Worty @_Worty - Twitter Profile

_Worty retweeted

nol @nol_tech

8 days ago

This is my talk :D

0

15

3

0

908

_Worty retweeted

Lupin

@0xLupin

14 days ago

I managed to RCE Fortune 500 companies and made over $50,000 with this technique. A new npm supply chain technique we just disclosed. The trick is dumb-simple. We call it npx Confusion. 🧵

0xLupin's tweet photo. I managed to RCE Fortune 500 companies and made over $50,000 with this technique.

A new npm supply chain technique we just disclosed. The trick is dumb-simple.

We call it npx Confusion.

🧵 https://t.co/W0yxZ0wH2e

9

327

39

291

20K

_Worty retweeted

Lupin

@0xLupin

22 days ago

People are always talking about npm and pypi. Wait to see how insane are the other ecosystems too

3

40

2

5

4K

_Worty retweeted

Orange Tsai 🍊

@orange_8361

21 days ago

That's my chain — a full chain w/ logic bugs only! No memory corruption, no AI, and of course no collisions at all 😉

112

3K

367

359

209K

Who to follow

Rémi GASCOU (Podalirius)

@podalirius_

Senior Security Researcher @SpecterOps | 3xMicrosoft Security MVP | Creator of opensource security tools 🎬 https://t.co/QaAENc4NcY | Views are my own

Thomas Seigneuret

@_zblurx

Red Teamer & Security researcher Maintainer of #NetExec, #DonPAPI, dploot, certsync, and all the stuff on my github repo bsky: https://t.co/zISpgvDSWc

rayanlecat

@rayanlecat

Adversary Simulation @Quarkslab

_Worty retweeted

YesWeHack ⠵

@yeswehack

24 days ago

Missed the latest #TalkiePwnii? Now’s your chance 👀 @pwnwithlove breaks down a wildcard argument injection exploit on a @zerodaygym Dojo challenge - from initial discovery to full exploitation 👇 https://t.co/n1fXGPsv6a

0

29

4

8

3K

_Worty retweeted

YesWeHack ⠵

@yeswehack

23 days ago

SSRF turns a server’s own outbound requests into your weapon against its internal network 🌐 From a single callback to full cloud account takeover, the escalation path is wild when you know the tricks 🔥 Full guide on hunting SSRF 👇 https://t.co/YHoZatQ6bs

2

99

15

84

10K

_Worty retweeted

pwnii

@pwnwithlove

23 days ago

last month I reported a critical SSRF that led to JS execution in a headless Chrome ദ്ദി・ᴗ・)✧ if you're curious, I wrote a full article on @yeswehack! :p

pwnwithlove's tweet photo. last month I reported a critical SSRF that led to JS execution in a headless Chrome ദ്ദി・ᴗ・)✧

if you're curious, I wrote a full article on @yeswehack! :p https://t.co/9PgKMGdCfq

5

146

6

52

6K

_Worty retweeted

Bleizack @bleizack

about 1 month ago

Les inscriptions UDG#2 se terminent très prochainement, nous vous partageons le teasing des confs. Cette fois-ci, rendez-vous dans le centre de Rennes, à 7 minutes à pied de Sainte-Anne (adresse précise communiquée lors de la réception de votre place). > https://t.co/tEwrYvXdUg

bleizack's tweet photo. Les inscriptions UDG#2 se terminent très prochainement, nous vous partageons le teasing des confs.

Cette fois-ci, rendez-vous dans le centre de Rennes, à 7 minutes à pied de Sainte-Anne (adresse précise communiquée lors de la réception de votre place).

> https://t.co/tEwrYvXdUg https://t.co/Ejs8uTi6zx

0

4

2

315

_Worty retweeted

YesWeHack ⠵

@yeswehack

about 1 month ago

If you haven't seen it yet, the latest #TalkiePwnii is out and @pwnwithlove shows how to abuse wildcards for argument injection on a @zerodaygym Dojo challenge 👀 Check it out 👇 https://t.co/n1fXGPsv6a

0

21

2

6

3K

Worty @_Worty

about 2 months ago

The #FCSC2026 ended today, my write-ups are now available on my website https://t.co/PbzPBa4dpX, don't hesitate to check them !

