚨
Infamous Russian hacker and beatboxer exposes exactly how hackers got access to private GitHub repositories
English
btw, this 0-day still exist in github!
Valentin Ignatev@valigo
🚨 BREAKING 🚨 Infamous Russian hacker and beatboxer exposes exactly how hackers got access to private GitHub repositories
English
Nice work, it can be chained for full compromise.
Rebane@rebane2001
back in 2022 i found a bug that would let me, with no user interaction, turn any chromium-based browser into a permanent js botnet member in edge, you wouldn't even notice anything out-of-place, and would stay connected to the c2 even after closing the browser
English
@IntCyberDigest what do you have to say about this?
x.com/foilmanhacks/s…
Jason Sawyer@foilmanhacks
Hey man, you know this is my work. We had an agreement and you blew it. "Our investigation" My investigation, you had a dead lead and I turned it into gold at 2am last night. We we're going to handle this properly but you posted without even consulting me.
English
‼️🚨🇨🇳 BREAKING: We identified exposed admin panels for Chinese air defence and drone systems across an entire region.
The panels are reachable from the open internet and protected only by default credentials. Our investigation shows this is not isolated. A large number of these intelligence and military systems are deployed the same way.
English
Hey man, you know this is my work.
We had an agreement and you blew it.
"Our investigation"
My investigation, you had a dead lead and I turned it into gold at 2am last night.
We we're going to handle this properly but you posted without even consulting me.
English
@Ivanklydz Idk man, I don't see any community note, so it must be true
English
@rebane2001 nope, I'm demonstrating the exact vulnerability you found as you can see in the screenshot, I'm just hinting there is a chaining opportunity
English
People still using Shodan in 2026 amaze me.
vxdb@vxdb
Censys has so many more results than Shodan
English
@luseemeow just copying the link and pasting it in the browser bar will decode it, no need for sending it on discord
English
@WeirdQuadratic @NewYorkFBI wanna get in touch? something spicy is about to happen I guess
English
Yo @NewYorkFBI , send me a written apology for everything you people ever did, like a truely sincere one, by 9pm, my timezone, and I wont upload what I'm about to upload. You can delay what is going to happen. Up to you whether you want to do it or now. I dont care either way.
English
