makelaris @makelariss
Building worlds where hackers play. 🏴 Head of CTFs @hackthebox_eu | Global cyber competitions + enterprise training | he/him Thessaloniki, Greece Joined July 2016-
Tweets5K
-
Followers1K
-
Following3K
-
Likes5K
Spent a week testing AI for vulnerability research. 14 confirmed bugs in 20 min on one target. 5% hit rate on a hardened one. Same AI, same setup. 4 approaches, what worked, what failed, why target selection matters more than model sophistication. xclow3n.github.io/post/7
I am releasing a new toolkit I built for IIS-based lateral movement and code execution within IIS worker pool process's memory. Phantom ASPX Loader & PhantomLink -- a two-part toolkit for reflectively loading native DLLs into IIS w3wp.exe worker processes via ASPX. github.com/zux0x3a/Phanto…
Discovered 3 HTTP request smuggling vulnerabilities and 1 cache poisoning vulnerability in Cloudflare’s Pingora reverse proxy, all exploitable under the default configuration. These issues resulted in 2 Critical CVEs and 1 High-severity CVE. xclow3n.github.io/post/6
🚨Ethereum Developers: you can now install your first AI Auditor in 1 minute - fully autonomous, available 24/7, with multiple sub-agent helpers. Open Source. FREE to use (with your AI model) and already finding vulnerabilities in smart contracts. Link below🫡
New blog: Hooked on Linux — Rootkit Taxonomy, Hooking Techniques and Tradecraft Part 1 of our Linux rootkit series exploring kernel & userland rootkits and the hooking techniques they use (syscall/function hooks, ftrace, eBPF, inline patching). 🔗elastic.co/security-labs/…
Turning Almost Nothing into a Supply Chain Compromise of Angular with GitHub Actions Cache Poisoning adnanthekhan.com/posts/angular-… #BugBounty
Recently my RE workflow moved into sandboxed VMs where agents have full control over the environment. I needed an MCP server that runs headless in the same sandbox and exposes way more of the #BinaryNinja API than others. Here's the release: github.com/mrphrazer/bina…
WebSockets are not yet affected by Local Network Access permission in Chrome. Check out this blog post from my colleague @GrumpinouT! aikido.dev/blog/storybook…
A bunch of security issues I reported to better-hub. Disclosing as these should have been fixed now. Thanks for quick fixes @bekacru
Apache FOP + Ghostscript = 💥 Bypassed PostScript escaping using non-breaking spaces (\xa0) to inject commands. Chained with CVE-2025-46646 for Windows RCE. @truffzor Apache won't fix it - just updating the docs 🤷 Full technical details @sigabrt9 offsec.almond.consulting/bypassing-apac…
New write-up! Bypassing egress filtering in BullFrog GitHub Action (using query pipelining feature of DNS over TCP) (link in comment)
We disclosed a critical unauthenticated RCE chain in mcp-atlassian (4M+ downloads). CVE-2026-27826 - SSRF via Atlassian URL headers CVE-2026-27825 - Arbitrary file write → RCE Fixed in 0.17.0. Full breakdown 👇 blog.pluto.security/p/mcpwnfluence…
Second write-up of the day! sudo restriction bypass via Docker Group in BullFrog GitHub Action devansh.bearblog.dev/sudo-bypass/
Why macOS AVs shouldn’t trust PIDs 😄🍏 - new post by @Coiffeur0x90 Intego X9: XPC validation falls back to PID → PID reuse + posix_spawn() shenanigans 😏 ⇒ confused deputy / privileged methods abused 🤡🧨 Lesson: PID ≠ identity. blog.quarkslab.com/intego_lpe_mac…
Just a few days later, there's the next blog post for @AikidoSecurity! Another framework-level vulnerability this time affecting Astro, resulting in SSRF if an unvalidated connection can be made to the webserver. Read the details here: aikido.dev/blog/astro-ful…
Sometimes you spot a sink and know it's vulnerable, but proving it is a challenge. @SLCyberSec's team broke through layers of crypto to reach a pre-auth deserialization sink in OpenText Directory Services. Breaking the encryption was a journey. slcyber.io/research-cente…
Pwning TRUfusion Enterprise again: chaining a pre-auth SSRF (CVE-2025-32355), a default password, and a path traversal (CVE-2025-59793) to gain RCE. #security rcesecurity.com/2026/02/when-a…
HonoJS JWT/JWKS Algorithm Confusion (CVEs pending) devansh.bearblog.dev/honojs/
I was looking a bit onto why OPENROWSET is able to read privileged files (like the root flag on Signed @hackthebox_eu) when using Silver tickets on MSSQL. Turns out you can get SYSTEM access without potatoes by recovering the full token. vuln.dev/silver-ticket-…
John Hammond @_JohnHammond
320K Followers 3K Following Cybersecurity Researcher @HuntressLabs Just Hacking Training @JustHackingHQ w/ @ethicalhacker https://t.co/UtsNJiyiEk && https://t.co/narO3syzIy
chompie @chompie1337
89K Followers 1K Following hacker, exploit developer/weird machine mechanic head of X-Force Offensive Research (XOR) @IBM
Hack The Box @hackthebox_eu
246K Followers 228 Following Cyber Mastery: Community Inspired. Enterprise Trusted.
