@_CryptoCat profile picture
CryptoCat @_CryptoCat
Joined May 2016
  • Tweets 8,068
  • Following 228
  • Followers 8,787
1,060 Photos and videos
Pinned Tweet
CryptoCat@_CryptoCat
6 Aug 2023
Want to become an ethical hacker? 🥷 Here's a list of my favourite [mostly practical] resources 📚 They are all free (or have a free option) and there's more high quality material here than anybody realistically has the time to complete ⏳
Ethical hacking resources

ALT Ethical hacking resources

28
328
1,267
130,565
CryptoCat retweeted
vx-underground
@vxunderground
21h
Literally the worst cable management I've ever seen in my life
96
344
4,362
93,861
CryptoCat retweeted
watchTowr
@watchtowrcyber
Jun 12
Happy Friday! We're back with our analysis of Check Point's friendly CVE-2026-50751, an Authentication Bypass in their.. security-boundary-enforced-by-authentication SSL VPN products... Enjoy! labs.watchtowr.com/marking-y…

Marking Your Own Homework (Check Point Remote Access VPN IKEv1 Authentication Bypass CVE-2026-50751)

It is yet another day in this parallel universe of security, where the devices we bolt onto the edge of our networks to keep the bad people out are, with remarkable consistency, the exact thing that...

labs.watchtowr.com
1
39
118
27,787
Here's the writeup for CVE-2026-53943, a cache poisoning -> XSS vuln I found in Ghost CMS 👻 cryptocat.me/blog/research/a…

Ghost CMS Unauthenticated Cache-Poisoning XSS to Account Takeover via x-ghost-preview | CVE-2026-...

Root cause analysis of CVE-2026-53943 in Ghost CMS, an unauthenticated cache-poisoning XSS where one anonymous request poisons any caching layer in front of Ghost with attacker-controlled JavaScript...

cryptocat.me
4
26
933
CryptoCat retweeted
skull
@brutecat
Jun 11
Hacking Google with A.I. for $500,000 brutecat.com/r/hacking-googl…

Hacking Google with A.I. for $500,000

What happens when you unleash an AI across all of Google's infrastructure? 1,500 APIs, 3,600 keys, and $500,000 in bounties later, here's what I found.

brutecat.com
59
499
2,452
319,956
It gets tiring sometimes 🥲
1
3
969
1
1
822
CryptoCat retweeted
pilvar (Philippe Dourassov)
@pilvar222
Jun 10
We find high/crits everytime we scan OSS, web applications are "easy" targets for LLMs by now. This one is a simple account takeover leading to unauth RCE on latest version. Went 10 years unnoticed. Public prices for 0day brokers: $50k, costed us $800 aikido.dev/blog/phpbb-authen…

Critical phpBB Vulnerability: Auth Bypass RCE Since 2014

Aikido Security discovered a critical unauthenticated authentication bypass in phpBB affecting tens of millions of users. A single HTTP request is all it takes to take over any account — a vulnerab...

aikido.dev
2
11
69
3,635
CryptoCat retweeted
chompie
@chompie1337
Jun 9
Notably, those approved by the current Cyber Verification Program aren’t included in this group. Bummer, I have some cool experiments to test it 😔
Claude
@claudeai
Jun 9
Replying to @claudeai
For a small group of cyber defenders and critical infrastructure providers, we are also launching Claude Mythos 5. Mythos 5 shares the same underlying model as Fable 5, but with the safeguards lifted in some areas.
10
14
192
24,920
Measuring LLMs impact on N-day exploits - @AnthropicAI red.anthropic.com/2026/n-day…
Measuring LLMs impact on N-day exploits

ALT Measuring LLMs impact on N-day exploits

1
8
602
CryptoCat retweeted
Metasploit Project
@metasploit
Jun 8
In the latest Hacktics and Telemetry's Mitigation Minute, @_CryptoCat dives into his recent zero-day Gogs exploit and Metasploit module as he discusses what to do when there is no patch youtube.com/watch?v=EPioibHR…

Hacktics and Telemetry E7: AI Governance Gaps, $500M Fines, and...

