My bug got published today😊 Exploits and writeups for PHP 5.X -> 8.4.X: https://t.co/3ZyTUyA31i As usual PHP does not consider such a bug as a security issue even though it bypasses security that results in direct memory access that can be used to bypass disable_functions or

This is the exact attack that drained Poo.Lend for 76 trillion dollars - reportedly it was inserted by DPRK operatives under direct order from the big K after successfully exploiting a privatekey leak attack hack. Be sure to look for this one on your next audit and follow me for

https:/ /data.ddosecrets.com/APT%20Down%20-%20The%20North%20Korea%20Files/ Twitter blocking the url.

New Gundam Wing manga for its 30th anniversary: https://t.co/7p5BREe54v

Posting a throwback to some old web2->web3 boundry crossing bounties I reported years ago as duplicate ENS names are being discussed again (using unicode). First was registering invalid names with script tags that would be parsed by @etherscan even though they were invalid as

https://t.co/vrz6FQH8xe

🚨 We got RCE on Solana 🚨 Finally revealing FULL details about the RCE vulnerability we found 2 years ago. Found it. Lost it. Exploited it anyway. 🔬 Here’s what real-world bug hunting looks like:

dropping a shitty exploit/poc for this bug (CVE-2025-49113) at: https://t.co/CDjusGPA5N Can be improved but I do not care to do more for a dead bug. The guzzle chain is probably better than GPG in case of disable_functions you could pair it with my extract() uaf to exploit

this is so insane. kCTF has a first-come-first-serve policy when it comes to 0day bounties when an instance releases. this team hand crafted a proof of work solver with avx-512 instructions to beat everyone else with an 0day to the flag:

Follow up to the post from yesterday. Posting a https://t.co/GjLnSUpEDy script I use to search basic things - based on something I saw @bantg post somewhere awhile back. https://t.co/nMAD30apSe Can get the number of contracts + extract all current contract addresses (can

Just use cryo and save them all as parquets and use python to query the data? cryo contracts --rpc http://127.0.0.1:8545 --blocks 0 -c 999999 -o ${contract_dir}

Uncovering Hidden Threats in Ethereum Virtual Machines 🚨 At #Zer0Con2025, we exposed critical vulnerabilities in Ethereum Virtual Machines (EVMs) using fuzzing. Here’s what you need to know 🧵👇 #Ethereum #EVM #Fuzzing #BlockchainSecurity

personally sat on this bug for 11 years - RIP.

Still hilarious what PHP counts as "not a security issue" https://t.co/h4qY4fYA61 "this bug in xyz can bypass disabled_functions and leak all SSL certificates from all vhosts on a shared host - not security related!"

More 964 while I wait for this bug I reported to be disclosed.

First #promptinjection / #jailbreak seen in malicious #Powershell code?

Keep installing those web3 wallet s/security/backdoor/ extensions.

One of a kind generational author

am i doing this vibe coding thing right?