0xdf @0xdf_
26K Followers 471 Following AI Cybersecurity @ Anthropic Potentially a legit security researcher he/him https://t.co/GCcLVlmdQK https://t.co/uQWVpw4nft 0xdf on discord
Oliver Lyak @ly4k_
9K Followers 267 Following Yet another security researcher 🔦 Github: https://t.co/7WFOFz17KI
Filip Dragovic @filip_dragovic
7K Followers 1K Following My research unless stated otherwise. My opinions are my own and do not represent the views of my employer. Red Team @MDSecLabs
Suraj @PwnFunction
42K Followers 813 Following
h0mbre @h0mbre_
16K Followers 661 Following # Exploit Reliability Engineer # Developing a full-system snapshot fuzzer: https://t.co/mfVXhwoGYD # Avi: https://t.co/3fsQfVprCf
CryptoCat @_CryptoCat
9K Followers 229 Following Security Researcher @rapid7 😈 Hacking Content @ https://t.co/U7jVhNr9sC 💜
Martin Mielke @xct_de
6K Followers 928 Following Director @hackthebox_eu • Red Teaming • Vulnerability Research • Exploit Dev
Faith 🇧🇩🇦�... @farazsth98
5K Followers 302 Following Linux Kernel Hacker | Lead Security Researcher @zellic_io | CTF @SuperGuesser | Prev: Android VR @dfsec_com | Also on mastodon at https://t.co/frOaDhxQur
sqrtrev @sqrtrev
5K Followers 715 Following Captain of @SuperGuesser / DEFCON 29 - 34 Finalist Security Researcher @ENKI_official_X
Kahla @BelkahlaAhmed1
965 Followers 599 Following Product Security Engineer @ Mercari JP - Pentester @ EV Cure53, CTF Player @Zer0pts , Web/Mobile Exploitation N00b + Anime fan| Tunisian 🇹🇳
szymex73 @szymex73
2K Followers 1K Following CTFs & 🎶🎮 | Capturing 🚩 with @justCatTheFish | @[email protected] / @szy.bsky.social
Rajvardhan Agarwal @rajxnull
7K Followers 400 Following Security Engineer @zellic_io | prev: @Apple | Opinions my own
Iori @iori424793
0 Followers 21 Following
Thanasis Tsakiliotis @tsakithan
3 Followers 132 Following
LemonOsas @LemonOsas
0 Followers 26 Following
George Karanikas @GeorgeKara88553
5 Followers 456 Following
krxsh0x @krxsh0x
3 Followers 69 Following
İlteriş Kaan Pehliv... @IlterisPehlivan
0 Followers 4K Following
Dimas Maulana @dimasma__
175 Followers 58 Following Active CTF Player and Member of TCP1P, SKSD, & Project Sekai | Bug Bounty Hunter at PatchStack | Cybersecurity Enthusiast | part time HackTheBox Challmaker
Thomas @c0w5lip
30 Followers 110 Following 19. Interested in Vulnerability Research & Embedded Security.
Vaisov Bek @vaisovbek
815 Followers 7K Following Security Researcher aka Bug Bounty Hunter | CTF Player
Yusuf M. Husayn @0xwaterblade
37 Followers 957 Following Cybersecurity Engineer | Red Teaming | Bug Hunter
ilbe753 @ilbe753
2 Followers 53 Following
duskxy @duskxy
36 Followers 1K Following
nect @nectxp
0 Followers 9 Following
main main @mainmain684082
0 Followers 118 Following
xclow3n @xclow3n169390
0 Followers 58 Following
Nikos Maroulis @nikos_maroulis
413 Followers 861 Following Potions Master: AI Agents & Cyber Hexes 🐍 | Elixir is the only true magic | I can teach you to bottle fame, brew glory...
Chris Isaias @_call_gate
146 Followers 3K Following Penetration Testing & Reverse Engineering. . . Phd(c), Msc (RHL), NATO, ESDC & RIPE fellow, IEEE snr, FIRST liaison, CISSP, CRTO, PNPT
🄲🅈🄱🄴🅁 ... @Cyber_Asia_
4K Followers 500 Following Follow us for the latest #cybersecurity news in Asia.
