BrunoZero

TrendAI Zero Day Initiative

16 days ago

@hash_kitten @kevin_mizu Funny one, I think understanding this scenario may be useful in the future

0

2

0

1

786

BrunoModificato retweeted

Robert Chen

@NotDeGhost

21 days ago

Great work by our web team! We also got RCE on LiteLLM and Oracle AI DB. Blog soon!

2

72

7

5

6K

BrunoModificato retweeted

@thezdi

21 days ago

Let's goooo! Nikolaos Mourousias, Caue Obici & Bruno Halltari (@deltaclock, @caueobici & @BrunoModificato) of OtterSec was able to exploit LM Studio! If confirmed, they win $40,000 and 4 Master of Pwn points. They're off to the disclosure room to explain how they did it. #Pwn2Own #P2OBerlin

0

25

5

0

3K

Who to follow

terjanq

@terjanq

security enthusiast that loves hunting for bugs in the wild. co-founder and player of @justCatTheFish. infosec at @google. opinions are mine.

DiceGang

@dicegangctf

not about chutes and ladders

Samuel Tang

@mystiz613

AKA mystiz. Tweets on 🇭🇰 and Cybersec. Opinions are my own.

BrunoModificato retweeted

2 months ago

We've had a renderer RCE -> UXSS exploit on Samsung phones since last November, in collaboration with @cor_ctf. Full writeup coming next week.

1

229

23

79

21K

5 months ago

@TheGrandPew Happy bdayy :)

1

0

183

6 months ago

@codewithimanshu @0xacb @H4R3L @sudhanshur705 it's fixed now

0

45

BrunoModificato retweeted

7 months ago

Our research team achieved client RCE on Minecraft Bedrock Edition via a heap overflow to bypass ASLR and sidestep CFG. Writeup to come.

60

3K

264

655

225K

7 months ago

New research, I did found many wallets /web 3 products not taking in consideration the difference between desktop env and mobile env leading to high severity issues.

8 months ago

NEW: OAuth misconfigurations show how common dev settings can lead to account takeovers. Our second deep dive breaks down real cases where overlooking differences between desktop and mobile environments left SDKs, exchanges, and wallets open to exploits. https://t.co/QWABEOXcSU

2

75

19

41

8K

0

5

0

3

934

BrunoModificato retweeted

8 months ago

NEW: OAuth misconfigurations show how common dev settings can lead to account takeovers. Our second deep dive breaks down real cases where overlooking differences between desktop and mobile environments left SDKs, exchanges, and wallets open to exploits. https://t.co/QWABEOXcSU

2

75

19

41

8K

9 months ago

@smashjarchive @osec_io you can find it here https://t.co/H40Vievjlh

0

1

0

75

BrunoModificato retweeted

9 months ago

NEW: The recent supply-chain attack on NPM exposed a fundamental vulnerability in the open-source ecosystem and the risks that lurk within our dependencies. We break down how the malware worked and practical defenses every dev should know ↓ https://t.co/ZeqAkFR2jo

2

36

9

5

6K

BrunoModificato retweeted

MetaMask 🦊

@MetaMask

9 months ago

As a MetaMask user, you do not need to be scared of the supply chain attack that took place earlier today. MetaMask has multiple layers of defense to protect our products and users: - Basic Security: We lock our versions, don't push directly to main, have manual and automated checks during the entire development lifecycle, and have robust release processes and monitored rollouts. - LavaMoat: Prevents malicious code from harming you, even if malicious code was to somehow sneak in. LavaMoat covers both the development lifecycle and runtime scenarios. - Blockaid: Flags malicious addresses nearly instantaneously, protecting you from compromised dapps. Security is paramount for MetaMask. We work tirelessly to protect you from attacks and threats, including supply chain attacks. 🧡

509

6K

969

396

463K

BrunoModificato retweeted

9 months ago

NEW: Proof of Reserves you can verify yourself. We teamed up with @Backpack to build PoRv2, a zero-knowledge system for fast, transparent solvency checks. More on how we designed it ↓ https://t.co/dfyVlrceRW

23

142

27

14

29K

11 months ago

Yay, got a new bounty #bugbountytips

2

82

3

11

6K

11 months ago

@S1r1u5_ Wtf. Where are you going btw?

0

2

0

533