Felipe Warrener-Iglesias
@fwrnr
Followers
2,160
Following
266
Media
136
Statuses
1,734
flexing on computers, every bone and muscle. Prev. Vulnerability Research @withsecure / @pwc_uk
???
Joined April 2016
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Iran
• 1343060 Tweets
Iran
• 1343060 Tweets
Claudia
• 315596 Tweets
Wolves
• 171344 Tweets
Denver
• 95227 Tweets
#سیدالشهدای_خدمت
• 88668 Tweets
Jokic
• 88331 Tweets
ダルビッシュ
• 50567 Tweets
アサクリ
• 42838 Tweets
ヘリ墜落
• 32779 Tweets
Jelly
• 28233 Tweets
COMING OF AGE DAY
• 24457 Tweets
THANK YOU PAGTATAG
• 23705 Tweets
なにわ男子
• 21832 Tweets
VisiPRABOWO RakyatSEJAHTERA
• 19743 Tweets
KitaKOMPAK KitaMAJU
• 19027 Tweets
#LokSabhaElctions2024
• 16610 Tweets
Happy New Week
• 15516 Tweets
Gcinile
• 14507 Tweets
Grootman
• 13301 Tweets
交通系IC
• 12466 Tweets
#MondayMotivation
• 11726 Tweets
Pinned Tweet
I was awarded $65,400 for my submissions on
@bugcrowd
#ItTakesACrowd
The
#bugbounty
#bugbountytip
here is turn off your testing mindset and turn on your vulnerability research mindset.
59
38
704
Recently had a disappointing experience on
@Bugcrowd
. Reported two critical vulnerabilities to
@FISGlobal
compromising integrity of a product. One bug took 3 months for full payment, while the other was marked as self-duplicate due to copy-pasting of code...?
9
1
41
@nicojrme
@nico_jeannen
@daniel_nguyenx
Exactly, this is a conflict of interest. They could just DDoS the customers themselves to boost revenue...
2
0
41
@Hammad7361
You cannot 'download' .php files by visiting them... That's the whole point of php, to not reveal the code. You're probably getting 0 size because these files are libraries and are not meant to output any data, they are instead meant to be imported by other php files.
1
0
37
@nicojrme
@nico_jeannen
@daniel_nguyenx
Or, more realistically, implement relatively poor DDoS protection for their own benefit.
0
0
28
3
1
26
@edbutler2
@jonathandata1
Hi Ed, the person you've featured here has a track record of maliciously spreading misinformation on device security that has been disproven and debuinked by some of the world's top security professionals (eg.
@taviso
). Please take this story down and do better journalism.
0
0
23
@jobertabma
@Hacker0x01
Did you train the AI agent off of the submissions of humans in hackerone? If so, that's really unethical.
3
1
17
@caseyjohnellis
Gamified VDPs extract free labour from people. Bug bounty platforms are meant to facilitate hackers being paid for their work. VDPs are a conflict of interest and a slippery slope. Bug bounty wouldn't exist without the 'no more free bugs' movement.
1
1
17
@TheOllieJT
@vallejocolors
Your tweet is not regarding the etymology of the word ‘black’ though, it’s saying the Spanish word ‘negro’ is a racial slur, which is isn’t and neither is the world black - it is essentially ‘I’m so disappointed in this company for being based in Spain’
0
0
13
1
0
14
My local boss man is now a nice guy named Shintaro who runs a small restaurant serving Fukuoka ramen, I rocked up there today at 2am and they wondered where I'd been the past few weeks. Super nice guy who teaches me more about Japan every time I visit.
2
0
14
I grilled some meat yesterday, does this mean I'm ready to become a father now? 🤣
2
0
13
I’m in the bar
@BSidesChelt
with the mega famous and next gen
@UK_Daniel_Card
@brianwhelton
come and give us hugs
2
0
12
@TheMsterDoctor1
@PikuHaku
@MiniMjStar
@young_vanda_
@intigriti
20 in a few hours? That's more than one bug every 10 minutes... Finding bugs on VDPs is not comparable to finding bugs on paid targets.
