Olivia
Online
Alvaro Muñoz
@pwntester
Madrid 🇪🇸
Joined December 2008
511 Following
13.3K Followers
5.3K Posts
“For us, the most important part isn't just finding the bug; it's that you understand why we found it, how we found it, and how we exploit it,” says XBOW head of security labs @fede_k in a recent episode of Security Conversations with @ryanaraine @juanandres_gs.
Hear more in the clip below.
Watch the full episode here: https://t.co/vkoTSmrnAc
Finding IDORs with automation is hard. Most tools stop at "Can I access this?". XBOW had to answer, "Should I be able to?" Here’s how we did it. https://t.co/ihnS3HOGkS
@SinSinology @chudyPB @olekmirosh @steventseeley @irsdl @tiraniddo @frycos @mwulftange It was great to meet! I feel honored our work was useful and inspiring to you. Keep up the awesome work!
Who to follow
James Kettle 
@albinowax
Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Frans Rosén
@fransrosen
Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Orange Tsai 🍊
@orange_8361
This is 🍊
guess what? there's like 50 deserialization gadgets in this picture! you don't always get to hangout with @pwntester and @chudyPB 🔥👑
we're missing @olekmirosh @steventseeley @irsdl @tiraniddo @frycos @mwulftange
This is not our talk, DEFCON screens didn't work during our time slot. We recorded and uploaded the full talk ourselves.
Our talk: https://t.co/bBKCRbx8Dl
Security tools catch issues. But do they matter?
Join @GeekMasher + @pwntester with @GitHub tomorrow as they show how AI agents:
→ Exploit like experts
→ Ship findings in minutes
→ Validate vulns scanners miss
🗓️Live @ 11:15am PT | 2:15pm ET https://t.co/u9l03t749R
Fun times with Telerik UI and DoS by default (it will hit for a long time I think). Sometimes it may lead to more fun, like RCE :)
Gadgeting inspired by @pwntester, Oleksandr and @steventseeley
Do not miss this live session from my teammates @moyix and @pwntester. Today, 10 am PT/ 1pm ET.
You will learn about:
- AI agents validating real vulnerabilities at scale
- How can AI agents autonomously uncover and validate exploits using runtime behaviors
- Techniques for minimize hallucinations
Last chance to join! 🎉
When I read the trace for this bug it reminded me of the almost identical finding by @artsploit in Datahub https://t.co/3cfstyopfC
XBOW found a new zero-day in Apache Druid. It wasn't just a lucky guess.
XBOW is trained to think like a human attacker, using historical CVE knowledge to find a novel SSRF (CVE-2025-27888). This is how AI-powered pentesting turns old knowledge into new findings.
Read the write-up: https://t.co/AsqA4OpziO
#Cybersecurity #InfoSec #Hacking #AI #ApacheDruid
200+ real vulns. 0 false positives.
XBOW agents ran autonomous exploits across Docker Hub webapps, and uncovered vulnerabilities traditional tools miss.
Systematic. Validated. No assumptions.
🗓️ This Thurs — @moyix + @pwntester lead a live breakdown
https://t.co/Wztoo32YGs
GitHub even offers a built in suite of CodeQL detections for Actions that @pwntester wrote that easily catch things like those. Yet we still see the most obvious misconfigurations with critical impact. Vibe coding actions will get you wrecked.
What a PR https://t.co/zdMt9Ilq4r by @NxDevTools
This one was written by AI and introduces a critical PR title injection that could allow anyone to steal their NPM token with a little privesc.
How is stuff like this still shipping?
@moyix Dutch saying: Tall trees catch a lot of wind.
Congrats, xbow is a tall tree :)
Back at summer hacker camp, it’s been a while! Will be at @Xbow booth (3257) all morning. Come say hi!
🚀 Excited to announce our partnership with @TrustVanta !
With XBOW’s autonomous penetration testing now in Vanta, startups can meet the highest security standards with speed and confidence—finding and validating real vulnerabilities in hours, not weeks.
Learn more: https://t.co/SIJMtlg2xY
Watch the preview: https://t.co/YFaOi6vfKA
The new episode of @ctbbpodcast is out! Huge thanks to @Rhynorater and @rez0__ for having me. I had a great time chatting with you about XBOW and HackerOne’s Ambassador World Cup. It was a blast! 🫶����
If you have some time today, check out @moyix highlights or @pwntester full blogpot on this amazing vulnerability and how it was exploited by XBOW.
See you all in BH/Defcon next week!
Last Seen Users on Sotwe
Türk Amatör Porno Video
Seen from Turkey
Phichai
Seen from Thailand
iyoy
Seen from Malaysia
Vikramtelugu
Seen from France
Diva Flawless
Seen from Netherlands
🇩🇿🇩🇿Algérie 🇩🇿🇩🇿
Seen from Algeria
Desi Mard
Seen from India
TOLLYWOOD ENTERTAINMENT 😍
Seen from India
brian
Seen from Singapore
cansuyu
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers