Mindless

36 posts

Mindless

@Mindlaess_

Cyber security enthusiast, CTF player, hacker wannabe. Currently penetration tester @ Shielder s.p.a.

Katılım Eylül 2021

73 Takip Edilen44 Takipçiler

Mindless retweetledi

fibonhack@fibonhack·2d

The worst LPE in years on the kernel drops and we're hosting a CTF next week. Want to participate in an incredible hacking camp in Rome next october, hosted by our friends @cybersaiyanIT ? Get on board and qualify your team! till-dawn.fibonhack.it ctftime.org/event/3111

English

816

Mindless retweetledi

Shielder@ShielderSec·6d

Can a hostile container sneak past your eBPF tracing? Sometimes, yes. With @OSTIFofficial & @CloudNativeFdn we audited Inspektor Gadget - 3 vulns (fixed), 6 hardenings, 6 bypasses (io_uring, openat2, jumbo frames…). Work by @ndaprela & @suidpit👏 🔗 shielder.com/blog/2026/04/i…

English

1.9K

Mindless@Mindlaess_·15 Nis

After a long break from bug bounty I decided to give it another try, and my latest interest in Android apps definitely paid off! Cheers to @realcyberdart for the opportunity and quick responses o7

English

Mindless@Mindlaess_·9 Nis

:')

ZXX

Mindless@Mindlaess_·2 Nis

@evilsocket I gotta admit, skimming through oss-fuzz for low coverage/poorly tested projects has been prolific for me! Definitely a fun way to exercise and learn lots of things

English

208

Simone Margaritelli@evilsocket·2 Nis

BTW this is the second time that I pwn a major project claiming to be covered by oss-fuzz. And I do this as a noob, just for fun on the weekends. Why aren't the pros questioning the effectiveness of oss-fuzz with the same passion they use while attacking AI assisted research? :D

Simone Margaritelli@evilsocket

Mongoose network library <= 7.20 CVE-2026-5244 - mg_tls_recv_cert pubkey heap-based overflow (exploitable) CVE-2026-5245 - mDNS Record stack-based overflow (exploitable) CVE-2026-5246 - authorization bypass via P-384 Public Key (trivially exploitable) Fun ride.

English

116

15.7K

Mindless retweetledi

Shielder@ShielderSec·24 Mar

#KubeCon EU starts today and guess what? Our very own @suidpit will be on stage with a panel about the @kubernetesio Security Audit we performed during 2025 with the support of @OSTIFofficial! 🗓️ March 25 - 16:45 CET 📍 Hall 8 | Room F

English

616

Mindless retweetledi

Shielder@ShielderSec·19 Mar

Attending @1ns0mn1h4ck? Meet @not4nhacker @Luk3ros and @Sev1rus from our AppSec and Red teams! They are eager to discuss about breaking complex authentication implementations and relaying all the things to DA!

English

454

Mindless retweetledi

Shielder@ShielderSec·31 Oca

Love breaking things just to see how they work? 🐛🔨 A @ShielderSec delegation is on the ground at @fosdem, and we're looking for fellow hackers and security researchers. If you are passionate about securing the Open Source world, we definitely need to talk!

English

555

Mindless retweetledi

Shielder@ShielderSec·25 Kas

Want to learn more about our approach into auditing complex libraries and writing cool exploits? Attend @OSTIFofficial's meetup where our very own @Th3Zer0 and @suidpit will talk about the "Security Audit of OpenEXR" 🗓️: Dec 02 🕗: 20:00 CET RSVP: luma.com/ostif-meetups?…

English

728

Mindless retweetledi

Shielder@ShielderSec·26 Eki

Attending #theSAS25? Meet @Paupu_95 for his PAM pwnage talk! It won't be recorded and it might *wink wink* contain a cool drop you don't want to miss 👀

Paolo Cavaglià@Paupu_95

Ready for #theSAScon25 in Khao Lak 🇹🇭 🌴 Ping me if u wanna say hi!

