Challenge your security before attackers do! Continuously and with persistence! persistent-security.net/use-…
Joined January 2023
- Tweets 34
- Following 17
- Followers 122
- Likes 26
3 Photos and videos
Pinned Tweet
We scanned thousands of hosts for CVE-2026-48710 and found something important: being behind a reverse proxy, CDN, or Cloudflare is not always enough protection. In some setups, X-Forwarded-Host can still be used as a bypass. (1/2)
1
3
1,099
We scanned thousands of hosts for CVE-2026-48710 and found something important: being behind a reverse proxy, CDN, or Cloudflare is not always enough protection. In some setups, X-Forwarded-Host can still be used as a bypass. (1/2)
1
3
1,099
If backend middleware trusts X-Forwarded-Host and updates the ASGI scope, the malicious value can still reach ASGI and Starlette. We’ve updated the badhost.org scanner to test this automatically. Re-check your hosts! #badhost (2/2)
1
120
Nemesis Breach and Attack Simulation retweeted
13 Aug 2025
Full details of CVE-2025-53773 (RCE via Copilot in VSCode, Visual Studio, and other IDEs..) thanks to @gitlab and in particular @joernchen for the collaboration.
🚨 New RCE in Visual Studio & Copilot (CVE-2025-53773)!
0-Click command execution via prompt injection in READMEs/code comments. AI can alter settings & execute commands, risking CI/CD pipelines.
Patch now!
Full details: persistent-security.net/post…
2
7
18
2,987
🚨 New RCE in Visual Studio & Copilot (CVE-2025-53773)!
0-Click command execution via prompt injection in READMEs/code comments. AI can alter settings & execute commands, risking CI/CD pipelines.
Patch now!
Full details: persistent-security.net/post…
7
16
3,931
Here's Claude Desktop using the Nemesis MCP servers to set up a test scenario from a malware sample analysis, fully automated!
If you're a researcher and have cool ideas and applications for AI automation with Nemesis, sign up to the wait list here: forms.gle/TPz9KwpTzDRnX4dZ8
1
2
7
494
Nemesis Breach and Attack Simulation retweeted
7 Apr 2025
We've released the first breach and attack simulation MCP - Nemesis MCP server integration is here: linkedin.com/pulse/nemesis-a…
1
4
294
434c53388db2cc62e6f2070f77e69f174a78abf65c058b22c1fb2fcaedeb2d62
1
84
Nemesis Breach and Attack Simulation retweeted
25 Oct 2024
🙏 The eSIM/eUICC Security Training at @hardwear_io was also a lot of fun for me to hold. I'm happy to have had such a knowledgeable group with a great dynamic!
23 Oct 2024
2
9
1,422
Proud to announce that PSI has secured a $1M investment from Georg Wicherski, ex-CrowdStrike.
This means we’re doubling down on combining DORA compliance with Breach and Attack Simulation, growing our team, and wave of new features.
Grateful for the belief in our team!
2
7
267
Digital Operational Resilience Act Series: Regulator Reactions and Information so far.
persistent-security.net/post…
#DORA
1
2
68
Nemesis Breach and Attack Simulation retweeted
2 Jul 2024
📢 Attention all security engineers, researchers and developers!
Let's uncover the secrets of eSIM along with @marver at #hw_ioNL2024; learn about secure deployment practices, potential attack surfaces, and much more!
Link: hardwear.io/netherlands-2024…
#esim #euicc #securityexperts
6
13
1,376
A remote code execution vulnerability has been identified in Windows systems that can compromise devices via WiFi. Ensure your safety and learn how to protect yourself: persistent-security.net/post…
CVE-2024-30078
4
8
929
Nemesis Breach and Attack Simulation retweeted
15 Jun 2024
CVE-2024-30078 Kunlun Lab 👀🔥 msrc.microsoft.com/update-gu…
6
29
10,012
How our team found a bypass for phishing proof @okta MFA and how it was handled:
persistent-security.net/post…
1
5
12
608
Nemesis Breach and Attack Simulation retweeted
7 May 2024
Read about how our @Giutro and Nikos from @Persistent_Psi bypassed @okta Verify "phishing-resistant" features.
persistent-security.net/post…
All your sessions are belong to us 🎣
28
60
11,483
Mike Cartoscelli joins the PSI team as our new COO! Having 29 years of experience in technology, he will focus on bringing our Breach and Attack Simulation (BAS) product Nemesis to a wider market and focus on how Nemesis can assure compliance to the DORA regulatory framework.
4
4
563
Hope to see you at @nullcon 2024. The PSI team is looking forward!
Raise your hand ✋ if you believe in practical learning rather than theory!
We've got you covered with our #NullconBerlin2024 7 hands-on, in-person Training sessions.
Training Objectives: nullcon.net/berlin-2024/trai…
#infosectraining #ethicalhacking #cybersecurity
2
118
Learn from the best or get phished like the rest, attend the training at @nullcon Berlin 2023 by our expert @Giutro: nullcon.net/berlin-2024/trai…
2
6
526
Nemesis Breach and Attack Simulation retweeted
6 Dec 2023
Want to know how to audit large software projects effectively? Eric Sesterhenn and myself will teach what you need to know @nullcon: nullcon.net/berlin-2024/trai…
4
8
790
Nemesis Breach and Attack Simulation retweeted
18 Oct 2023
Embedded Threats: A Deep Dive Into The ESIM World
- Markus Vervier
youtu.be/Ka70323Y6aQ
#hacklu @hack_lu
11
19
2,775