Moritz Sanft @stdoutput
security software engineer, ctf @fluxfingers @[email protected] msanft.foo Germany Joined March 2019-
Tweets1K
-
Followers1K
-
Following779
-
Likes4K
@ProgrammerDude @HSVSphere there are far easier ways to backdoor just about any package in nixpkgs unfortunately
0
0
0
31
0
View Details
@es3n1n realtired might be some good lingo
Moritz Sanft retweeted
A fun gadget I found recently! The .NET JIT compiler makes sure there are no rwx pages by using a memfd, but that turns file writes into straight shellcode execution 🐚
Shellcode execution as a service! To exploit an argument injection in Jellyfin, we searched and found a gadget in the .NET runtime to turn file writes into code execution. Learn about the bug and this new technique: sonarsource.com/blog/jellyfin-… #appsec #security #vulnerability
The video recording of our talk is live now: youtube.com/watch?v=xmhxPZ… The slides can be found here: docs.google.com/presentation/d… Enjoy!
SELECT shell FROM postgres: Digging up a 20-year-old bug for ZeroDay.Cloud by @pspaul95 and @stdoutput
@carste1n That one indeed is a gem. You’ve got good taste;)
@ifsecure Any chance you could share the slides? Thanks for the great talk!
Moritz Sanft retweeted
SELECT shell FROM postgres: Digging up a 20-year-old bug for ZeroDay.Cloud by @pspaul95 and @stdoutput
Moritz Sanft retweeted
We @wiz_io just launched zeroday.cloud - a community for vuln researchers, by vuln researchers. Feat. writeups for PostgreSQL and MariaDB RCEs (@xint_official, @pspaul95 & @stdoutput) Stay tuned for the bug tracker and upcoming events. Big things coming soon 👀
Our writeup of our ZeroDay.Cloud Postgres exploit is live. We think it's a pretty neat bug and the exploitation was really fun, so check it out!
The secret's out.🤫 Introducing THE ZERODAY.CLOUD COMMUNITY 👾 Inside: • 0-day vuln deep dives from @xint_official, @stdoutput, @pspaul95 & more... • Access to events & a network of world-class hackers • CTFs with prizes Join now :)
Trying to get some new folks onto the AI for security research Discord server: discord.gg/sVy9ahuEv Feel free to share with your peers in the field!🤖🐛
Moritz Sanft retweeted
Pwning PostgreSQL was quite fun, excited to share our research at OffensiveCon! offensivecon.org/speakers/2026/…
My colleague Paul (@katexochen) has done a great write-up of how a malicious host (e.g. cloud provider) can trivially compromise confidential VMs, and how we mitigated the attack at @EdgelessSystems. Read his blog post: lobste.rs/domains/katexo…
I‘m at @1ns0mn1h4ck today and tomorrow. Feel free to drop me a DM if anyone wants to meet :)
@cramforce Ah, thanks! I guess this mostly holds for cut-off JSON objects then. I think that /{"[a-zA-Z].*/ should pretty much always(?) map to "eyJ...". Some also map to "eyI", though, e.g. /{"\d+.*/
Luca @atmosole
10K Followers 663 Following Helped 15,000+ people to make money through software Building the No. 1 Amazon Arbitrage Suite @profitpathapp
michael @m_chael
17K Followers 2K Following
OOS @oos_n
682 Followers 119 Following @ScriptingTool | @Infinitysupply_ | @ratelimitrunner | @ScriptingMailS
sockjig @sockjig
25K Followers 3K Following I talk about sneakers here and on The Sockjig Sneaker Podcast. I also drop socks sometimes. Size 12. The game is the game.
