Simon Scannell
@scannell_simon
Followers
3K
Following
1K
Media
5
Statuses
195
Cloud Vulnerability Research @ google. Opinions are my own
~
Joined October 2018
Wow I’m happy to learn the ClamAV exploit was awarded with a Pwnie! 🥳 The exploit was presented at RECon 2023 and will be presented with more detail at Hexacon.
5
6
100
RT @typhooncon: 🌪️ Speaker Announcement!. Excited to welcome @scannell_simon to the #TyphoonCon2025 Conference lineup!.Join us in Seoul on….
0
3
0
RT @cffsmith: I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Was….
0
107
0
RT @Shadowserver: Sharing rsync instances vulnerable to CVE-2024-12084 RCE (version check only) in our updated daily Accessible Rsync repor….
0
4
0
RT @amlweems: 🕺"Leaving tradition" is one of the best parts of Google's security culture and has led to some of the most interesting attack….
0
1
0
RT @amlweems: Learn how Google CVR could have potentially exfiltrated Gemini 1.0 Pro before launch last year. We describe the vulnz, the fi….
0
16
0
RT @royalhansen: Exciting news from @Google's CVR team! They've discovered vulnerabilities in the Kakadu JPEG 2000 library. Their innovativ….
0
8
0
RT @Sonar_Research: Critical Roundcube XSS technical details: Desanitization, unsafe Content-Types, CSS exfiltration, and a Service Worker….
0
54
0
RT @chompie1337: The past year has been amazing. From marriage, to Pwn2Own to a Pwnie Award, I'm so grateful. I'm using the money I've won….
0
121
0
RT @Sonar_Research: What could go wrong when Java speaks to C?. They certainly don't speak the same language. Read more about a critical p….
0
22
0
Very excited to present this with @amlweems! See you in Berlin!. (@epereiralopez and @thatjiaozi) were also working on that project and will also be there :).
The Mines of Kakadûm: Blindly Exploiting Load-Balanced Services by @scannell_simon and Anthony Weems
0
6
26
RT @gynvael: Hey folks, if you're looking for an amazing security engineer, check out @dustriorg whom I had the pleasure to work with on a….
0
11
0
RT @amlweems: I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-conc….
0
852
0
RT @ashl3y_shen: Another Google Cloud service (Cloud Run) is abused by #Astaroth, #Mekotio & #Ousaban banking trojans. The campaign was tar….
0
4
0
RT @Sonar_Research: Critical Vulnerabilities in CasaOS 🏠. Sometimes, the most simple bugs are the best ones!. Have you ever seen a malforme….
0
18
0
Neat authentication bypass! Great work as always from @scryh_.
🔥 Unauthenticated RCE vulnerability in JetBrains TeamCity (CVE-2023-42793) 🔥. We just disclosed the technical details explaining how a vulnerable Request Interceptor and a few undocumented endpoints led to RCE on one of the most popular CI/CD servers:.
1
1
10
RT @Sonar_Research: ⚠️ Unauthenticated RCE vulnerability in JetBrains TeamCity (CVE-2023-42793) ⚠️. Attackers could steal source code and p….
0
34
0
RT @pspaul95: Super excited to publish this blog post! One of the most fun bugs I exploited so far, had to get creative and lose my mind re….
0
15
0
RT @Sonar_Research: Moodle’s domino effect (1/2): Unauthenticated XSS to RCE via arbitrary folder creation (CVE-2023-30943). Learn more abo….
0
41
0