Shielder
@ShielderSec
Followers
2K
Following
281
Media
151
Statuses
466
InfoSec boutique. Owning things since 2014. We love to go for the extra mile, where we usually find the best π¦ππͺ²πͺ³πππ· the others miss.
Italy
Joined July 2014
Want to learn more about our approach into auditing complex libraries and writing cool exploits? Attend @OSTIFofficial's meetup where our very own @Th3Zer0 and @suidpit will talk about the "Security Audit of OpenEXR" ποΈ: Dec 02 π: 20:00 CET RSVP:
luma.com
View and subscribe to events from OSTIF Meetups on Luma.
0
6
8
π₯π₯π₯
So, Symantec/Broadcom PAM seems to contain code in PHP, Java, and Perl simultaneously. Guess how many issues are hiding there? @Paupu_95 keeps the tension high, and we still donβt know the answer. This #TheSAS2025 talk is quite thrilling.
0
1
1
Attending #theSAS25? Meet @Paupu_95 for his PAM pwnage talk! It won't be recorded and it might *wink wink* contain a cool drop you don't want to miss π
0
3
7
Attending #TheSAS2025? Don't miss our gangster @Paupu_95 pull off a credential heist, taking down a PAM and going from no info to full infra compromise!
Youβve done everything right: least privilege, PAM solution deployed, users donβt even know passwords. What could go wrong? Paolo CavagliΓ (@Paupu_95) from Shielder has the answer in his #TheSAS2025 talk, "Grand Theft Credential: Ransomware Gangsβ Wet Dream" π° His team spent
1
3
3
ππΏ Hackers! Are you a Red Teaming Wizard π§πΏ looking for a new challenge? @ShielderSec is hiring a Red Teaming Lead to join our crew! More info β¬οΈ (share appreciated) #hiring #redteaming
https://t.co/l7yi7QpvlZ
romhack.io
Check for RomHack sponsor's job opportunities
0
6
12
@OSTIFofficial @AcademySwf @ndaprela @smaury92 @suidpit @Th3Zer0 Blog post: https://t.co/0CfE7HBwFg Reports:
0
1
2
π¨ New Open Source Audit Alert! π¨ Shielder, with @OSTIFofficial & @AcademySwf, audited OpenEXR and MaterialX: π 11 issues found (1 critical, 3 still to be published) βοΈ Most fixed, others planned π£οΈ to @ndaprela @smaury92 @suidpit @Th3Zer0 Full details in the blog post β¬οΈπ§΅
1
5
9
[ZDI-25-655|CVE-2025-54438] Samsung MagicINFO 9 Server downloadChangedFiles Directory Traversal Authentication Bypass Vulnerability (CVSS 9.8; Credit: Paolo Cavagli, Abdel Adim Oisfi, and Nicola Davico of Shielder)
zerodayinitiative.com
Samsung MagicINFO 9 Server downloadChangedFiles Directory Traversal Authentication Bypass Vulnerability
0
2
13
[ZDI-25-657|CVE-2025-54440] Samsung MagicINFO 9 Server MagicInfoWebAuthorClient Unrestricted File Upload Remote Code Execution Vulnerability (CVSS 9.8; Credit: Paolo Cavagli, Abdel Adim Oisfi, and Nicola Davico of Shielder)
zerodayinitiative.com
Samsung MagicINFO 9 Server MagicInfoWebAuthorClient Unrestricted File Upload Remote Code Execution Vulnerability
0
1
4
Last week @Apple released MacOS 13.4 which contains a fix for a vulnerability @suidpit exploited to escape the Sandbox. Update now and stay tuned for the technical details! Ref: https://t.co/fSRCbM8WbQ
0
8
18
In Lausanne for @1ns0mn1h4ck? Donβt miss the chance to meet our very own @not4nhacker! If you're into cursed OAuth hacking techniques or breaking mobile apps, find a comfy spot -- you might be there for a while!
5
3
5
#Karmada showed camaraderie with their security audit! Navigated with support from the @CloudNativeFdn and auditing by @ShielderSec, the work is now available publicly- read on below! π
1
1
5
It was smooth sailing with the Karmada maintainer team, @ShielderSec, and the CNCF for this audit!
Read all about the results of the recent security audit of #CNCF project Karmada, a #Kubernetes orchestration system for running #cloudnative applications across different clouds and clusters π° Read more from @OSTIFofficial, who completed the audit β‘οΈ https://t.co/ESIySnO0o1
0
3
4
π¨ New Open Source Audit Alert! π¨ Shielder, with @OSTIFofficial & @CloudNativeFdn, audited @karmada_io: π 6 issues found (1 high, 1 medium, 2 low, 2 info) βοΈ Most fixed, others planned. π£οΈ to @suidpit and @Th3Zer0 Full details in the blog post! https://t.co/mkRiqw7joX
shielder.com
Karmada Security Audit, sponsored by the CNCF (Cloud Native Computing Foundation), facilitated by Open Source Technology Improvement Fund (OSTIF) and performed by Shielder.
0
8
20
Muy buena la charla βRiding the DYLD Rocket: Escaping from macOS Sandbox at Mach 1337β de @suidpit en #theSAS2024
0
1
3
Attending @TheSAScon in the beautiful BaliποΈ? Make sure not to miss @suidpit's talk about his novel research on the macOS π sandbox and how to bypass it. ποΈ Wednesday, October 23 - 15:10
0
5
15