@airrera profile picture
Aníbal Irrera @airrera

Security Researcher at @Immunityinc @AppgateSecurity

Joined December 2009
  • Tweets 377
  • Following 850
  • Followers 280
3 Photos and videos
Pinned Tweet
Aníbal Irrera@airrera
17 Feb 2021
I wrote a blogpost about Misconfigurations in Java XML parsers that can lead to security vulnerabilities.😀 #xxe #ssrf #infosec #pentesting Check out here:
Immunity Inc.@Immunityinc
17 Feb 2021
Check out Immunity's blog post: Misconfigurations in Java XML Parsers by Anibal Irrera immunityservices.blogspot.co…
1
3
13
Aníbal Irrera retweeted
XBOW
@Xbow
14 Nov 2024
XBOW autonomously discovered CVE-2024-50334, a critical authentication bypass in Scoold, an open-source Q&A webapp used by major companies like Cisco and IBM. Our latest blog post details how it found the flaw: xbow.com/blog/xbow-scoold-vu…

XBOW - How XBOW found a Scoold authentication bypass

As we shift our focus from benchmarks to real world applications, we will be sharing some of the most interesting vulnerabilities XBOW has found in real-world, open-source targets. The first of these...

xbow.com
3
42
146
61,266
Aníbal Irrera retweeted
Niemand@niemand_sec
15 Jul 2024
This is an experiment we did with all the benchmarks, removing descriptions showed us that XBOW performs just as well as with descriptions. This is one of my favorite examples, it is fully capable of understanding how GraphQL works and exploit an IDOR creating custom queries
XBOW
@Xbow
15 Jul 2024
Real vulnerabilities don’t come with hints—so we asked XBOW to solve this task without giving it even a description of the benchmark. It performed just as well, finding exploiting an GraphQL-based IDOR vulnerability entirely autonomously: bit.ly/3XYPTQJ
1
2
21
3,095
Aníbal Irrera retweeted
Niemand@niemand_sec
25 Apr 2024
Se viene la World Cup de @Hacker0x01 de nuevo🚨🚨 - Queres participar de scopes copados? - Queres ganarte entradas a los LHE? - Queres ser parte de la comunidad? Comenta este tweet o manda DM. Tambien podes unirte a h1.community/argentina-hacke… Se agradecen los retweet 🙏
3
7
31
6,158
Aníbal Irrera retweeted
LeFF@LautaroFain
5 Apr 2024
Latest Anvil blogpost on how @Alex91dotar and I found two new CVEs in GOG Galaxy 2.0 is right out of the oven! I can stress enough how much I enjoy merging my passion for gaming with my passion for security! Give it a read and tell us what you think! anvilsecure.com/blog/galacti…

Galactical Bug Hunting: How we discovered new issues in CD Projekt Red's Gaming Platform - Anvil...

The main purpose behind starting this research project was to get further understanding on how to review and exploit both Windows Applications and Environments…

anvilsecure.com
3
5
25
2,091
Aníbal Irrera retweeted
Niemand@niemand_sec
17 Feb 2023
Gente se viene la World Cup de nuevo! Con premios que todavia no puedo contar pero que estan 🔥🔥 Tenes ganas de participar y conocer mas gente de la comunidad? Comenta asi te agrego al discord de @Hacker0x01. Mas info pronto, stay tuned! #BugBounty Se agradecen los retweet 🙏
HackerOne
@Hacker0x01
17 Feb 2023
The #AmbassadorWorldCup is back! 🙌 March marks the beginning of 9 months of epic competition. Are you up for the challenge? Ambassadors all over the world are recruiting teams now. Contact your regional leader to join in. More details coming soon. 👀 bit.ly/3lMs6lO
2
5
18
4,136
Aníbal Irrera retweeted
Andrés Blanco@6e726d
13 Oct 2022
¿Queres aprender sobre hardware hacking? ¿Tu empresa o productos utiliza hardware de terceros y no sabes cómo auditarlos? ¿Tenes dispositivos IoT en tu red y queres hacer un pentest? Anótate en mi training de la @ekoparty y aprende de forma práctica. ekoparty.org/en_US/eko2022/t…
14
25
Aníbal Irrera retweeted
James Forshaw@tiraniddo
8 Sep 2022
Just opened 8 bugs I found in Windows Credential Guard. Ranged from arbitrary code exec in VSM to Kerberos key disclosure attacks. Probably my favorite was abusing the NTLMv1 API to leak an AES128 key which is what I was cracking in the quoted tweet😁 bugs.chromium.org/p/project-…

James Forshaw@tiraniddo
11 Jun 2022
I must say, crack.sh is pretty impressive. 45 seconds for a NTLMv1 hash :) Of course if anyone can tell me what the password was I'd appreciate it, seems I've forgotten😂
Results of a crack.sh job for a NTLMv1 hash.