3
0
12
1
0
11
2
2
12
@theflow0
@hardwear_io
Do you not think $20,000 is pretty low? Are they only reserving the critical category for remotely exploitable vulnerabilities or scalable compromise of DRM?
1
1
10
The return of
@InfoSecSteak
…
@Steel_Con
@0xLegacyy
@infosux
@CalumBoal
@lukeDVK
@mrmdhaynes
@Clarkee
#steelcon2022
1
4
11
age = 24; I really appreciate all of my amazing twitter folk and the good times we've shared. Turbulent year but also one full of surprises and opportunities. :)
2
0
10
Toronto -> Vancouver -> Tokyo -> Bangkok
Very tired.
0
0
10
2
1
9
@Hammad7361
No, when you go to profile.php on Facebook obviously you can't access the PHP code for that file? The only way would be with an LFI
0
0
9
@AlexCervilla
@LiveOverflow
It is the scheduler that prevents the whole system from getting stuck, the scheduler uses an algorithm to determine how big of a 'time slice' that process is allowed to have amongst the other processes. And a hardware-based timer interrupt dictates the end of that time slice. :)
1
0
9
Friday was my last day
@FSecureLabs
. I’m really grateful to have met so many likeminded and talented people during my time there. I’m taking a bit of time off for the summer to recharge and will be starting a new role in August. Have a great summer everyone!
0
0
9
I don’t think I’m built for winter, I always feel like the world is on my shoulders more than usual around winter time. Early dark makes me feel tired and unmotivated. Maybe my Spanish genetics are suboptimal for this season.
2
0
8
I like Hussein and think he does great work. But I think the bug bounty community should be careful about giving so much of their useful to services like these. It can just be used to improve an attack-surface management engine. You could be paying to improve someone's product.
2
0
8
@CyberZombi3
@hackerfantastic
Hardware wise, it can, software wise it doesn't because well that would be a disaster - the replay protection protocols in the readers aren't as secure as they make out - as I found out whilst auditing one 🫢
0
0
8
I will be making my way to
@Steel_Con
once I cure this fkn hangover, hotel breakfast work your magic
1
0
8
@JeshGyawa
Why do you think people would give you this information? Information which makes them money? You're not asking a specific question, you're just saying 'take time out of your day to explain all your knowledge to me'?...
0
0
8
@BSidesCymru
@PenTestPartners
It’s too late, we saw you deep fry the pentest partners logo, there is no going back, embrace it 😎
1
1
7
Lol
@offsectraining
also forced me to take my exam on dates I did not have the time. They automatically cancelled it and want me to pay for a retake. Can we talk about how forcing people to take the exams by certain dates only benefits them?
@thecybermentor
Profiteering off of student failure is a horrible practice. If you have a poor passing rate own your failure as an educator and figure out how you can do better for your students. Jacking the price up some more to cash in on it isn't the answer.
#TryHarder
I guess. Or whatever
11
14
129
0
2
6
You’re all about to get maxpl0ited noobs
Today was my last day at F-Secure. It’s been fantastic working with this team of incredibly skilled people and I’ve learned a LOT from them
I’m excited for the future as big things are happening! (about to be a lot more active 👀)
10
0
109
0
0
7
Next gen
2
0
7
I am super grateful for these people
MEGA WEEKEND!
Thanks
@brianwhelton
Dave Thomas, plus all the goons, speakers & mentors for
#BSidesLDN2021
Epic to meet up with the team
@UK_Daniel_Card
@uidzero
@fwrnr
+ new friends!
Too many to list, but just a few...
@greg_IT
@SPCoulson
@Jenny_Radcliffe
@cybersecstu
3
1
20
0
0
7
I just sort of went into bug bounty saying "I'm not gonna be that guy with the support tickets and pinging people asking them to look into X etc" but I very quickly became that and if you don't like having labour stolen, you unfortunately will too as it's a big part of bug bounty
2
0
5
My mouth tasted of lighter fluid for about half an hour after this 🫡🫡🫡
3
0
6
There are four things certain in this life: death, taxes, the quality of Japanese whiskey, and the taste of a drink crafted by Kohei 🇯🇵 Thank you for everything you've taught me. 💪
0
0
6
I'm a massive geohot fan, he's the reason I got into hacking! But this is also true. See by Hector Martin of
@fail0verflow
- it doesn't make Geohot's hypervisor escapes any less impressive though. :)
@todayininfosec
@HydrogenNGU
This is not accurate at all and insulting to real hackers/reverse engineers such as
@fail0verflow
.
We could already jailbreak our consoles several months before this event.
The actual hackers had the keys for a long time and didn’t release them for obvious reasons.
1
2
22
3
1
6
There are worse places to spend your first life crisis, I suppose. 🙂
0
0
6
Chiang Mai CAD Khomloy sky lantern festival last night. It was so surreal.
0
1
6
Check this out from
@maxpl0it
8)
🐧New on SentinelLabs! Meet CVE-2021-43267!
@maxpl0it
has discovered a heap overflow
#vulnerability
in the
#TIPC
module of the
#Linux
Kernel which can allow attackers to compromise an entire system.
#CVE
#Kernel
#HeapOverflow
#infosec
cc:
@LabsSentinel
0
49
151
1
0
6
When I talked about OWASP Top 10 trending towards being out of touch with modern production web applications in 2019, everyone dog piled on me. Todays discussions indicate people seem to have caught up to this now. 😅
0
0
5
Managed to get 8 minutes straight in the ice cold plunge today, beating previous record of 4 minutes set just 4 days ago! Going for 10 next time 😁
0
0
5
I am speechless 😶
Translation: We got all (symmetric) ps5 root keys. They can all be obtained from software - including per-console root key, if you look hard enough!
152
1K
4K
0
0
5
@ThePrimeagen
@LiveOverflow
It's quite common in poor/developing countries where people can't afford a laptop/PC and opt to use a cheap Android device (which with optimisation and ARM instruction set, isn't a bad deal performance wise)
1
0
5
@0xHildi
@tom_marr1
@TaliaGold
@Reddit
If a company is happy to pay for what they perceive to be 8 hours work from people on this subreddit, then is it really unethical? If the company didn't feel that output was worth that pay then they wouldn't be paying it? 'minimum' implies 'acceptable'
1
0
5
I can’t access his meta mask wallet either :((((
A new way to summon the bots…
I can’t access my meta mask wallet?
18
2
36
9
0
3
Devon is packed atm and today is going to be another scorcher :) Looking forward to getting in the sea today 😅
1
0
5
@slymn_clkrsln
@bxmbn
That's an inaccuracy, which I do think he should retract/reclarify - but that's not an attack, you are adding the negative aspect the word 'VDP only' - as long as you don't think VDP only hackers aren't less worthy hackers, then it's not an attack.
1
0
4
First time making a blue cheese wedge dressing today, served alongside a 30-day dry aged Sirloin cut (and sweet potato fries not pictured!)
0
0
5
The flaming jump rope of death @ full moon had me beat this year, they actively make it harder now:) burn mark on my chin this morning haha
1
0
5
@uidzero
@mrmdhaynes
@brianwhelton
@UK_Daniel_Card
@greg_IT
@SPCoulson
@Jenny_Radcliffe
@cybersecstu
Such a good night, thanks all
0
0
5
@qwertyoruiopz
Notice how he's added 'American' to his bio right after he realises this has reached politicians whos audiences contain American surveillance state conspiracy theorists? This guy is so far past malevolence at this point.
0
0
4
My best mates have just become parents to the most gorgeous little soul, it has filled me with joy. The innocence of new life should be cherished.
1
0
5
NK really tried to spike KJC ring leader’s vaccine and still couldn’t bring him down 🤦🏻♂️
passed out after taking the J&J vaccine, had muscle spasms which broke the chair i was sitting on and ended up hitting my head against a metal pipe.. not great :\
58
18
341
0
0
4
When the sky looks like this in the morning, you know it’s going to be a good day. 💪🏼
0
0
3
I love this guy. Such a breath of fresh air and a great role model for men. I hope he can reach McGregor’s level of success without the grifting and bravado. I will always lend my ear to anyone who is struggling with their problems.
2
0
4
1
0
4
However, no retroactive adjustments were made citing submission time, and this rigid stance on submission time seems unfair given the circumstances (slow payout, radio silence, distinct bugs in my view).
1
0
4