Pepijn

wired.com/story/tmobile-… It's been well over 20 days to say a single f... word on the hackerone report I have with them. @Hacker0x01, @TMobile when can I publicly disclose?

Zero to Hero: The process of reversing and exploiting complex vulnerabilities! twitter.com/i/broadcasts/1…

Here is why NetNTLMv1 should be disabled in prod networks ASAP. Besides cracking the hash back to NTLM (and then forging Silver Tickets) is straightforward, there is also a lesser known but immediate relay attack path by removing the MIC and doing RBCD abuse. Demo in screenshots.

We are excited to announce our friend @corg_e will be the new manager of vx-underground merchandise. In the following days (or weeks?) we will have a new e-commerce domain. tl;dr kawaii merchandise, or something

@vxunderground maybe start replying to hackerone reports

I have like 50 RCE bugs on this BB target. But EVERY time I have submitted a bug to this company it's a dup. So I'm conditioned to not submit them. I think bug bounties are creating some type of bystander effect...

January 22, 2023 — AS21859 — ZEN-ECN [US] — leaked 1348 prefixes creating 1349 conflicts with 44 ASNs in 8 countries. Propagation: 100%. Duration: 1 hour 20 minutes.

@infosec_au May be @DIVDnl can help informing the owners of vulnerable instances? :)

found a pre-auth xss 0day today that affects over 5M hosts on the internet lol

When I see TikTok being used as C2, this is how I know I’m getting too old for this shit

T mobile confirms it was breached (again) for the 6th.. or 8th time? Since 2018? We've lost count.

@stokfredrik ❤️

To be fully transparent, I’m not the best version of myself right now. I’m ok, but if I didn’t respond to your dm, email or call, hang in there. I just need some time to.. exist, without performing. So I’m just gonna do that for a while. That said, redteam always wins!

Get idea. Buy domain. Watch domain expire. Repeat.

Palo Alto vs Crowdstrike giving credit. 😂 cc @Purp1eW0lf

It’s like I always say: “These sequence diagrams aren’t going to animate themselves!” CVE-2021-1732 (win32k kernel type confusion -> OOB-R/W) (Based on ti.dbappsecurity.com.cn/blog/wp-conten…)

@kruveon @Sonar_Research apache will normalize this back to ../

@kruveon @Sonar_Research On linux you can set the Windows UA

Can you spot the vulnerability? #codeadvent2022 #PHP It is always challenging for developers to account for multiple operating systems... sonarsource.com/knowledge/code…

Another one bites the dust 😎