Hichem @hichem60324
0 Followers 10 Following
Mushroom キノコ @MushroomWasp
575 Followers 338 Following a human posting about his journey in tech | CTF Player & Security Researcer | 📨 [email protected] | 🐧💻🔧
Axl @qwertyaxl
1K Followers 391 Following An ai enjoyer and CTF. Main Stream is blockchain and Ai injection
tester @xxtesterxx
231 Followers 5K Following 3 Cerebral infarctions so far. Yearning for life quality. Still like to break 💔 shit. Old school Hacker. Activist by 💜. miss the old school way of bullshiting 👾
HackyD0g @HackyD0g
26 Followers 528 Following
UzunDz @xUzunDz
182 Followers 520 Following
L @Trz0x
0 Followers 250 Following
G @ahm3dgg
40 Followers 703 Following
Arjun Basnet @abasnet123
197 Followers 3K Following Move On.... Threat Hunter, Deep and Dark Web, Security Researcher, Pentester, Vulnerability Management
Ping Pwn @ping_pwn
3 Followers 44 Following
OSD S @osd_s51267
2 Followers 83 Following
Nassim @MetalnaS
19 Followers 139 Following
Kyle Romeo @KyleRomeo1211
248 Followers 664 Following
souhaib @souhaib17273415
3 Followers 583 Following
mult1pl3xR @mult1pl3xR
8 Followers 321 Following
Hashem AlSalhi (C3TUS... @hashemalsalhi
26 Followers 323 Following
vx-underground @vxunderground
438K Followers 358 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
John Hammond @_JohnHammond
320K Followers 3K Following Cybersecurity Researcher @HuntressLabs Just Hacking Training @JustHackingHQ w/ @ethicalhacker https://t.co/UtsNJiyiEk && https://t.co/narO3syzIy
chompie @chompie1337
89K Followers 1K Following hacker, exploit developer/weird machine mechanic head of X-Force Offensive Research (XOR) @IBM
Intigriti @intigriti
209K Followers 666 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
LiveOverflow 🔴 @LiveOverflow
160K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
Hack The Box @hackthebox_eu
246K Followers 228 Following Cyber Mastery: Community Inspired. Enterprise Trusted.
ippsec @ippsec
123K Followers 365 Following
Ben Sadeghipour @NahamSec
247K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
George Hotz 🌑 @realGeorgeHotz
304K Followers 204 Following President @comma_ai. Founder @__tinygrad__
0xdf @0xdf_
26K Followers 471 Following AI Cybersecurity @ Anthropic Potentially a legit security researcher he/him https://t.co/GCcLVlmdQK https://t.co/uQWVpw4nft 0xdf on discord
TrendAI Zero Day Init... @thezdi
89K Followers 16 Following TrendAI Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Oliver Lyak @ly4k_
9K Followers 267 Following Yet another security researcher 🔦 Github: https://t.co/7WFOFz17KI
Adam Chester 🏴�... @_xpn_
38K Followers 538 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOlmau2 | Insta at https://t.co/PqR6CZQ48T
Filip Dragovic @filip_dragovic
7K Followers 1K Following My research unless stated otherwise. My opinions are my own and do not represent the views of my employer. Red Team @MDSecLabs
Sam Curry @samwcyo
101K Followers 1K Following
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
Florian Roth ⚡️ @cyb3rops
220K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Troy Hunt @troyhunt
248K Followers 1K Following Creator of @haveibeenpwned. Microsoft Regional Director. Pluralsight author. Online security, technology and “The Cloud”. Australian.
ctfradiooo @ctfradiooo
1K Followers 2 Following Cybersecurity podcast hosted by @adamdoupe and @Zardus focused exclusively on Capture the Flag (CTF).
Robbe Verwilghen @GrumpinouT
726 Followers 408 Following Something with security, bugs, and bounties
Caitlin Condon @catc0n
4K Followers 3K Following Adventurer. Takes a lot of photos, calls many places home. Research VP @VulnCheckAI. Previous research director @Rapid7 / @metasploit. Opinions mine. She/her.
Splintersfury @Splintersfury
371 Followers 2K Following Malware analyst and cybersecurity professional focused on Windows kernel internals and reverse engineering.
