“i’m not mad… please don’t put in the newspaper that i’m mad!”

Time to pop something out of our publication queue! Learn how Paolo Cavaglià found a way to combine #CodeBuild and #S3 privileges to escalate his privileges in a fairly complex #AWS environment. shielder.com/blog/2023/07/a…

Marco Rubio CANNOT read 💀

The last week on Twitter has been really an amazing string of WTF, even by the impressive standards of Elon. It's really funny when you put all the pieces together. it's important to start at the beginning. Twitter's pretty broke. (amusing thread)

"I use Linux as my operating system," I state proudly to the unkempt, bearded man. He swivels around in his desk chair with a devilish gleam in his eyes, ready to mansplain with extreme precision. "Actually," he says with a grin, "Linux is just the kernel. you use GNU+Linux." I

A 🧵 of peer reviewed published scientific research where the authors left out a key coauthor 😉: “As an AI language model…” Elisabeth Bik

Ever wondered how to binary diff router firmwares to write n-day exploits? Learn how TheZero 🍉 on BlueSky and Pit combined unblob, binexport, ghidra, Qiling, and an Asus router to write an exploit for CVE-2023-39238. The outcome was unexpected ... 1/7 shielder.com/blog/2024/01/h…

PoV: You try to submit a solution to a Dimitri Os challenge:

Hey hackers - attending NULLCON? Pop to say hi and talk about AppSec and VR! You can find smaury TheZero 🍉 on BlueSky Pit Francesco Enrietti around 🖖🏿

We recently partnered with OSTIF Official to perform a security audit sponsored by Amazon Web Services on Bref. The audit resulted in 5 findings promptly addresses by Matthieu Napoli. The report is now public, check the details here: shielder.com/blog/2024/03/b…

Back in December 2023 our researchers TheZero 🍉 on BlueSky Pit and Mindless performed an audit sponsored by Amazon Web Services and facilitated by OSTIF Official on boost. It resulted in 7 findings and 15 new fuzzers. The report is now public, check the details here: shielder.com/blog/2024/05/b…

During a recent engagement Mindless hacked his way through Vtiger CRM which led to discover a privilege escalation and a SQL injection. Learn more in the dedicated advisories: - CVE-2024-42994 #sqli shielder.com/advisories/vti… - CVE-2024-42995 #privesc shielder.com/advisories/vti…

Hey hackers! We’ve started sending out the first invites — check your inbox! 👀 Didn’t get one? Take the fast track and submit a talk!

In Lausanne for Insomni'hack? Don’t miss the chance to meet our very own Francesco Enrietti! If you're into cursed OAuth hacking techniques or breaking mobile apps, find a comfy spot -- you might be there for a while!

Last week Apple released MacOS 13.4 which contains a fix for a vulnerability Pit exploited to escape the Sandbox. Update now and stay tuned for the technical details! Ref: support.apple.com/en-us/122373

You’ve done everything right: least privilege, PAM solution deployed, users don’t even know passwords. What could go wrong? Paolo Cavaglià (Paolo Cavaglià) from Shielder has the answer in his #TheSAS2025 talk, "Grand Theft Credential: Ransomware Gangs’ Wet Dream" 🏰 His team spent

can we please get the libxml2 and ffmpeg people some cold cash, lambo's and decent quality blow as a token of appreciation for all the ASAN splats we throw over the fence and want to have fixed pronto? I know one man's trash (CVE's) is another man's treasure, but we gotta respect