krxsh0x @krxsh0x
4 Followers 108 Following
Peter @peter_clowncs
176 Followers 1K Following (wanna be) Security Researcher & Reverse Engineer ctf player @r3kapig
Aleksandre Khokhiashv... @skkhokho
351 Followers 748 Following Security @osec_io; Playing CTFs with @Water_Paddler (pwn/rev); Teaching OS and Security at Free University of Tbilisi;
Openflaw @Openflaw0
15 Followers 2K Following
V1km4n__ @V1km4n__
32 Followers 1K Following CTF|Software Developer|Linux|Python|Bash|Server Administrator|Network 🤖
Vikas Kathuria @kathuriavikas99
58 Followers 2K Following Wannabe Ninja, Djoker fan ▪︎ SWE by day ▪︎ Prev @zscaler, @IBM ▪︎ Alum @SCUEngineering, @NSUT_OFFICIAL
born0monday @born0monday
2 Followers 26 Following Independent VR with a background in engineering and red teaming. I take software apart and write up what I find.
mrd4hir @mrd4hir
4 Followers 164 Following
Ha @Ha84826416
96 Followers 5K Following
who3ver_momo @m01e_exp
150 Followers 1K Following
codecolorist@infosec.... @CodeColorist
6K Followers 1K Following
Indigo 〰 @indigo79x
107 Followers 2K Following Happiness at dawn, Apple VR at dusk. Take a walk outside your head.
i @The15thProphet
44 Followers 1K Following
bdcd @bdcdhm3z
6 Followers 379 Following
Jason Holt @offpol
322 Followers 2K Following baseball R&D @nationals / was: code hacker @washingtonpost
flux @0xfluxsec
4K Followers 1K Following Senior Security Research Engineer @elastic | Opinions are my own | Rust | Ex-Red Team | Security & Systems Dev | https://t.co/QIih2B7vya https://t.co/VC3xsm0Wvq
b33f | 🇺🇦✊ @FuzzySec
33K Followers 1K Following 意志 / mobile research @ ▓▓▓▓▓ / Team 501 / ex IBM Capability Lead & FireEye TORE / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
Jacob @jacobprezant
7 Followers 891 Following
slowcode @slowcode42
538 Followers 7K Following
𝗥𝗬𝗔𝗡 𝗦... @withzombies
3K Followers 1K Following "im not distilled! im not distilled!!", i continue to insist as i slowly shrink and transform into a prompt
@[email protected] @jiska___
836 Followers 2K Following Security rants&food. Public @naehrdine, working at @HPI_DE (ex @seemoolab). Opinions are someone's. Feel free to request to follow. @[email protected]
Michal Melewski @carste1n
4K Followers 348 Following Security Engineer @ Somewhere ex-Google, ex-Cloudflare I use bad software and bad machines for the wrong things. My writing: https://t.co/Z7uucr5BYW
Ivan Melnik @IMelnik88079
3 Followers 57 Following
Cristofaro Mune @pulsoid
2K Followers 786 Following In between Physics & Computing. Fault Injection, TEEs, IoT & anything else challenging my curiosity. Founder at Raelize (@raelizecom)
Alicia @minialicia22
88 Followers 2K Following
Lantuin @lantuin
204 Followers 386 Following Bass guitar player in the free time..... Learning never ends
Sawyer Gaffney @SaucySOFR
973 Followers 1K Following Banker turned jeweler | Co-Founder, Bouquet Okçu | Private Engagement Ring Atelier | Notes on business, craft & commitment.
daniel daniel @danidino641081
5K Followers 6K Following @FARMER,@AGROCULTUREMAN,@WORKINGCLASS,@SINGLETOMINGLE,#ETC #are u remmber evrythin`g but u forgot ur zip code?