ALT Results of a crack.sh job for a NTLMv1 hash.

6
103
352
Aníbal Irrera retweeted
LeFF@LautaroFain
12 Jul 2022
Querés aprender sobre sistemas embebidos para arrancar un research o aplicarlo a tu laburo? Confía tranquilo que @6e726d te puede dar todas esa sabiduría en este curso de la Eko! Puro 🔥, no te vas a arrepentir!
Ekoparty | Hacking everything
@ekoparty
12 Jul 2022
Replying to @ekoparty
EKOPARTY TRAININGS 2022 ⚡¡Formate con los mejores referentes de la industria! 📌INTRODUCCIÓN PRÁCTICA A LA AUDITORÍA DE SISTEMAS EMBEBIDOS by Andrés Blanco (@6e726d) info en: ekoparty.org/r/raM Reservá tu lugar➡️ ekoparty.org/r/64N
1
3
Aníbal Irrera retweeted
Orange Tsai 🍊
@orange_8361
26 Apr 2022
Unsafe .Net Deserialization in Windows Event Viewer! This is a by-product of my research. Has confirmed with MSRC that this didn't cross any security boundary, but I guess it could still be another fun #LOLbas or Defender Bypass.😆
0:45
18
530
1,598
Aníbal Irrera retweeted
Alvaro Muñoz@pwntester
31 Mar 2022
#Spring4Shell details are now public, It is an old ClassLoader Manipulation. Actually, CVE-2022-22965 is just a bypass of the 12 years old CVE-2010-1622 (exchange.xforce.ibmcloud.com…)

5
81
206
Aníbal Irrera retweeted
Security Jam@securityjam
21 Mar 2022
Dejamos la slides de las charlas que se dieron en @securityjam @airrera - Analizando XXE @MrNox_ - How not to win Pwn20wn @pastaCLS - Gif2png Memory Corruption @SecSignal - Escalating Firmware Vulnerabilities 🔗Link: drive.protonmail.com/urls/XV… #securityjam

ALT That'S The Best Presentation I'Ve Ever Seen GIF
6
12
Muchas gracias a la organización de la @securityjam y en especial a @intthree por el regalo para los speakers! Gracias Albert! Hermoso! 😊
1
1
13
Aníbal Irrera retweeted
Security Jam@securityjam
18 Mar 2022
Replying to @airrera
@airrera en la jam hablando de XXE ! #securityjam @Immunityinc
1
2
Aníbal Irrera retweeted
Security Jam@securityjam
16 Mar 2022
🚨Cerramos el Line-Up de JAM 🚨 ⚡️T-R-E-M-E-N-D-O⚡️ ⚠️SOLD OUT⚠️ Speakers🗣️ @airrera @MrNox_ @pastaCLS @SecSignal ArtistX🎤 @luvitorres Streaming Twitch📽️ @Age_Of_Entropy Sponsors🦾 @pucara @faradaysec @Immunityinc @hackmetrix
2
18
27
Aníbal Irrera retweeted
Security Jam@securityjam
10 Mar 2022
Gracias @Immunityinc por ser parte historica y por apoyar nuevamente a la JAM . 🙏
2
9
Aníbal Irrera retweeted
Security Jam@securityjam
3 Mar 2022
📢Abrimos los CFP 💌 👋Veni y contanos que estas haciendo. Como intentas innovar o como fallaste intentando. Como buscaste un bug o simplemente algún tema que interese dar. Mientras este levemente relacionado con la seguridad informática ,todo vale.
9
9
Aníbal Irrera retweeted
Security Jam@securityjam
3 Mar 2022
🚨🚨🚨18 de Marzo , 18.30HS🚨🚨🚨 🤖Security Jam 2022 - Edición Marzo 👾 Mini-charlas levemente relacionadas con seguridad. De gente 🧠y con much@ ❤️‍🔥 para dar. 🙏No te olvides de tu entrada para la para las consumiciónes, se acaban rápido. 👇 eventbrite.com.ar/e/security…
https://www.eventbrite.com.ar/e/security-jam-edicion-2022-marzo-tickets-289732145647

ALT https://www.eventbrite.com.ar/e/security-jam-edicion-2022-marzo-tickets-289732145647
20
33
Congrats Hamid!!!
Hamid Kashfi
@hkashfi
28 Feb 2022
Time to resume working. Today is my first day at @trailofbits
1
1
Aníbal Irrera retweeted
Immunity Inc.@Immunityinc
28 Feb 2022
We're hiring!
11
23
Aníbal Irrera retweeted
Nico Waisman
@nicowaisman
21 Feb 2022
Hola 🇦🇷! Estoy volviendo a visitar la 3er semana de marzo. Voy a tener algunos dias libres, y me encantaria juntarme con gente que este ideando productos para seguridad. Si alguno esta interesado, mis DM estan abiertos.
4
17
Load more