darkit @dark1t - Twitter Profile

Pinned Tweet

over 2 years ago

This year I decided to make time to do research as it is a field I'm passionate about. This has resulted in discovering two critical vulnerabilities (CVE-2023-48022 and CVE-2023-48023) See the below advisory to see how to escalate privs on the cloud from SSRF and file disclosure

Bishop Fox @bishopfox

over 2 years ago

The #opensource framework Ray from Anyscale is impacted by 3 critical #vulnerabilties: missing authentication, #SSRF, & insecure input validation. We recommend Ray users refrain from exposing Ray network services to a local network or to the Internet. More in the advisory by @dark1t. #infosec #cybersecurity https://t.co/MVADuY5ZwW

bishopfox's tweet photo. The #opensource framework Ray from Anyscale is impacted by 3 critical #vulnerabilties: missing authentication, #SSRF, & insecure input validation. We recommend Ray users refrain from exposing Ray network services to a local network or to the Internet. More in the advisory by @dark1t. #infosec #cybersecurity

https://t.co/MVADuY5ZwW

0

27

14

3

9K

0

17

5

1

3K

dark1t retweeted

JS0N Haddix

@Jhaddix

2 months ago

New Executive Offense: "RSA 2026: Hot Takes on AI, Agents, and Offensive Security Reality Checks" (This one is more a an opinion piece but hope you enjoy it 🫶 ) https://t.co/pMeHfOXfex

3

108

22

96

22K

darkit @dark1t

3 months ago

@vxgiveaways @OSINTindustries

0

1

0

32

dark1t retweeted

watchTowr

@watchtowrcyber

3 months ago

We promised we'd be back! Join us on our journey, from repro'ing N-days to stumbling into 0-days in SolarWinds Web Help Desk, eventually achieving pre-auth RCE. This research fuels the watchTowr Platform, our Preemptive Exposure Management technology. https://t.co/TzNBT1Ghs7

0

206

66

108

40K

Who to follow

Danux Mitnick

@Danuxx

Hacker wanna be. Gray Hat Hacking book, 4/5th Edition co-author.

Hack Defender

@hackdef

Aim to provide world class security services and training

Luis Noriega

@nogagmx

Infosec enthusiast 🇲🇽 MX

dark1t retweeted

Yuval Avrahami

@yuvalavra

5 months ago

We hacked the AWS JavaScript SDK, a core library powering the entire @AWScloud ecosystem - including the AWS Console itself 🤯 How did we do it? Just two missing characters was all it took. This is the story of #CodeBreach 🧵👇

yuvalavra's tweet photo. We hacked the AWS JavaScript SDK, a core library powering the entire @AWScloud ecosystem - including the AWS Console itself 🤯

How did we do it? Just two missing characters was all it took.

This is the story of #CodeBreach 🧵👇 https://t.co/ba9jqgFrLJ

158

7K

846

4K

1M

dark1t retweeted

Today In Infosec @todayininfosec

9 months ago

1995: The movie Hackers was released. Yes, 30 years ago today. 🤯 It grossed just $7 million at the box office against a budget of $20 million. Ouch. A box office failure, but today it's a cult classic. Crash Override. Acid Burn. Rollerblades. Floppy disks. Hack the Gibson!!!

todayininfosec's tweet photo. 1995: The movie Hackers was released. Yes, 30 years ago today. 🤯

It grossed just $7 million at the box office against a budget of $20 million. Ouch. A box office failure, but today it's a cult classic.

Crash Override.
Acid Burn.
Rollerblades.
Floppy disks.

Hack the Gibson!!! https://t.co/YG1eIO9KFK

2

237

70

9

21K

dark1t retweeted

H4x0r.DZ 🇰🇵

@h4x0r_dz

10 months ago

When a SSRF is enough: Full Docker Escape on Windows Docker Desktop (CVE-2025-9074) https://t.co/2CGY8UV7fy "How was it found It was by mistake actually, I did not know much about container separations and its implication"

1

238

34

110

16K

dark1t retweeted

ϻг_ϻε @steventseeley

10 months ago

As it turns out, @orange_8361 and I have more in common than I had thought! If you love old school PHP quirks and CTF tricks I recommend you read our articles: https://t.co/oFro6bACfi https://t.co/6Y9yMUlilj

1

257

60

118

23K

dark1t retweeted

Phrack Zine

@phrack

10 months ago

Signing underway at @nostarch at @defcon

1

85

12

4

11K

darkit @dark1t

10 months ago

@defconparties Women v neck XL

1

0

69

dark1t retweeted

vx-underground

@vxunderground

10 months ago

https://t.co/tDpKMg1qmk

40

2K

135

680

160K

darkit @dark1t

11 months ago

@kuzushi @defcon @rez0__ @ArchAngelDDay @wickett @JF0LKINS

0

1

0

46

dark1t retweeted

PentesterLab

@PentesterLab

11 months ago

Can you feel the pain?

1

79

4

2

8K

dark1t retweeted

Pwntacles @pwntacles

12 months ago

A las comunidades universitarias de ciberseguridad con estudiantes activos se les invita a la primera reunion de "NoTrustSec x Pwntacles - Student communities". Registro y mas información: https://t.co/asCul5f0Af

1

13

10

2

2K

dark1t retweeted

BSides CDMX @bsidescdmx

about 1 year ago

¡Gracias por sus propuestas para #BSidesCDMX 2025! A los speakers: estén pendientes de su correo, recibirán noticias pronto 📬 Ya comenzamos a armar la agenda! 🗓️ Y gracias al comité evaluador por su gran trabajo: @phragma @bytevic @Yess_2021xD @dark1t @hecky #securitybsides

bsidescdmx's tweet photo. ¡Gracias por sus propuestas para #BSidesCDMX 2025!
A los speakers: estén pendientes de su correo, recibirán noticias pronto 📬
Ya comenzamos a armar la agenda! 🗓️

Y gracias al comité evaluador por su gran trabajo:

@phragma @bytevic @Yess_2021xD @dark1t @hecky

#securitybsides https://t.co/6lTAEdJeDL

0

18

8

0

2K

dark1t retweeted

Pedro Ribeiro

@pedrib1337

about 1 year ago

Router RCE via the public WLAN interface *which cannot be disabled on your own router without calling the ISP* w/ bonus fault injection via HDD vibrations 🤠 👑King showing by @_r0ny and a shit show by @MEOpt https://t.co/G15AMgzTvP

4

185

51

86

16K

dark1t retweeted

AI Notkilleveryoneism Memes ⏸️

@AISafetyMemes

about 1 year ago

🚨🚨🚨 "We found the model attempting to write self-propagating worms, and leaving hidden notes to future instances of itself to undermine its developers' intentions."

AISafetyMemes's tweet photo. 🚨🚨🚨 "We found the model attempting to write self-propagating worms, and leaving hidden notes to future instances of itself to undermine its developers' intentions." https://t.co/fAiB3IKyOw

932

18K

3K

7K

35M

dark1t retweeted

Yuval Gordon @YuG0rd

about 1 year ago

🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷‍♂️ Read Here - https://t.co/c969sNjQH0