Eye Security @eyesecurity - Twitter Profile

5 months ago

The @Efteling Android app contains a hidden PIN-gated screen triggered by tapping the version number multiple times. One of our Principal Security Researchers @NielsTeusink decompiled the APK, inspected the React Native bundle, and traced the PIN check to a screen exposing internal debug functionality. No security impact, but a nice example of how “hidden” features in mobile apps are usually just obscured, not protected. If this kind of analysis sounds like your thing: https://t.co/2UH5cyQlrd #infosec #reverseengineering #appsec #androidsecurity #hiring

eyesecurity's tweet photo. The @Efteling Android app contains a hidden PIN-gated screen triggered by tapping the version number multiple times.

One of our Principal Security Researchers @NielsTeusink decompiled the APK, inspected the React Native bundle, and traced the PIN check to a screen exposing internal debug functionality. No security impact, but a nice example of how “hidden” features in mobile apps are usually just obscured, not protected.

If this kind of analysis sounds like your thing: https://t.co/2UH5cyQlrd

#infosec #reverseengineering #appsec #androidsecurity #hiring

0

1

0

1

304

Eye Security

@eyesecurity

6 months ago

Eye Security Chief Hacker Vaisha Bernard @the1bernard ranked #1 on Microsoft’s MSRC Security Researcher Leaderboard (Q4 2025). Proud of the work, and respect to the researchers recognized this quarter. https://t.co/DHCPOBDmdb #CyberSecurity #SecurityResearch #AssumeBreach #MSRC

eyesecurity's tweet photo. Eye Security Chief Hacker Vaisha Bernard @the1bernard ranked #1 on Microsoft’s MSRC Security Researcher Leaderboard (Q4 2025).

Proud of the work, and respect to the researchers recognized this quarter.

https://t.co/DHCPOBDmdb

#CyberSecurity #SecurityResearch #AssumeBreach #MSRC

0

2

0

67

Eye Security

@eyesecurity

6 months ago

Phishing isn’t about fake domains anymore. It’s about abusing trust. We’re seeing attacks that start on legitimate Microsoft login pages and quietly redirect users to credential-harvesting sites. Full analysis and mitigations in the blog 👇 https://t.co/X05pGFz7AN #phishing #infosec #securityresearch #m365 #oauth #infosec

eyesecurity's tweet photo. Phishing isn’t about fake domains anymore. It’s about abusing trust.

We’re seeing attacks that start on legitimate Microsoft login pages and quietly redirect users to credential-harvesting sites.

Full analysis and mitigations in the blog 👇
https://t.co/X05pGFz7AN

#phishing #infosec #securityresearch #m365 #oauth #infosec

0

1

0

45

Eye Security

@eyesecurity

7 months ago

🔎 We discovered a vulnerability in Microsoft’s Windows Update Health Tools that could have enabled remote code execution on Windows devices worldwide. An older version of the tool still contacted Azure locations that were no longer owned by Microsoft. In theory, someone else could have taken over those locations and changed what the tool downloaded. Findings like this show why independent research and an assume breach mindset matter. Even trusted tools can hide unexpected risks. Link to full analysis: https://t.co/3Kmfe5qaBa #Remotecodeexecution #Microsoft #Vulnerability

0

1

0

96

Who to follow

DeBlauwTrap

@DeBlauwTrap

Gezellig stadskefee in hartje Venlo!

Stadstuinderij Venlo

@Stadstuin_Venlo

Verbouw je eigen groente; en werk samen in de gezamelijke moestuin. Ontdek hoe je eten groeit, ook in jouw wijk of op school. Seizoensverkoop: za 10.30u-13u

NoordLimburgBusiness

@NoordLimburgBiz

Offline/online platform voor MKB-ondernemers in de regio Noord-Limburg - Magazine - Website - Live Events

Eye Security

@eyesecurity

11 months ago

🚨 From curiosity to 22 internal Microsoft apps A small distraction led to finding a common Microsoft Entra ID misconfiguration, giving access to 22+ internal Microsoft services. Last week at #BlackHatUSA, Chief Hacker Vaisha Bernard @the1bernard shared the full story. Couldn't be there? Read the blog here: https://t.co/Tie1sAaMbz #CyberSecurity #EntraID #BugBounty #Microsoft #BHUSA #IncidentResponse #ThreatResearch #BlackHat

eyesecurity's tweet photo. 🚨 From curiosity to 22 internal Microsoft apps

A small distraction led to finding a common Microsoft Entra ID misconfiguration, giving access to 22+ internal Microsoft services.

Last week at #BlackHatUSA, Chief Hacker Vaisha Bernard @the1bernard shared the full story.

