Md Ismail Šojal 🕷️
@0x0SojalSec
Followers
32K
Following
53K
Media
893
Statuses
39K
Cyber_Security_Re-searcher || 0SINT || Malware Analysis II Pwn || Ai Re-searcher || Project AI-StrikeSec || 0ld Accounts Suspended @0xSojalSec ||
localhost
Joined October 2021
Again...Bluetooth (CVE-2025-48593)[374746961][Bluetooth]RCE related to HF client discovery database(bta_hf_client_cb_init, 0-click RCE???) https://t.co/ITSQLYGTCJ
Android Security Bulletin - November 2025 https://t.co/qGBt0rdqk1
1
10
39
Finds and downloads data breaches for an email address.💤 - https://t.co/WtCQsp4nSR
#infosec #cybersec #bugbountytips
0
2
3
nightmare POC.
🔍 Critical flaws in Microsoft Teams could have allowed attackers to impersonate executives, spoof notifications, and alter messages — breaking the trust of a platform used by 320M+ people. Read more: https://t.co/Ya1UxMHRyl
#VulnerabilityResearch #MicrosoftTeams #CyberSecurity
4
11
237
Another day, another interesting Azure behavior. If your client made an exclusion for one app regarding MFA, they also disabled MFA for Microsoft Graph without even knowing it. https://t.co/iUgJFL6kyQ
#Azure #RedTeaming
fr.linkedin.com
Français plus bas You did your homework by enabling MFA for all users and resources within your Azure tenant. However, you need one of your apps to be excluded because it has an associated automation...
1
17
92
Google literally runs a program to pay people to fix bugs in critical OSS projects. Ffmpeg is explicitly in scope. Anyone can just send a fix and fill out a form and get paid. https://t.co/OWV8g0fmjC This is all so dumb.
18
54
1K
Let's do interactive #bugbounty learning. Path-based IDORs. Fun! You visit a webpage with your browser, which should be Firefox, at https://www[.]place[.]com/user/12345. The webpage forces a client request to https://api[.]place[.]com/api/v3/users/12345 This request
10
62
341
Two bombshell stories all cybersecurity professionals must read: 1. Ex-ASD boss of US Exploiter Developer sold exploits to the Russians https://t.co/IMuP0wfRUQ 2. Employees of a US ransomware negotiation firm ran attacks with BlackCat ransomware https://t.co/3yJ9Dlasir
0
48
156
I made this script to fuzz non-printable characters. It takes a URL and fuzzes after and before the `/`.
@h4x0r_dz @user826924 Yes, with HTTP/1.1 it’s straightforward: just create an Intruder payload like §XX§, use a brute force payload set abcdef0123456789, and add two processing rules: Add % and URL-decode. Unfortunately, HTTP2 is a binary protocol, so that trick won’t work: you’d need a ketled request
6
29
320
GitHub - Nowafen/pE: Simple roadmap for "Post Exploitation"
github.com
Simple roadmap for "Post Exploitation". Contribute to Nowafen/pE development by creating an account on GitHub.
0
14
77
Reminder anyone can buy/sell a chrome extension. Here’s the story of how @tuckner did just that and took over my browser. https://t.co/8nQTZtpSqD
secureannex.com
An investigation into buying access to browsers through extensions
6
22
146
D4m0n/CVE-2025-50168-pwn2own-berlin-2025: CVE-2025-50168 Exploit PoC — Pwn2Own Berlin 2025 - LPE(Windows 11) winning bug. -
github.com
CVE-2025-50168 Exploit PoC — Pwn2Own Berlin 2025 winning bug. - D4m0n/CVE-2025-50168-pwn2own-berlin-2025
0
24
131
It's been two months and some dude named "Orange" is still leaking sensitive stuff from the Iranian government. Last week he leaked credentials to various infrastructure they possess, BTC wallet addresses, etc https://t.co/pGJjysrLXY
github.com
Exposing CharmingKitten's malicious activity for IRGC-IO Counterintelligence division (1500) - KittenBusters/CharmingKitten
20
48
514
Exploiting CVE-2025-21479 on a Samsung S23 - https://t.co/r8D5JxWkhM
#MobileSecurity #Android #infosec
xploitbengineer.github.io
Motivation A couple of years ago, I picked up a few of Samsung S23’s at Pwn2Own.
1
22
115
If you’re a hacker or infosec pro, you should definitely read the short paper, Reflections on Trusting Trust by Ken Thompson. https://t.co/KRPLpZQsow
13
79
464
Current status: There's a conflict between Google cybersecurity researchers and the @ffmpeg project that doesn't have the resources to fix the vulns Google finds. So I'm busy trying to understand the bug to figure out how to patch it. Google provided enough information to
53
61
1K
[1day1line] CVE-2025-23271: Heap overflow vulnerability in NVIDIA nvdisasm https://t.co/hrQaOeNBrj Today's 1day1line occurred while processing the .reloc section of a 32-bit ELF file in nvdisasm, which allows you to examine various information (disassembly, debugging, etc.)
hackyboiz.github.io
URL https://talosintelligence.com/vulnerability_reports/TALOS-2025-2191 Target NVIDIA nvdisasm 12.8.90 Explain NVIDIA nvdisasm는 CUDA toolkit에 포함된 도구로 CUDA ELF 파일의 disassembly, control low graphs,...
3
11
47
‼️ Meet Ryan Clifford Goldberg, a Digital Forensics and Incident Response manager at Sygnia, he is one of three insiders accused of cybercrimes. He allegedly conducted cyberattacks using ALPHV BlackCat ransomware. Goldberg and two other insiders ran ransomware operations since
50
185
714
vulnerability I found in Signal Signal Desktop Path Traversal vulnerability in Attachment Saving https://t.co/Az8Mc411xH
medium.com
Signal Desktop Path Traversal vulnerability in Attachment Saving summary I found a path-traversal bug in Signal Desktop’s attachment save feature. The app uses the attachment’s fileName from the …
8
63
375
''Let’s Create Some Polymorphic PIC Shellcode!'' #infosec #pentest #redteam #blueteam
https://t.co/zpB2kWzrX0
g3tsyst3m.com
Alright I’ll admit I’m pretty pumped for today’s post 😸 Shellcode and x64 Assembly are one of my favorite topics to cover. I don’t know why, but something about assembly and shellcode fascinates me....
1
14
56