Thomas Naunheim @Thomas_Live
7K Followers 458 Following #MicrosoftMVP | Cyber Security Architect 🛡️| #MicrosoftEntra 🔑 + #Azure ☁️ | #Schaengel
Nowasky @nowaskyjr
2K Followers 100 Following Ademar Nowasky Junior | Sponsor my research: https://t.co/USVXKJdest
Josh Grossman 👻 (t... @JoshCGrossman
2K Followers 2K Following Friendly AppSec Ghost 👻 @OWASP_IL | @OWASP_ASVS Mastodon 🐘: https://t.co/dHMXcjRkMH Blue Sky 🦋: https://t.co/LZHGv7q5HD
Daniel Cuthbert @dcuthbert
33K Followers 2K Following Documentary photographer, old creaky hacker. Co-author of @OWASP ASVS standard. Blackhat/Brucon Review Board & Co_chair UK Gov Cyber Security Advisory Board
Sabanaku77 @Sabanaku77
341 Followers 691 Following Web3 Security Researcher | ZK | FHE | Senior Threat Researcher @zscaler
Matt Brown @nmatt0
10K Followers 974 Following Founder & Principal Consultant @ Brown Fine Security | IoT Security Researcher | Soli Deo Gloria | I Run Arch BTW
Thomas @c0w5lip
30 Followers 110 Following 19. Interested in Vulnerability Research & Embedded Security.
ApexPredator @ApexP6975
7 Followers 16 Following
Secorizon @secorizon
810 Followers 105 Following Home of Responder, Pcredz, SecorizonAI, etc Red team ops, offensive pentests. Back then, your 0days were your certs.
feasto @feasto_
59 Followers 121 Following Cybersecurity enthusiast CTF w\ @0tolerance_ctf and @th3os_ctf
Kaluche @kaluche_
3K Followers 733 Following Red Team 🎯 at @QuarksLab | Windows & Active Directory 💗 | @BreizhCTF co-founder 🚩
John U @jdu2600
739 Followers 347 Following He/him. Security Research Engineer @originhq ex-@elasticseclabs ex-@CyberGovAu
daoud youssef @daoud_youssef
3K Followers 622 Following part time bug hunter at Hacker-one , bugcrowd and intigriti
MatheuZ @MatheuzSecurity
3K Followers 362 Following Red Team Operator, Cyber Threat Intelligence, Malware Researcher
Wil Gibbs @cl4sm
616 Followers 258 Following Artiphishell CEO | @ASU Sefcom PhD Student | @Shellphish Captain Emeritus | AIxCC Shellphish Team Lead | 日本語
Bad_Jubies @Bad_Jubies
346 Followers 666 Following
David Leadbeater @davidgl
317 Followers 402 Following Open Source Software Engineer 👨💻 and Security. Mostly post at 🐘 https://t.co/RkvderXArs
Gerrard Tai @gerrard_tai
359 Followers 525 Following vuln research and pwn | ex csgo pro for team "Counter-Terrorists"
Damian Strobel @damian_89_
8K Followers 967 Following Into IT Security and Big Data | https://t.co/7ZEf1Ijfvp | https://t.co/wMB3f2XEX7
Suraj Malhotra @MrT4ntr4
865 Followers 355 Following Malware Tinkerer | Founder/Player : @dc1ph3r | Sometimes with @f5_experts
Dennis Kniep @dennis_kniep
251 Followers 242 Following
RST Cloud @rst_cloud
659 Followers 89 Following Threat intelligence solutions for businesses of all sizes
El Mehdi @elmehdimee
1K Followers 431 Following bug bounty hunter, https://t.co/IgwNoFRWmO , https://t.co/0DPtWr7tZ8 , https://t.co/eG6Su8DLgb
ZygoSec @ZygoSec
2K Followers 1 Following Education platform for acquiring skills in modern vulnerability research & software exploitation
codewhisperer84 @codewhisperer84
515 Followers 41 Following
Aleandro @drw0if
284 Followers 909 Following Computer science student @ UniPI - ctf player with fibonhack, r00tstici - Security Engineer @ Doyensec
Dinohacks @nhegde610
787 Followers 3K Following Researcher. Malware Analyst. Part time threat hunter. Part time blogger and passing interest in AI
RootSys @RootSysAt
152 Followers 10 Following We deliver top-tier security services, including penetration testing, code audits, security research, hardware hacking, and AppSec reviews.
MottaSec @mottasec_
22 Followers 60 Following Risk-free your digital! Offensive & defensive experts | Red teaming, embedded & defense tech security | Secure-by-design or not at all.
Critical Thinking - B... @ctbbpodcast
26K Followers 86 Following A 'by Hackers for Hackers' podcast focused on technical bug bounty content. Exploits, techniques, stories, bounties. Hosts: @rhynorater, @rez0__, @gr3pme
Alexandria Ocasio-Cor... @AOC
12.7M Followers 4K Following US Congresswoman, NY-14. In a modern, moral, and wealthy society, no American should be too poor to live. People-Funded, takes no lobbyist💰. Personal account.
m1tz @_m1tZ
236 Followers 926 Following Web Security Expert | Bug Hunter | Käferjäger | https://t.co/DT86afEp4J https://t.co/WzdEqXoJv9You might like
