Daniel Púa

3.1K posts

Daniel Púa banner
Daniel Púa

Daniel Púa

@devploit

Security Researcher · Head of Security @Magnific · CTF Player 🇪🇸 · @hackandbeers Málaga · Real-world infosec, no hype.

Málaga, Spain Katılım Nisan 2016
940 Takip Edilen3.1K Takipçiler
Sabitlenmiş Tweet
Daniel Púa
Daniel Púa@devploit·
working in cybersecurity nowadays: > wake up > read "new critical vuln just dropped" > summon dev and SRE in the incident channel > patch, scan, rotate secrets, redeploy > check logs to make sure you are not already cooked > take a deep breath and go to sleep > wake up > read "new critical vuln just dropped"... WELCOME TO THE AI ERA
Nebula Security@nebusecurity

Introducing nginx-poolslip, a fresh RCE for the the latest nginx release 1.31.0. nginx-rift has been patched, but our security agent Vega has found a new 0 day. We will release the full technical writeup with ASLR bypass 30 days after the patch on nebusec.ai.

English
21
217
2.4K
159.3K
Daniel Púa retweetledi
xataka
xataka@xataka·
Daniel Púa, jefe de seguridad en Magnific: "El usuario de a pie debería estar preocupado porque el phishing se está refinando con IA" xataka.com/seguridad/dani…
Español
0
1
3
4.6K
Daniel Púa
Daniel Púa@devploit·
@Bugcrowd your triagers need android training. urgently. 1/ I report a real android bug 2/ triager closes it, doesn't understand the attack 3/ program reopens it, gets the impact instantly the researcher and the vendor agree. the middle layer doesn't. fix the middle layer.
English
1
0
14
478
Daniel Púa
Daniel Púa@devploit·
how do you read android contacts without the contacts permission? you don't. you ask an app that already has it, and let it hand you the bytes. google messages did exactly that. writeup 👇
Daniel Púa@devploit

Thanks @GoogleVRP !

English
4
1
78
8.9K
Daniel Púa
Daniel Púa@devploit·
unpopular opinion: guardrails are a suggestion, not a firewall
English
0
0
0
158
Daniel Púa
Daniel Púa@devploit·
the pentest used to be a week and a report now it's a process that never ends and never files paperwork you don't have a pentest window anymore you have a permanent guest
English
0
0
0
154
Daniel Púa retweetledi
Magnific
Magnific@magnific·
On the night of San Juan, we jump over the fire. We talk, we drink, we kiss, until it's just embers In this story, the creators went the other way. Back to the moment before everything turns gray. Even in the ashes, there's still warmth. And you will always remember how the fire started Candela is made by people, using Magnific. From the music, to the characters, to the story This is created by the team at Magnific Studios
English
52
97
247
209.6K
Daniel Púa retweetledi
ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 🛡️
What I don’t think people are understanding is that ALL AI will soon be Mythos-level. Mythos wasn’t some special spooky cyber model. It was just the next thing in the factory track. Gpt-5.5 was immediately pretty close. This is just natural progression. And within a few weeks or months the open models will catch up. We need to be thinking about what’s going to happen to cyber, bio, and tons of other threat domains when every new model is this good. And perhaps even more importantly, what happens to the economy when the government pulls the lever saying it’s all now illegal. POOF
English
39
20
121
8.7K
Daniel Púa
Daniel Púa@devploit·
you don't need a zero-day when the agent has a yes-day
Daniel Púa tweet media
English
0
0
0
103
Daniel Púa
Daniel Púa@devploit·
jwt .io shows you the token. it won't tell you how to break it. so i built jwtforge. it audits JWTs for vulns (alg:none, algorithm confusion, kid/jwk injection) and forges working attack tokens with curl/burp/nuclei/jwt_tool ready to run. all in your browser. nothing leaves your tab. jwtforge.com
English
1
25
164
8.6K
Daniel Púa retweetledi
sudox
sudox@kmcnam1·
sudox tweet media
ZXX
6
12
99
2.5K
Daniel Púa
Daniel Púa@devploit·
a bugcrowd triager marked my report "not applicable" because the impact wasn't understood tesla's team took another look, followed the full attack chain, reopened the vuln and rewarded me this is how a bug bounty program is supposed to work kudos to @Tesla
Daniel Púa tweet mediaDaniel Púa tweet media
English
0
0
1
166
Daniel Púa
Daniel Púa@devploit·
3 submitted. 1 triaged. 1 accepted. at this point "submitted" is not a status, it's a lifestyle
Daniel Púa tweet media
English
0
0
2
367
Daniel Púa
Daniel Púa@devploit·
POV: you're red teaming a system that rewrites its own code 52x faster than you can read the diff anthropic just said that system is closer than people think good luck with the pentest report
Anthropic@AnthropicAI

Our internal data shows Claude is accelerating AI development—a possible path to recursive self-improvement, or AI autonomously building a more capable successor. It’s happening faster than we thought, and the implications deserve greater attention. anthropic.com/institute/recu…

English
0
0
0
364
Daniel Púa
Daniel Púa@devploit·
MITRE just assigned me 5 CVEs across 3 npm packages you've never thought about. 500M+ downloads a month. the scariest vulns aren't in your code. they're in your node_modules. names drop when the embargo lifts.
Daniel Púa tweet media
English
0
0
2
531