Matheus Vrech @vrechson X Profile

Matheus Vrech

@vrechson

Followers

753

Following

1K

Media

19

Statuses

372

Computer Engineering UFSCar '16, bug hunter and ELT CTF player // @duph0use

Joined February 2019

Don't wanna be here? Send us removal request.

Matheus Vrech

@vrechson

6 years

Found a full-blown CSP bypass on the current version of Firefox (69). Not working on the beta version. PoC: lt;object data="javascript:alert(1)"></object>. #bugbounty.

3

42

98

Matheus Vrech

@vrechson

4 months

RT @TransluceAI: We tested a pre-release version of o3 and found that it frequently fabricates actions it never took, and then elaborately….

0

1K

0

Matheus Vrech

@vrechson

4 months

RT @eltctfbr: Brazil made history last weekend, and of course, ELT was a part of it!. Thanks @GaneshICMC , @boitatech , @gris_ufrj and #haw….

0

8

0

Matheus Vrech

@vrechson

6 months

RT @caioluders: #genuary7 #genuary2025 Use software that is not intended to create art or images. Bad apple but it….

0

6

0

Matheus Vrech

@vrechson

6 months

RT @lbherrera_: Seeing in PortSwigger's top 10 made me remember a trick I found a few years ago, where if a button….

0

13

0

Matheus Vrech

@vrechson

9 months

RT @RedTeamVillage_: We're thrilled to share that we'll be joining @h2hconference this December in Brazil, and we want YOU to be a part of….

0

32

0

Matheus Vrech

@vrechson

11 months

Hope to find a growing infosec community in blue sky, I would honestly be happier if I could move to another social network forever.

0

Matheus Vrech

@vrechson

1 year

RT @lbherrera_: Seeing that Pwn2Win isn't happening this year, here's an unreleased beginner-level XSS challenge I created for it (shouldn'….

0

13

0

Matheus Vrech

@vrechson

1 year

RT @r3tr074: The @phrack #71 is finally out!!.How an image decoding bug can be turned into a full RCE? Easy, by abusing PartitionAlloc's in….

0

25

0

Matheus Vrech

@vrechson

1 year

defcon change places but the village lines remains the same.

0

1

Matheus Vrech

@vrechson

1 year

Found @Jhaddix in the bug bounty village and got this nice badge #defcon32

0

1

16

Matheus Vrech

@vrechson

1 year

RT @intigriti: If you're at #defcon make sure to come and say hi 😎 😎.

0

1

0

Matheus Vrech

@vrechson

1 year

Just cracked @intigriti challenge to get some awesome swag at their defcon stand

1

42

Matheus Vrech

@vrechson

1 year

RT @garethheyes: Everyone knows that the RFCs for email addresses are crazy. This post will show without doubt that you should not be follo….

portswigger.net

Some websites parse email addresses to extract the domain and infer which organisation the owner belongs to. This pattern makes email-address parser discrepancies critical. Predicting which domain an

0

155

0

Matheus Vrech

@vrechson

1 year

RT @bsysop: Servers with top-notch security measures like authentication, authorization, and ZeroTrust can still fall prey to HTTP Smugglin….

bugcrowd.com

We later discovered we had a powerful exploit affecting thousands of Google Cloud-hosted websites that were using their Load Balancer.

0

38

0

Matheus Vrech

@vrechson

1 year

RT @r3tr074: Excited to read about browsers??? 👻.

0

4

0

Matheus Vrech

@vrechson

1 year

RT @phrack: o/ We are excited to announce that we are bringing some professionally printed copies of Phrack 71 to give out at @defcon! We w….

0

133

0

Matheus Vrech

@vrechson

1 year

RT @LeviKaique:

0

2K

0

Matheus Vrech

@vrechson

1 year

7

87

1K

Matheus Vrech

@vrechson

1 year

this is simply the best community in the internet.

celeste

@vmfunc

1 year

LADIES AND GENTLEMAN.WE GOT IT BACK.

0

4

Matheus Vrech

@vrechson

1 year

if the github team ends up not adding a background feature after this, I will be really upset.

0

3

9