Photos and videos
Pinned Tweet
1 Oct 2024
Published my write-up regarding two vulnerabilities in the Tekton Dashboard.
blog.flomb.net/posts/tekton/
21
64
10,192
Sometimes a stupid idea get stuck in your head. And will not disappear after a while.
Anyway, here is a new blogpost, just a little hoax this time.
badoption.eu/blog/2026/02/28…
1
3
11
762
incredibly excited to share that my research 'Playing with HTTP/2 CONNECT' made the final @PortSwigger Top 10 Web Hacking Techniques of 2025!
A huge thank you to everyone who voted. It’s a privilege to be featured alongside such talented researchers.
portswigger.net/research/top…
1
17
3,017
flomb - @fl0mb.bsky.social retweeted
Feb 2
👼GatewayToHeaven (CVE-2025-13292).
I discovered a cross-tenant vulnerability in @GoogleCloud's #Apigee, allowing me to access other organizations' data (and sometimes even plaintext JWTs of end users).
Below is the full breakdown of the exploit chain⛓️
ALT Technical architecture diagram titled 'GatewayToHeaven' showing a 5-step exploitation chain in Google Cloud Apigee. It illustrates an attacker pivoting from an isolated tenant project through an SSRF, poisoning Dataflow dependencies, and exfiltrating tokens via GCP APIs to access cross-tenant metadata and logs.
ALT A redacted screenshot of JSON log data serving as proof of exploit. The image highlights captured sensitive fields including a 'client_ip' and a cross-tenant 'access_token' (JWT), demonstrating successful unauthorized data access.
12
110
560
63,956
flomb - @fl0mb.bsky.social retweeted
Jan 23
You like technical deep dives into binary exploitation and crazy heap wizardry? Then you'll like our blog post by @0xor_solo about unauth'ed RCE in NetSupport Manager aka CVE-2025-34164 & CVE-2025-34165 code-white.com/blog/2026-01-…
52
139
18,276
Honored to be nominated for the @PortSwigger Top 10 Web Hacking Techniques 2025 with my research "Playing with HTTP/2 CONNECT".
Make sure to check out the full list and cast your vote!
portswigger.net/polls/top-10…
1
4
152
flomb - @fl0mb.bsky.social retweeted
5 Dec 2025
Our 2024 applicants challenge is officially #roasted: the full BeanBeat × Maultaschenfabrikle walkthrough is now online. Unwrap the write-up at apply-if-you-can.com/walkthr… and revisit the hacks that escalated from cold brew to full breach.
12
34
2,713
flomb - @fl0mb.bsky.social retweeted
29 Oct 2025
Latest ≠ Greatest? A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS from our very own @mwulftange who loves converting n-days to 0-days code-white.com/blog/wsus-cve…
1
52
98
15,355
Did you encounter the Supabase? Might wanna try my newest tooling or have a read about quickwins? There you go:
blog.m1tz.com/posts/2025/10/…
4
7
480
15 Sep 2025
3
6
176
flomb - @fl0mb.bsky.social retweeted
15 Sep 2025
CODE WHITE proudly presents #ULMageddon which is our newest applicants challenge at apply-if-you-can.com/ packaged as a metal festival. Have fun 🤘 and #applyIfYouCan
2
14
33
4,968
flomb - @fl0mb.bsky.social retweeted
8 Aug 2025
Just out of stealth mode last week, @TeamCyata reports on their "deliberate, weeks-long effort [...] to uncover logic-level vulnerabilities" in HashiCorp Vault and CyberArk Conjur. And uncover they did.
cyata.ai/blog/cracking-the-v…
cyata.ai/blog/exploiting-a-f…
7 Aug 2025
Vaults are trusted by default.
We found 14 zero-days that challenge that trust.
RCEs. Auth bypass. Root token theft.
🔎Read the disclosure: cyata.ai
🎙️ See us at #BlackHat2025 Booth 6316
#VaultFault #Cybersecurity #ZeroDay #CISO #HashiCorpVault #CyberArk #Infosec
1
5
9
1,665
New writeup:
Early last month, @samwcyo, @sshell_, and I found a Django ORM injection in an online shooter game that let us steal cryptocurrency from the game's wallet.
Read the blog post here:
blog.p1.gs/writeup/2025/07/0…
36
77
267
19,964
flomb - @fl0mb.bsky.social retweeted
17 Jul 2025
Here is a really cool blog post by wasamasa whos is a past student of our FSWA class: emacsninja.com/posts/cve-202…. You can find them on Mastodon: lonely.town/@wasamasa/
9
25
5,925
flomb - @fl0mb.bsky.social retweeted
19 Jun 2025
"Funky chunks: abusing ambiguous chunk line terminators for request smuggling" - quality research by @__w4ke! Also thankfully it doesn't overlap with my upcoming presentation 😅
w4ke.info/2025/06/18/funky-c…
1
45
203
14,007
A quick-and-dirty late night blog post on discovering an nday variant in Zyxel NWA50AX Pro devices
frycos.github.io/vulns4free/…
2
22
55
8,278
flomb - @fl0mb.bsky.social retweeted
18 Jun 2025
Three unexpected attack scenarios:
1. Marshaling private data with misconfigured tags
2. Parser differentials in a microservices architecture
3. Cross-format confusion attacks (JSON→XML)
blog.trailofbits.com/2025/06…
2
35
134
21,246
flomb - @fl0mb.bsky.social retweeted
11 May 2025
One-Click RCE in ASUS’s Preinstalled Driver Software
mrbruh.com/asusdriverhub/
2
19
82
21,685
Here is a short writeup for my recently discovered CVE: hesec.de/posts/cve-2025-4666…
1
2
15
429
flomb - @fl0mb.bsky.social retweeted
13 May 2025
Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti code-white.com/blog/ivanti-d…
49
106
16,373
My blog post on some vulns in GFI MailEssentials
frycos.github.io/vulns4free/…
1
35
84
8,468