English

1.6K

Mindless retweetledi

Shielder@ShielderSec·7 Nis

Last week @Apple released MacOS 13.4 which contains a fix for a vulnerability @suidpit exploited to escape the Sandbox. Update now and stay tuned for the technical details! Ref: support.apple.com/en-us/122373

English

2.2K

Mindless retweetledi

TumpiCon@TumpiConIT·6 Şub

Hey hackers! We’ve started sending out the first invites — check your inbox! 👀 Didn’t get one? Take the fast track and submit a talk!

English

2.3K

Mindless retweetledi

Shielder@ShielderSec·16 Oca

🚨 New Open Source Audit Alert! 🚨 Shielder, with @OSTIFofficial & @CloudNativeFdn, audited @karmada_io: 🔍 6 issues found (1 high, 1 medium, 2 low, 2 info) ✔️ Most fixed, others planned. 🗣️ to @suidpit and @Th3Zer0 Full details in the blog post! shielder.com/blog/2025/01/k…

English

2.5K

Mindless retweetledi

Shielder@ShielderSec·22 Eki

Attending @TheSAScon in the beautiful Bali🏝️? Make sure not to miss @suidpit's talk about his novel research on the macOS 🍎 sandbox and how to bypass it. 🗓️ Wednesday, October 23 - 15:10

English

781

Mindless retweetledi

Shielder@ShielderSec·29 Ağu

Our very own @suidpit will present his novel #macOS research at @TheSAScon - if you want to learn more about the macOS sandbox and how to escape it make sure to be in Bali 🏝️ from Oct 22 to Oct 25 at #TheSAS2024

TheSAS2026@TheSAScon

🍎 With many #macOS security mechanisms at work, one might wonder how malware manages to bypass them. Get ready for a deep dive into macOS security architecture and novel evasion techniques during Pietro Tirenna's (@suidpit) talk at #TheSAS2024. 🚀 Secure your seat: kas.pr/6pyu

English

1.6K

Mindless retweetledi

TheSAS2026@TheSAScon·28 Ağu

English

3.4K

Mindless@Mindlaess_·28 Ağu

The advisories about my first CVEs are finally public, big thanks to all the seniors that assisted me during the research!

Shielder@ShielderSec

During a recent engagement @Mindlaess_ hacked his way through @vtigercrm which led to discover a privilege escalation and a SQL injection. Learn more in the dedicated advisories: - CVE-2024-42994 #sqli shielder.com/advisories/vti… - CVE-2024-42995 #privesc shielder.com/advisories/vti…

English

240

Mindless retweetledi

Shielder@ShielderSec·22 May

Back in December 2023 our researchers @Th3Zer0 @suidpit and @Mindlaess_ performed an audit sponsored by @awscloud and facilitated by @OSTIFofficial on boost. It resulted in 7 findings and 15 new fuzzers. The report is now public, check the details here: shielder.com/blog/2024/05/b…

English

1.2K

Mindless retweetledi

Shielder@ShielderSec·8 Mar

During a recent Red Team Assessment @Th3Zer0 and @smaury92 discovered a vulnerability in @PostgreSQL's #PgAdmin which in the worst case allows unauthenticated attackers to run arbitrary server-side code. Check out the #RCE advisory and patch now! shielder.com/advisories/pga…

English

13.3K

Mindless retweetledi

Shielder@ShielderSec·22 Ara

🎉 Cheers hackers! 🎊 As we bid farewell to 2023, let's celebrate together! 🎁 Like, follow, and retweet for a chance to WIN a €30 coupon for swag.shielder.com! 🏆 3 winners will be selected by EOY! #giveaways #swag

English

4.1K

Keşfet

@cybersaiyanIT @OSTIFofficial @CloudNativeFdn @ndaprela @suidpit @realcyberdart @evilsocket @kubernetesio