
b0n0b0
@b0n0b0__
Followers
85
Following
331
Media
6
Statuses
86
CTF player @fibonhack Security Analyst and Researcher @CodeanIO
Joined September 2022
RT @thomasrinsma: You can now read my WASM->JS escape write-up online. Full PoC is included at the end of the article. .
0
35
0
RT @CodeanIO: Two of our Codean Labs colleagues evaluated OpenPGP.js and identified a signature spoofing vulnerability. Writeup includes a….
codeanlabs.com
CVE-2025-47934 allows attackers to spoof arbitrary signatures and encrypted emails that appear as valid in OpenPGP.js. The only requirement is access to a single valid signed message from the target...
0
3
0
RT @thomasrinsma: Here's the write-up for the OpenPGP.js signature spoofing bug which @b0n0b0__ and I found. The PoC is included at the end….
codeanlabs.com
CVE-2025-47934 allows attackers to spoof arbitrary signatures and encrypted emails that appear as valid in OpenPGP.js. The only requirement is access to a single valid signed message from the target...
0
32
0
RT @mailvelope: 🚨 Security Alert: A critical vulnerability (CVE-2025-47934) in OpenPGP.js (the crypto library Mailvelope is using) allows s….
0
3
0
RT @yeswehack: InfoSec media has jumped on the story of a vulnerability found via the OpenPGP.js Bug Bounty program on @yeswehack that allo….
0
8
0
RT @CodeanIO: At Codean Labs, our mission is to make the world more secure — and what better way than to secure fundamental open source pro….
github.com
### Impact A maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning dat...
0
3
0
RT @thomasrinsma: @b0n0b0__ and I found a bug in OpenPGP.js that allowed an attacker to modify a valid signature's text, without access to….
github.com
### Impact A maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning dat...
0
4
0
RT @CodeanIO: Codean Labs' @b0n0b0__ and @Doyensec's @drw0if discovered CVE-2025-32464, a heap-buffer overflow in HAProxy. Read our write-u….
codeanlabs.com
CVE-2025-32464 is a vulnerability in HAProxy 2.2 up to 3.1.6-d929ca2 which allows an attacker to perform a DoS attack exploiting specific usages of the regsub converter. It cause a heap buffer...
0
6
0
Always great to work with you mate. We also published a small write-up about this vulnerability, check it out!.
codeanlabs.com
CVE-2025-32464 is a vulnerability in HAProxy 2.2 up to 3.1.6-d929ca2 which allows an attacker to perform a DoS attack exploiting specific usages of the regsub converter. It cause a heap buffer...
0
0
6
RT @zi0Black: My team is hiring a talented Application Security Engineer, position is open to remote candidates worldwide🌎 Proven experien….
job-boards.greenhouse.io
Aptos is a people-first blockchain on a mission to help billions of people achieve universal and fair access to decentralized assets in a safe and scalable way. Aptos (Ohlone for "The People")...
0
9
0
RT @smaury92: Romhack is coming up and the CfP is still open!.Got novel research you’d love to present in front of an eager audience, with….
cfp.romhack.io
Schedule, talks and talk submissions for RomHack Conference 2025
0
2
0
RT @thomasrinsma: Just published the write-up of two bugs I found in LibreOffice, allowing remote exfiltration of file/env data and a semi-….
codeanlabs.com
Attackers can write semi-arbitrary files in the filesystem, and remotely extract values from environment variables and from INI-like files in the filesystem via two vulnerabilities in LibreOffice....
0
17
0
RT @thomasrinsma: Here's a working game of Tetris inside a PDF. Even has keyboard controls (by typing WASD in an input box). Plus, upon gam….
0
320
0
RT @thomasrinsma: Credits to @b0n0b0__ and @g_dellimmagine for helping find and PoC these buffer overflows :).
0
4
0
RT @fibonhack: Checklist before going to @nohatcon 2024:.- Leave the luggage empty, need space to bring back swag and Polenta Taragna from….
0
4
0