BrunoZero
@BrunoModificato
Followers
2K
Following
2K
Media
60
Statuses
421
CTFer for: @Water_Paddler / Security auditor @osec_io my writeups: https://t.co/XurIhbWdj7 24y
Joined December 2016
Happy to talk there :).
We’re excited to announce that Bruno Halltari (@BrunoModificato) will be speaking at the Bug Bounty Village at DEF CON 33!. Stay tuned for more details on their talk, you won’t want to miss it. #BugBounty #DEFCON #BBV #BugBountyVillage
6
6
36
I hope the AI hype ends soon: :'(. The quality of infosec reports and write-ups has been declining so much because of AI slop.
2
1
21
Just completed this yesterday, it was fun with some cool tricks! It's been a while since I did a challenge, but I loved it. Thanks @joaxcar for the challenge
⏰ It's CHALLENGE O'CLOCK!.👉 Find the FLAG before Friday the 16th of May.👉 Win €400 in SWAG prizes.👉 We'll release a tip for every 50 likes on this tweet.Thanks @joaxcar for the challenge 👇.
0
0
4
New research 🫡.
NEW: A few months ago, we uncovered an authentication bypass in Web3Auth that could have led to full account takeover. In this deep dive, we break down how we found the issue and expose other authentication misconfigurations lurking in Web3.
0
1
17
RT @osec_io: NEW: A few months ago, we uncovered an authentication bypass in Web3Auth that could have led to full account takeover. In thi….
0
36
0
Metamask team has some js chads.
These folks are fenomenal. It was a privilege to work with them!.
0
0
3
RT @osec_io: We just finished an audit for Lavamoat webpack plugin and found an interesting behaviour related to how the URL costruct() was….
0
5
0
If you like our research "Supply Chain Attacks: A New Era" please vote it :D. there is another article where I was involved " Zoom Session Takeover - Cookie Tossing Payloads" if you like that too pls feel free to vote it XD.
Voting is now live for the Top Ten (New) Web Hacking Techniques of 2024! Browse the nominations & cast your votes here:
0
0
18
I have so much fear every time I have to explain to a triager DOS via Cache Poison with some non conventional way. pray for me 💀.
0
0
13
RT @hackmdio: our new look is here 🎨. we're ushering in the next chapter of HackMD with an updated logo, bold colors, and a new site. read….
0
36
0
Las Vegas is a city where everyone begs for tips even for doing something that requires 0 effort, not sure if it's an american thing or just Las Vegas.
@josephfcox Defcon attendees are not the "ideal las vegas clients", that spend a lot at games and walk drunk like zombies all days getting scammed all over their way. this was my 3rd Defcon, and got to the conclusion:.Vegas is too hot, too expensive, fake,generally hostile to average hacker.
0
0
6
New job research :. 1) Check how Lavamoat can protect someone from supply chain attacks.2) A bypass on lavapack. And some other fun stuff :).
NEW: Supply chain attacks are increasing in popularity in Web3. Lavamoat has emerged as a robust defense mechanism - but it’s not perfect. This blog spills the beans on some sneaky bypasses, and show how tricky it is to lock down JavaScript ecosystems.
0
8
24
RT @H4R3L: New blog! This time a high severity session takeover in Zoom worth $15,000. Read the story of how @sudhanshur705 , @BrunoModific….
0
127
0
RT @kevin_mizu: I think it's time for a solution ⏰. TL;DR.- Eventlet normalizes - to _ in header keys. - The Fetch spec blocks Transfer-Enc….
0
24
0
Playing CTF kind of gives me anxiety and stress, I have a lot less motivation. However, I love those single good challenges on Twitter. I suggest this one :)
Small Challenge Time 🚩. Rules 📜.- You should display an alert containing the flag cookie :). If you find the solution, please do not send it in the comments; send me a DM instead 📩. Challenge link and sources👇.- -
2
5
55
I've just moved in Zurich and I'm already in love with the way of life here, I no longer miss Barcelona. And just realized how bad was living in Italy.
2
0
32
Got a solution, even if mine probably wasn't the smartest one. I kinda like those minimalistic challenges with cool tricks. I recommend trying it.
This Friday, I'm presenting a novel technique as part of my talk "Secret web hacking knowledge - CTF authors hate these simple tricks". I've made a challenge about it, will you be able to pop an alert on ? The whole source code is in the screens below :)
0
0
11
Today I turn 24, wanted to do an introspection post for 2024 because a lot of stuff happened but I am too lazy and was also super sick. But our research post "Metamask Snaps: Playing in the Sand" has been nominated here. Please vote it (if you like it).
Nominations are now open for the top 10 new web hacking techniques of 2023! Check out the nominations so far, and make your own here ->
2
3
29
It's been a while since I did technical research just to take a break for the sake of my mental health, but we recently published a research related to Metamask Snaps, including :. 1) How does the Metamask sandbox work, especially on the Snap environment.2) A bug on the sandbox.
Metamask Snaps: Playing in the Sand.Published November 1st, 2023 .
1
4
33