Couldn't be there? Read the blog here: https://t.co/Tie1sAaMbz

#CyberSecurity #EntraID #BugBounty #Microsoft #BHUSA #IncidentResponse #ThreatResearch #BlackHat

0

4

2

0

516

Eye Security

@eyesecurity

11 months ago

All of this happened on trusted platforms. Bypassing filters completely. Lesson: attackers exploit trust. Only the right mix of technology and human expertise can catch them before it’s too late. Stay vigilant. 👁‍🗨

0

1

0

49

Eye Security

@eyesecurity

11 months ago

👁‍🗨STORIES FROM THE SOC: Phishing with trusted tools 👁‍🗨 A link from a colleague. A familiar platform. What could go wrong? In one recent case - a lot. 🧵 #cybersecurity #phishing #SOC #storiesfromtheSOC

1

0

91

Eye Security

@eyesecurity

11 months ago

With the account in hand, they reset the victim’s Miro password, created a dashboard with yet another phishing link, and sent it to hundreds of colleagues. Because it came from a known coworker, hardly anyone questioned it. To stay hidden, they deleted phishing emails, replies, and Miro security alerts.

1

0

60

Eye Security

@eyesecurity

11 months ago

This afternoon at Black Hat USA, our Chief Hacker Vaisha Bernard @the1bernard is breaking down how attackers can abuse Entra OAuth to pivot into internal Microsoft applications. 📍 1:30 PM | South Seas A & B, Level 3 🎯 Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications #BlackHatUSA #BlackHat #CloudSecurity #OAuth #Microsoft365 #Infosec #EyeSecurity

eyesecurity's tweet photo. This afternoon at Black Hat USA, our Chief Hacker Vaisha Bernard @the1bernard is breaking down how attackers can abuse Entra OAuth to pivot into internal Microsoft applications.

📍 1:30 PM | South Seas A & B, Level 3
🎯 Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications

#BlackHatUSA #BlackHat #CloudSecurity #OAuth #Microsoft365 #Infosec #EyeSecurity

0

2

1

0

131

Eye Security

@eyesecurity

11 months ago

🍦After a week of #SharePoint chaos, we needed a break. So we rooted Copilot. Turns out, with a bit of persistence (and maybe some ice cream), Microsoft's AI assistant is pretty cooperative. Dive into the technical details on our blog: 👉 https://t.co/K4Xys0fTal #Copilot #Microsoft #CyberSecurity #AI #RedTeam #Rooted @the1bernard

eyesecurity's tweet photo. 🍦After a week of #SharePoint chaos, we needed a break. So we rooted Copilot.

Turns out, with a bit of persistence (and maybe some ice cream), Microsoft's AI assistant is pretty cooperative.

Dive into the technical details on our blog:
👉 https://t.co/K4Xys0fTal

#Copilot #Microsoft #CyberSecurity #AI #RedTeam #Rooted @the1bernard

0

5

4

1

727

Eye Security

@eyesecurity

11 months ago

Critical #SharePoint zero-day (CVE-2025-53770/53771) detected by Eye Security: On July 18, our research team uncovered mass exploitation of a SharePoint vulnerability, affecting thousands of servers worldwide. Read how it unfolded and what it means for your security: https://t.co/y9UiocpXJk #CyberSecurity #InfoSec #ZeroDay #threathunting #IncidentResponse

eyesecurity's tweet photo. Critical #SharePoint zero-day (CVE-2025-53770/53771) detected by Eye Security:

On July 18, our research team uncovered mass exploitation of a SharePoint vulnerability, affecting thousands of servers worldwide.

Read how it unfolded and what it means for your security: https://t.co/y9UiocpXJk

#CyberSecurity #InfoSec #ZeroDay #threathunting #IncidentResponse

0

3

1

0

384

Eye Security

@eyesecurity

11 months ago

Critical SharePoint updates released (CVE-2025-53770/53771). Microsoft has released security patches for SharePoint Server 2016, 2019, and Subscription Edition. Key actions: – Apply latest updates (cumulative) – Rotate https://t.co/wHtK2qOsav machine keys – Conduct a thorough forensic investigation or get help from professionals Older versions (2010/2013) won’t be patched. Isolate or decommission to reduce risk. Details: https://t.co/y9UiocpXJk #CyberSecurity #InfoSec #ZeroDay #SharePoint #IncidentResponse

0

3

0

1

231

Eye Security

@eyesecurity

almost 2 years ago

🔺 UPDATE: #CrowdStrike Falcon blue screen issue 🔺 Is your IT team struggling to get systems in safe mode (which CrowdStrike recommends)? Read this continuously updated blog with detailed instructions to help you: https://t.co/ykQwESa5wM #microsoft #crowdstrike #itoutage

0

1

0

132

Eye Security

@eyesecurity

almost 2 years ago

🔺 CrowdStrike Falcon blue screen issue 🔺 We are actively working with #CrowdStrike and our clients to get them back online ASAP. View REAL-TIME UPDATES on the #Microsoft blue screen of death (BSOD) issue caused by the recent Falcon update here: https://t.co/ykQwESa5wM

1

2

0

1

180

Eye Security

@eyesecurity

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users