Marc Montpas @MarcS0h - Twitter Profile

marcS0H retweeted

lcamtuf @lcamtuf

almost 2 years ago

Frankly, I'm appalled by the prospect of LLMs taking offensive security research jobs from honest, hard-working fuzzers

5

402

72

28

47K

marcS0H retweeted

the tiny corp

@__tinygrad__

3 months ago

“Simplicity is a great virtue, but it requires hard work to achieve and education to appreciate. And to make matters worse, complexity sells better.” — Edsger Dijkstra

8

769

80

124

22K

marcS0H retweeted

LiveOverflow 🔴

@LiveOverflow

4 months ago

What I’ve always found amazing about CTFs is that "flag is flag". Whether you found an unintentional solve or pwned the browser with n-day for a XSS challenge, it didn't matter. I totally get the frustration of AI, but there is no solution other than accepting the change.

18

446

38

110

70K

marcS0H retweeted

Trail of Bits

@trailofbits

5 months ago

Probably not. Prompting an LLM with natural language is inherently lossy and ambiguous. Up to this point, programming has always been deterministic: Your code does what you say it should do otherwise, it’s a bug. Coding agents break that contract. https://t.co/gqsBV0nQBa

2

29

5

14

2K

Who to follow

Sasi Levi 🎧

@sasi2103

Love Music, Security & Software.

harisec

@har1sec

Interested in web security, bug bounties, machine learning and investing. SolidGoldMagikarp. Orson Kovacs.

Nilesh Sapariya

@nilesh_loganx

Marc Montpas @marcS0H

8 months ago

Guess it's that time of the year again. :-) #aws #down #dns https://t.co/lRudELsicQ

0

306

marcS0H retweeted

Gynvael Coldwind @gynvael

11 months ago

This looks nicely written: https://t.co/RcY87eZngD

1

81

20

17

13K

marcS0H retweeted

Oliver Sild @OliverSild

over 1 year ago

It's so cool to see so many people participate in our #WCUS WordPress CTF. @marcS0H from @jetpack is currently leading the competition! 😎 You can see the live scoreboard here: https://t.co/rHwax8rPJQ

0

2

1

0

219

marcS0H retweeted

WPScan - WordPress Security @_WPScan_

almost 2 years ago

Our researchers found a Pre-Auth Object Injection vulnerability in the SEOPress plugin (300k+ active installs). It was fixed in the recent 7.9 update. Make sure to update now! #wordpress #security https://t.co/Mor1Qwvc0V

3

5

1

2

2K

Marc Montpas @marcS0H

almost 2 years ago

MOTD: Reinventing the wheel only works if it's circle-shaped. (Love uncovering relatively uncommon antipatterns like this.) #wordpress #security

WPScan - WordPress Security @_WPScan_

almost 2 years ago

Our researchers found a Pre-Auth Object Injection vulnerability in the SEOPress plugin (300k+ active installs). It was fixed in the recent 7.9 update. Make sure to update now! #wordpress #security https://t.co/Mor1Qwvc0V

3

5

1

2

2K

0

3

0

168

marcS0H retweeted

Charles Fol @cfreal_

about 2 years ago

The first part of the blog series: #Iconv, set the charset to RCE. We'll use #PHP filters and #CVE-2024-2961 to get a very stable code execution exploit from a file read primitive. #cnext

8

170

58

39

31K

marcS0H retweeted

Sonar Research @Sonar_Research

over 2 years ago

🔥Multiple XSS vulnerabilities in popular CMS Joomla! (CVE-2024-21726) 🔥 PHP bug could be used to bypass sanitization - We just disclosed the technical details behind the recent Joomla vulnerability: https://t.co/9JVMjj5FO9

Sonar_Research's tweet photo. 🔥Multiple XSS vulnerabilities in popular CMS Joomla! (CVE-2024-21726) 🔥

PHP bug could be used to bypass sanitization - We just disclosed the technical details behind the recent Joomla vulnerability:

https://t.co/9JVMjj5FO9 https://t.co/k8s28WDD7f

1

293

88

119

96K

marcS0H retweeted

Fio Cavallari 🍻👾🪓 @fiocavallari

over 2 years ago

Automattic is expanding the Jetpack and WPScan Security Research team, if you like to break PHP code and investigate malware fill out the interest form here: https://t.co/WUqX2IyJNe #hiring #wordpress #securityresearch #remotejobs

0

10

6

1

822

marcS0H retweeted

Denis @unmaskparasites

over 2 years ago

Balada Injector: analysis of the initial and secondary infections. Domains: *.specialcraftbox[.]com and *.greenfastline[.]com (more in the post) Vulnerable plugin: Popup Builder. Thanks @marcs0h for the help with understanding the vuln

0

5

3

0

699

marcS0H retweeted

WPScan - WordPress Security @_WPScan_

over 2 years ago

Our researchers found a Pre-Auth Stored XSS vulnerability in the WP Go Maps plugin (formerly known as WP Google Maps, 400k+ active installs). It was fixed in the recent 9.0.28 update. Make sure to update now! #wordpress #security https://t.co/m0IWVsc7vs

0

4

1

2

1K

marcS0H retweeted

WPScan - WordPress Security @_WPScan_

over 2 years ago

Our researchers found a Pre-Auth Stored XSS vulnerability in the Popup Builder plugin (200k+ active installs). It was fixed in the recent 4.2.3 update. Make sure to update now! #wordpress #security https://t.co/h9O5MSOHXP

2

5

3

0

1K

marcS0H retweeted

Ambionics Security @ambionics

over 2 years ago

Learn about the two @Owncloud vulnerabilities CVE-2023-49103 and CVE-2023-49105 in our new blogpost: https://t.co/6fDfMLHYC9

0

62

22

9

13K

marcS0H retweeted

Charles Fol @cfreal_

over 2 years ago

CVE-2023-49103: this analysis by @GreyNoiseIO is erroneous. The exploit WORKS with default configuration, even on docker installs. Please patch.

3

36

10

7

18K

Marc Montpas @marcS0H

over 2 years ago

@FenriskSec Neat find!

0

137

marcS0H retweeted

Fenrisk @FenriskSec

over 2 years ago

Expecting to struggle finding a gadget chain in WordPress Core during an assessment when devs suddenly decided to make it easy : https://t.co/gJhHoktLtD

1

18

9

4K

marcS0H retweeted

WPScan - WordPress Security @_WPScan_

over 2 years ago

Our researchers found a serious SQL Injection vulnerability in the WP Fastest Cache plugin. It was fixed in the recent 1.2.2 update. Make sure to update now! https://t.co/Dk6m1ciEGd #wordpress #security

0

6

1

5

1K

Marc Montpas

@marcS0H

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users