𝗛𝗮𝘀𝗮�... @hasan_zmzm
615 Followers 5K Following 𝐈𝐧𝐟𝐨𝐒𝐞𝐜 || 𝐖𝐞𝐛𝟑 || 𝐁𝐮𝐠𝐁𝐨𝐮𝐧𝐭𝐲 || 𝐉𝐚𝐢𝐥𝐛𝐫𝐞𝐚𝐤 || 𝐇𝐮𝐦𝐚𝐧 𝐑𝐢𝐠𝐡𝐭𝐬
Klep @kleptonomic
0 Followers 1K Following
Jonas Lejon @jonasl
27K Followers 13K Following Cyber Security since 1998 ✌️ Also known as @kryptera - Chairman of the board at @ISOCSE
Luca @atmosole
10K Followers 663 Following Helped 15,000+ people to make money through software Building the No. 1 Amazon Arbitrage Suite @profitpathapp
Drerman @drermancooks
2K Followers 293 Following shoes & anything that sells - bulk buyer / Drerman#0001 / Drerman F&F
luke @bvvst
27K Followers 687 Following funware ... play https://t.co/iq5rpO15J9 ... send secure notes https://t.co/oHf6SzVPQ3
michael @m_chael
17K Followers 2K Following
Flare @FlareAIO
66K Followers 9 Following The Most Advanced Sneaker & Retail Software I We help personal shoppers & business owners level up their business. Purchase: https://t.co/NQ7H5mNH0M
sockjig @sockjig
25K Followers 3K Following I talk about sneakers here and on The Sockjig Sneaker Podcast. I also drop socks sometimes. Size 12. The game is the game.
King Dealo @Dealo_RU
12K Followers 384 Following
Peter @peter_clowncs
176 Followers 1K Following (wanna be) Security Researcher & Reverse Engineer ctf player @r3kapig
Joel Eriksson @OwariDa
8K Followers 4K Following Offensive security researcher and entrepreneur -Kernels, browsers and all that jazz- Also: - AI/ML/DL - AR/VR/XR - CTFs (pwn/re/crypto) + Cicada 3301, Boxen etc
Bruce Dang @brucedang
5K Followers 1K Following Sweeping the floor at https://t.co/CM8ErzxC5z (we are hiring). Previously at Microsoft/Veramine/Apple. author of Practical Reverse Engineering.
Brian Pak @brian_pak
4K Followers 204 Following ai + security + alpha CEO @theori_io / @xint_official → building the world's best AI hacker 9x DEF CON CTF winner CMU CS '11 | founded PPP & MMM
𝗥𝗬𝗔𝗡 𝗦... @withzombies
3K Followers 1K Following "im not distilled! im not distilled!!", i continue to insist as i slowly shrink and transform into a prompt
V4bel @v4bel
3K Followers 156 Following Independent Vuln. Researcher / Pwn2Own Berlin 2025, 2026 / Google kernelCTF 0-day / Pwnie Awards 2025
T. @trendytofu
984 Followers 664 Following something something Cyber, something something security something.
Cristofaro Mune @pulsoid
2K Followers 786 Following In between Physics & Computing. Fault Injection, TEEs, IoT & anything else challenging my curiosity. Founder at Raelize (@raelizecom)
skull @brutecat
9K Followers 380 Following hacker, security researcher. 21. i run a blog @ https://t.co/cBW6gzTpV2
REcon @reconmtl
18K Followers 708 Following REcon: Annual reverse engineering and security conference held in Montreal.
Pwnie Awards @PwnieAwards
12K Followers 24 Following An annual awards ceremony celebrating and making fun of the achievements and failures of security researchers and the wider security community.
Heather Adkins - Ꜻ ... @argvee
15K Followers 1K Following VP Security @Google, Co-Author "Building Secure and Reliable Systems" @r00t0wns, Medieval Historian
Thomas H. Ptacek @tqbf
35K Followers 618 Following Don't look at me sideways. Don't even look me straight on. bsky:@sockpuppet.org
Steve Weis @sweis
11K Followers 3K Following Software engineer at @anthropicai interested in cryptography, security, privacy, and machine learning.
The Consensus @theconsensusdev
1K Followers 15 Following on software infrastructure https://t.co/Ihlpr2wTYE
William Bowling @wcbowling
6K Followers 418 Following Head of Assurance at @zellic_io, a.k.a vakzz when doing bug bounties and CTFs with @pb_ctf - https://t.co/9bjECLAwXg
Filippo Roncari @f_roncari
2K Followers 621 Following Curious guy with a long-time passion for zero-days. CTO @prdgmshift. Prev: research director @■, co-founded @truel_it & more. Opinions are my own.
Karsten @gr4yf0x
997 Followers 980 Following @gr4yf0x.bsky.social @[email protected] aka K³; