Two weeks ago, I did my first (in-person) @Hacker0x01 LHE in Singapore! I worked with @hash_kitten and @infosec_au, and I'm really happy with how it went and what we found :D (We won the Best Team and Best Bug awards! 🔥) It was an amazing event, thanks @Hacker0x01! 😁

LET'S GET THE BALL (BEARINGS) ROLLING ONLY 4 WEEKS LEFT UNTIL SKATEBOARDING DOG CTF @BSidesCbr 2025 WATCH THE COUNTDOWN ON OUR WEBSITE: https://t.co/Mbp0MzpT8E

Turns out my #PHRACK article is live! 🔥 > The Art of PHP — My CTF Journey and Untold Stories! Kinda a love letter to those CTF players & PHP nerds! Hope all the credit goes to the right ppl. Also huge thanks to @0xdea for not forgetting me, @guitmz for the edits, and the

This month's Christmas in July release from @SLCyberSec's Security Research team is a pre-authentication RCE vulnerability in Sawtooth Lighthouse Studio (CVE-2025-34300). This software is prevalent and hidden in plain sight. Read more on our blog: https://t.co/1IqFTTeA4i

Pre-auth bugs in enterprise software? Yes please. @hash_kitten takes us inside their research on Adobe Experience Manager—uncovering critical, pre-auth vulnerabilities in a platform powering 45,000+ sites. Live at BSides Canberra 2025: https://t.co/xTLfK6ZGKC

To kick off our Christmas and July research posts, we explain how we achieved persistent XSS on every Adobe Experience Manager Cloud instance, not twice, but thrice! This is now patched across all of AEM cloud, but what an interesting attack surface! https://t.co/T8AwmmgmUn

We discovered a pre-authentication RCE vulnerability in Craft CMS caused by an obscure PHP foot gun (CVE-2024-56145), approx 150k sites created with Craft CMS. You can read @Assetnote's Security Research team's blog on the issue: https://t.co/UuzXePNVeT #attacksurfacemanagement

Our security researcher @hash_kitten found one of the most critical exploit chains in the history of @assetnote. Affecting 40k+ instances of ServiceNow, we could execute arbitrary code, access all data without authentication. You can read our blog here: https://t.co/2yTgn1NzhY

At @assetnote, we published our research on Magento's pre-authentication XXE (CVE-2024-34102). @hash_kitten and I reproduced this issue together. It is a brilliant vulnerability originally found by Sergey Temnikov. You can read our research here: https://t.co/wENjzVSAYh

I've written another set of challenges this year and I'm really happy with how they turned out. Make sure you check out DUCTF this weekend :)

Did you enjoy the latest blogpost on PHP filter chains? Well, our ninja @_remsio_ strikes again with a new article detailing how you can abuse them to leak files from the targeted system, as well as a freshly developed tool to exploit it!

Just learned you can exploit blind file-reads in PHP by combining the dechunk filter with the PHP memory limit. This crazy finding by @hash_kitten is a great reminder to pay attention to CTF writeups! https://t.co/gaB0aEQsQo

I've written some challenges this year. Make sure you check DUCTF out! =)

Finished Google CTF 2021 at #13 with 🛹🐻 GG to everyone involved! crypto writeups (all challenges): https://t.co/VdouC76z7D