Welcome to episode 7 of Hacktics and Telemetry, a Rapid7 produced p...

youtube.com
1
2
10
3,103
An SQLi I found in Photo Gallery by 10Web was disclosed this week! cryptocat.me/blog/research/a…

Photo Gallery by 10Web Compact Album Second-Order Blind SQL Injection | CVE-2026-9829 | CryptoCat's...

Root cause analysis of CVE-2026-9829 in Photo Gallery by 10Web, where compact album shortcode sort direction was stored then later reached an album ORDER BY clause and allowed Contributor time-based...

cryptocat.me
1
2
24
1,024
CryptoCat retweeted
Zhenpeng (Leo) Lin
@Markak_
Jun 4
We helped FFmpeg find and fix 21 security vulnerabilities. In a 1.5M-line codebase, we spent just $1K in API costs. Some of these bugs had been hiding for decades. We also developed a PoC demonstrating an RCE primitive when FFmpeg processes RTSP streams. Full write-up: depthfirst.com/research/21-z…

21 Zero-Days in FFmpeg | depthfirst

depthfirst's production autonomous security agent discovered 21 zero-day vulnerabilities in FFmpeg, after intensive security analysis by Google and Anthropic. Moving beyond theoretical analysis, our...

depthfirst.com
5
67
373
338,363
Not even Google is safe from RCEs, and we brought @brutecat on the pod to talk about his hacking journey on Google! youtu.be/ZpEeWsqPy6g

2x Google RCE with VRP Legend Brutecat (Ep. 177)

Episode 177: In this episode of Critical Thinking - Bug Bounty Podc...

youtube.com
1
12
95
10,217
Writeup coming 🔜 github.com/TryGhost/Ghost/se…

Cache-poisoning XSS in Ghost frontend via x-ghost-preview header

### Impact When Ghost is behind a shared caching layer that results in cached content being shared between different visitors (e.g., Fastly, Cloudflare, nginx proxy_cache, and others), an unauth...

github.com
5
46
2,004
New video about the argument injection bug I found in Gogs! youtu.be/wt6l_5VB91A

Rebase Before Merging? More Like RCE Before Merging (CVE-2026-52806)

I found an unpatched RCE via argument injection in Gogs. Any authen...

youtube.com
2
12
1,102
CryptoCat retweeted
Stephen Fewer@stephenfewer
May 29
New @rapid7 observed exploitation of PAN-OS GlobalProtect auth bypass vulnerability CVE-2026-0257 which allows authentication bypass cookies to be forged for VPN access. Full details, technical analysis, PoC , IOCs and remediation guidance in the blog: rapid7.com/blog/post/etr-rap…

Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-202...

Rapid7 MDR has observed active exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability CVE-2026-0257.

rapid7.com
1
25
94
10,128
CryptoCat retweeted
starlabs@starlabs_sg
May 29
4 RCE chains across 4 LiteLLM versions, each patched within days of working. What started as #Pwn2Own Berlin prep turned into a race against the vendor’s commit log. starlabs.sg/blog/2026/05-rac… By @bestswngs & @bruce30262

Race Against The Patch: The Evolution of Four Exploit Chains in LiteLLM

How we developed four complete full-chain exploits across four LiteLLM versions in a race against a target that kept getting patched under our feet, in preparation for Pwn2Own Berlin 2026.

starlabs.sg
1
26
132
15,165
Let's go! 🔥
offensivecon
@offensive_con
May 29
Offensivecon's talks are now available on our YouTube channel! 🔗 buff.ly/g63xgm5
4
362
CryptoCat retweeted
Matt Johansen
@mattjay
May 28
This is required reading today. @caseyjohnellis didn't even write this today about MSRC - but it nails it. Full disclosure IS the agreed upon path forward to keep a vendor in check who stonewalls, threatens, or otherwise is shit to work with for security researchers.
7
61
209
13,968
Found an unpatched RCE in Gogs 👀 Any authenticated user can get code execution on the server through argument injection into git rebase. Full @rapid7 writeup @metasploit module available now! 🔗rapid7.com/blog/post/ve-auth…
RCE via argument injection in Gogs

ALT RCE via argument injection in Gogs

1
32
171
15,366
Load more