Worty @_Worty

2 months ago

For this year’s FCSC, I’m proud to have had the opportunity to develop four web challenges: - Shellfish Say - FCSC Aquarium - Secure Mood Notes (Part 1 & 2) There are many more challenges available (created by @kevin_mizu and @BitK_), so don’t hesitate to give them a try! :)

_Worty's tweet photo. For this year’s FCSC, I’m proud to have had the opportunity to develop four web challenges:
- Shellfish Say
- FCSC Aquarium
- Secure Mood Notes (Part 1 & 2)

There are many more challenges available (created by @kevin_mizu and @BitK_), so don’t hesitate to give them a try! :) https://t.co/g7RaNCoccZ

1

46

5

4

5K

0

35

8

5

3K

_Worty retweeted

Kévin GERVOT (Mizu) @kevin_mizu

about 2 months ago

I'm happy to release the first version of my DOMLogger++ plugin for @CaidoIO! 🔎 It improves the browser extension in several ways: • Persistent, per-project storage • Temporary session recording • AI support • Stack trace reconstitution • ... 👉 https://t.co/tj72KXjAN9

kevin_mizu's tweet photo. I'm happy to release the first version of my DOMLogger++ plugin for @CaidoIO! 🔎

It improves the browser extension in several ways:
• Persistent, per-project storage
• Temporary session recording
• AI support
• Stack trace reconstitution
• ...

👉 https://t.co/tj72KXjAN9 https://t.co/tRdiFP6M0T

4

177

31

79

12K

Worty @_Worty

2 months ago

@_Euzebius @voydstack @kevin_mizu @BitK_ At least 2 web challenges have 0 solve for now :D

0

3

0

221

Worty @_Worty

2 months ago

For this year’s FCSC, I’m proud to have had the opportunity to develop four web challenges: - Shellfish Say - FCSC Aquarium - Secure Mood Notes (Part 1 & 2) There are many more challenges available (created by @kevin_mizu and @BitK_), so don’t hesitate to give them a try! :)

1

46

5

4

5K

_Worty retweeted

Kévin GERVOT (Mizu) @kevin_mizu

2 months ago

This year again, with @BitK_ and @_Worty, we've made the Web challenges 🚩 The CTF is solo and lasts 10 days, if you have some time, please give it a look 😁 Even if you're not doing Web challenges, there are challenges in various categories, you should find something you like!

kevin_mizu's tweet photo. This year again, with @BitK_ and @_Worty, we've made the Web challenges 🚩

The CTF is solo and lasts 10 days, if you have some time, please give it a look 😁

Even if you're not doing Web challenges, there are challenges in various categories, you should find something you like! https://t.co/S2z1mDPUu6

4

140

17

64

25K

_Worty retweeted

Lupin

@0xLupin

2 months ago

Her first week at Lupin & Holmes ? Garance compromised an npm package with 40M weekly downloads 🔥 Depi flagged a dangerous workflow in @ img/colour. She turned Dependabot into the trigger, got the workflow to run, and reached package write access. 40M weekly downloads. Week one. Garance rocks 🤟 https://t.co/qkEiGnbPBG

0xLupin's tweet photo. Her first week at Lupin & Holmes ? Garance compromised an npm package with 40M weekly downloads 🔥

Depi flagged a dangerous workflow in @ img/colour. She turned Dependabot into the trigger, got the workflow to run, and reached package write access.

40M weekly downloads. Week one. Garance rocks 🤟

https://t.co/qkEiGnbPBG

5

128

18

53

11K

Worty @_Worty

2 months ago

@OliviaGalluccii @Synacktiv @0xLupin Thanks a lot !

0

1

0

67

Worty @_Worty

2 months ago

Today was my last day at @Synacktiv as a pentester, I want to thank all the people I've worked with in this company, such amazing and skilled people, I will cherish those memories I’m joining @0xLupin at Lupin&Holmes to break more stuff with some others talented people😎

13

182

6

17K