Michael Stepankin @artsploit - Twitter Profile

9 months ago

Prompt injections are a serious concern for VS Code Copilot Agent. Discover how attackers can create GitHub issues with harmful instructions and find out how to protect the coding agent effectively. https://t.co/uQbNhdFqGr

0

9

6

5

1K

artsploit retweeted

Jaroslav Lobačevski 🇱🇹🇺🇦[email protected] @yarlob

about 1 year ago

The curious case of exploiting locally running web app https://t.co/oWQl5gqudP

0

6

3

1

920

artsploit retweeted

watchTowr

@watchtowrcyber

about 1 year ago

The industry is ablaze w speculation around yesterday's publicly disclosed Veeam Software Backup & Replication RCE vulnerabilities (CVE-2025-23120). We reported these vulnerabilities to Veeam in early February, tracked as WT-2025-0014 and WT-2025-0015. https://t.co/h162duIgty

4

168

53

45

23K

Michael Stepankin @artsploit

over 1 year ago

@samwcyo @infosec_au Just wow

0

666

Who to follow

Frans Rosén

@fransrosen

Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.

James Kettle

@albinowax

Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3

Arseniy Sharoglazov

@_mohemiv

Penetration Tester at Positive Technologies, likes to share what I learn with others | @ptswarm

Michael Stepankin @artsploit

over 1 year ago

Here is the blog post: https://t.co/HW2zDY8Tbc

0

59

17

41

4K

Michael Stepankin @artsploit

over 1 year ago

Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵

artsploit's tweet photo. Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵 https://t.co/rklrVsnAZ5

7

297

80

159

30K

Michael Stepankin @artsploit

over 1 year ago

Hyped to speak at @ekoparty in November!

Ekoparty | Hacking everything

@ekoparty

over 1 year ago

2

10

1

4K

1

25

4

1

3K

Michael Stepankin @artsploit

almost 2 years ago

Just submitted a CFP to @ekoparty where I want to talk about breaking Maven repository managers. This is the one of the craziest and fruitful research projects I've done in my career.

3

43

3

2

4K

artsploit retweeted

Martin Doyhenard @tincho_508

almost 2 years ago

So happy to had the chance to present for second time at #BlackHat USA! I’m already receiving a lot of messages from people using these techniques to get some nice bounties! If you want to learn more about cache exploitation, the research is available at https://t.co/A3DoIdBZ6N

3

224

58

154

36K

Michael Stepankin @artsploit

almost 2 years ago

Kafka UI can be a juicy target for bug hunters, here is why: https://t.co/oTHgSO8J3b

1

68

25

33

7K

artsploit retweeted

Source Incite @sourceincite

almost 2 years ago

Time to retire some content! JNDI Injection Remote Code Execution via Path Manipulation in MemoryUserDatabaseFactory: https://t.co/bN1ygdLhWm

0

140

44

61

18K

Michael Stepankin @artsploit

almost 2 years ago

We take pet’s security seriously!

publiclyDisclosed @disclosedh1

almost 2 years ago

Mars disclosed a bug submitted by @0xdr34m14: https://t.co/35hVFmq0KE #hackerone #bugbounty

0

8

2

3K

1

6

0

1

2K

artsploit retweeted

GitHub Security Lab

@GHSecurityLab

almost 2 years ago

🚨 New Blog Alert! 🚨 Can an attacker execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities in Ruby can be exploited and how they can be detected with CodeQL. 🔗 Read the full post: https://t.co/tdumVwrfKC Stay safe and code responsibly! 🛡️💻

0

46

20

16

5K

artsploit retweeted

Charles Fol @cfreal_

about 2 years ago

The first part of the blog series: #Iconv, set the charset to RCE. We'll use #PHP filters and #CVE-2024-2961 to get a very stable code execution exploit from a file read primitive. #cnext

8

170

58

39

30K

artsploit retweeted

Man Yue Mo @mmolgtm

about 2 years ago

In this post I'll use CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported last November to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled. https://t.co/Flsas2jJtv

8

409

146

130

97K

artsploit retweeted

shubs

@infosec_au

over 2 years ago

The SSRF/auth bypass affecting Ivanti Pulse Connect Secure (CVE-2024-21893), is a great example of what can be achieved with a fully blind SSRF vulnerability (RCE). Read the @assetnote blog here which includes a reliable payload and generation steps: https://t.co/cOYpmbWHrS

3

350

86

115

33K

artsploit retweeted

Alvaro Muñoz @pwntester

over 2 years ago

Discover the latest insights from our @GHSecurityLab team’s audit on @home_assistant security! 🛡️ https://t.co/02PHTuECHi #CodeReview

1

63

18

11K

artsploit retweeted

Man Yue Mo @mmolgtm

over 2 years ago

In this post I'll use CVE-2023-4069, a type confusion bug in the Maglev JIT compiler of Chrome that I reported in July, to gain RCE in the Chrome renderer sandbox: https://t.co/Mas6ALpKiO

6

312

98

93

58K

Michael Stepankin @artsploit

over 2 years ago

@0xor0ne Thanks for sharing!

0

1

0

376

artsploit retweeted

Kev @kevin_backhouse

over 2 years ago

Video of my PoC for CVE-2023-43641: out-of-bounds array access in libcue. libcue is used by tracker-miners, which automatically scans new files in ~/Downloads, so the bug is triggered by downloading a file.

8

372

103

64

129K

Michael Stepankin

@artsploit

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users