Mazin @xternl - Twitter Profile

xternl retweeted

29 days ago

PoCs for Apache Tomcat Unauth RCE (CVE-2026-34486) and Apache httpd Pre-auth RCE (CVE-2026-23918) are now public on our Github. Tomcat exploit is fully reliable. httpd chain works in a controlled lab setup with a known info leak. https://t.co/D3dg5iTuwP https://t.co/2zyr1ds4Mo

4

741

185

518

93K

xternl retweeted

ثامر الغالي

@alghali

about 2 months ago

🚀 هكذا سيتم نشر اقمار ستارلنك في الجو 😍 تستعد SpaceX لإطلاق الجيل الجديد من أقمارها الصناعية (Starlink V3) بالاعتماد على مركبة Starship العملاقة. 🛰️ أبرز القدرات التقنية للجيل الجديد: 🔻 سرعات تنزيل بيانات (Downlink) مرعبة تصل إلى 1 تيرابت في الثانية (1 Tbps). 🔺 سرعات رفع (Uplink) تصل إلى 160 جيجابت في الثانية. حجم حمولة Starship الضخم سيسمح بنشر أعداد كبيرة من هذه الأقمار دفعة واحدة، مما يسرّع بشكل هائل من بناء شبكة إنترنت عالمية فائقة السرعة وتتحمل نقل بيانات ضخمة. 🌍

10

79

10

32

19K

Mazin

@xternl

2 months ago

Tragic mistake... Anthropic leaks Claude’s source code https://t.co/PZONkfNhLE #ai

0

187

xternl retweeted

Mohammed Aldoub م.محمد الدوب

@Voulnet

2 months ago

نظام مايكروسوفت المتخلف يبلشك حتى وانت بنص الفضاء.

1

37

3

13

17K

Who to follow

زيد حمد العيسى

@SyFi2k

Cybersecurity https://t.co/Ca9T6aQD8F

Bambino0710

@Bambino0710

Lawyer, LL.M-Specialist in Cyberlaw, Cybersecurity and Digital Environment, E|NSA, C|EH, C|HFI, E|CSA/LPT. Security Analyst in CyberDefense and CyberSecurity.

Yidi Reiss

@YidiReiss

Mechanical engineering student who loves technology and aerospace #HotNozzleSummer

xternl retweeted

Polymarket

@Polymarket

2 months ago

JUST IN: Artemis II crew experiences issues with Microsoft Outlook on their way to the Moon, asks ground crew for assistance.

2K

32K

3K

21M

xternl retweeted

𝓢𝓪𝓫𝓻𝓲 @KINGSABRI

3 months ago

#التصوير_يخدم_العدو

0

2

1

0

539

xternl retweeted

Thomas Roccia 🤘

@fr0gger_

3 months ago

https://t.co/DDrdRSaLzn

37

1K

240

1K

224K

Mazin

@xternl

3 months ago

@buhaimedi ذكريات، كانت ايام جميله

0

31

Mazin

@xternl

3 months ago

0

1

0

40

xternl retweeted

Dr. Clown, PhD

@DrClownPhD

3 months ago

Did you know these Super Mario Bros. secrets!? 😲

49

1K

302

994

110K

Mazin

@xternl

3 months ago

@elkentaro 😂

0

10

xternl retweeted

المركز الوطني الإرشادي للأمن السيبراني

@SAUDICERT

4 months ago

🔴 تحذير أمني: بادر بإجراء التحديثات الأمنية على منتجات Lenovo. 🔗https://t.co/Bdi30GDDPV

0

6

4

2K

xternl retweeted

Jayson E. Street 💙 🤗💛 @jaysonstreet

5 months ago

I was recently laid off, so I’m officially open to new opportunities. If you need a Hacker, or a teachable moment using Red Team tactics. I can also be a trainer, community builder & liaison. I want more than a job I need a company & purpose I can believe in. Please share! 💜🤗💜

jaysonstreet's tweet photo. I was recently laid off, so I’m officially open to new opportunities. If you need a Hacker, or a teachable moment using Red Team tactics. I can also be a trainer, community builder & liaison.
I want more than a job I need a company & purpose I can believe in. Please share!
💜🤗💜 https://t.co/3ZkjsR3ru1

37

456

159

44

35K

xternl retweeted

pyn3rd

@pyn3rd

6 months ago

#CVE-2025-55182 #React2Shell Let me walk you through the technical path of the WAF bypass. When a request is sent as multipart/form-data, Next.js hands the raw body stream to Busboy. The bypass comes from Busboy’s charset logic: it cleanly accepts UTF‑16LE (and legacy UCS‑2) and forwards the decoded bytes straight into the RSC payload deserializer. charset=base64 is a dead route — that path hits base64Slice(), which encodes instead of decodes, corrupting the payload and killing the exploit chain. So the only viable encodings for smuggling malicious RSC payloads past WAF normalization are UTF‑16LE and UCS‑2. And if the WAF isn’t performing proper normalization on non‑UTF8 charsets, it will miss the payload entirely.

pyn3rd's tweet photo. #CVE-2025-55182 #React2Shell
Let me walk you through the technical path of the WAF bypass.
When a request is sent as multipart/form-data, Next.js hands the raw body stream to Busboy. The bypass comes from Busboy’s charset logic: it cleanly accepts UTF‑16LE (and legacy UCS‑2) and forwards the decoded bytes straight into the RSC payload deserializer.

charset=base64 is a dead route — that path hits base64Slice(), which encodes instead of decodes, corrupting the payload and killing the exploit chain.

So the only viable encodings for smuggling malicious RSC payloads past WAF normalization are UTF‑16LE and UCS‑2. And if the WAF isn’t performing proper normalization on non‑UTF8 charsets, it will miss the payload entirely.

16

559

123

358

70K

Mazin

@xternl

6 months ago

Syntax hacking: Researchers discover sentence structure can bypass AI safety rules https://t.co/xMJm5xnOvz

0

26

xternl retweeted

𝓢𝓪𝓫𝓻𝓲 @KINGSABRI

6 months ago

شباب الـ IDE الجديد من جوجل Google Antigravity لازم تجربه شخصيا من أول استخدام له نويت أنقله وأترك ال VSCode عيوبه إلى الأن ما ظهرتلي لكنه ثابت جدا وقريب جدا من VSCode

1

2

1

327

xternl retweeted

المركز الوطني الإرشادي للأمن السيبراني

@SAUDICERT

7 months ago

🔴 تحذير أمني: بادر بإجراء التحديثات الأمنية على منتجات Google. 🔗https://t.co/dpMVtv7EJw