human, chaotic good | master-of-none expert | security researcher @ Shielder
Joined May 2018
- Tweets 97
- Following 886
- Followers 315
- Likes 101
9 Photos and videos
Pit retweeted
16 Jan 2025
🚨 New Open Source Audit Alert! 🚨
Shielder, with @OSTIFofficial & @CloudNativeFdn, audited @karmada_io:
🔍 6 issues found (1 high, 1 medium, 2 low, 2 info)
✔️ Most fixed, others planned.
🗣️ to @suidpit and @Th3Zer0
Full details in the blog post!
shielder.com/blog/2025/01/ka…
6
18
2,493
Cheers -- here in beautiful Bali 🏖️ for #theSAS2024 conference! If you happen to be here, please reach out and let's have a chat 🍻
2
8
566
sudo iptables -A ESCALATION -s shielder -j ACCEPT
20 Sep 2024
For the weekend, we gift you with not one, but TWO ways to escalate `sudo iptables` ( a couple other boring preconditions) into a r00t shell - read how @smaury92 and @suidpit managed to climb your friendly neighborhood 🔥wall!
shielder.com/blog/2024/09/a-…
4
380
lua interpreters something something fakeobj addrof something something wasm something
deda.lol/posts/2024-09-12-es…
3
8
746
Pit retweeted
28 Aug 2024
🍎 With many #macOS security mechanisms at work, one might wonder how malware manages to bypass them. Get ready for a deep dive into macOS security architecture and novel evasion techniques during Pietro Tirenna's (@suidpit) talk at #TheSAS2024.
🚀 Secure your seat: kas.pr/6pyu
7
19
3,395
Pit retweeted
28 Aug 2024
During a recent engagement @Mindlaess_ hacked his way through @vtigercrm which led to discover a privilege escalation and a SQL injection.
Learn more in the dedicated advisories:
- CVE-2024-42994 #sqli shielder.com/advisories/vtig…
- CVE-2024-42995 #privesc shielder.com/advisories/vtig…
9
18
2,168
dojo-yeswehack.com/challenge…
not all strings are made equal
181
Pit retweeted
22 May 2024
Back in December 2023 our researchers @Th3Zer0 @suidpit and @Mindlaess_ performed an audit sponsored by @awscloud and facilitated by @OSTIFofficial on boost.
It resulted in 7 findings and 15 new fuzzers.
The report is now public, check the details here: shielder.com/blog/2024/05/bo…
13
17
1,211
Pit retweeted
18 Apr 2024
Exciting news! We've just released a new blog post on mobile app security, where @suidpit and @Th3Zer0 used their intent-fu to discover vulnerabilities (CVE-2024-26131, CVE-2024-26132) in @element_hq, a @matrixdotorg client for Android. #writeup #CVE
shielder.com/blog/2024/04/el…
2
10
32
2,799
Pit retweeted
29 Mar 2024
We recently partnered with @OSTIFofficial to perform a security audit sponsored by @awscloud on @brefphp. The audit resulted in 5 findings promptly addresses by @matthieunapoli.
The report is now public, check the details here: shielder.com/blog/2024/03/br…
12
23
5,213
Pit retweeted
15 Mar 2024
And that's a wrap! Exceptional reports from exceptional #hackers 🥳
More content from @nullcon and #bugbountytips coming up ⏭️.
Cheers to the amazing exploits 🎉 and to many more like these events to come.
#HackWithIntigriti @Nestle
1
4
13
3,357
Pit retweeted
14 Mar 2024
Hey hackers - attending @nullcon? Pop to say hi and talk about AppSec and VR!
You can find @smaury92 @Th3Zer0 @suidpit @not4nhacker around 🖖🏿
2
13
702
Pit retweeted
14 Feb 2024
We're announcing our second flagship "Hunting Zero-Days in Embedded Devices" training this year at @cybersaiyanIT, in Rome, 24-27th September!!
4 days of PWNING 💻
romhack.io/training/2024/hun…
Contact us for limited offer discount codes, only 4 u, as our Valentine's gift ❤️❤️❤️
4
13
50
7,879
Pit retweeted
19 Feb 2024
OMG, our "Cookie Crumbles" paper got into the Top-10 Web Hacking Techniques of 2023 by @PortSwiggerRes! Have a look at the paper if you haven't yet usenix.org/conference/usenix… and check the other outstanding finalists!
Thank you ❤️
19 Feb 2024
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2023! portswigger.net/research/top…
1
9
59
6,332
Pit retweeted
Hip, hip, hooray! It's been 10 years of AppSec Ezine! Big shoutout to all who have been supportive along the journey and to the security community that made this project possible. Cheers 🥂
520th Edition: pathonproject.com/zb/?6ba350…
Repo: github.com/Simpsonpt/AppSecE…
#AppSec #Security
5
28
75
7,495
Pit retweeted
30 Jan 2024
Ever wondered how to binary diff router firmwares to write n-day exploits? Learn how @Th3Zer0 and @suidpit combined unblob, binexport, ghidra, Qiling, and an Asus router to write an exploit for CVE-2023-39238. The outcome was unexpected ... 1/7 shielder.com/blog/2024/01/hu…
1
15
57
4,024
Pit retweeted
22 Dec 2023
🎉 Cheers hackers! 🎊
As we bid farewell to 2023, let's celebrate together!
🎁 Like, follow, and retweet for a chance to WIN a €30 coupon for swag.shielder.com!
🏆 3 winners will be selected by EOY!
#giveaways #swag
3
17
27
4,115
Pit retweeted
17 Dec 2023
Medusa 2.0.0 is here! Now with iOS support, 🍎 Mango reports on static evasion tactics. Plus, tons of module enhancements. Full list below:
github.com/Ch0pin/medusa/rel…
16
48
4,740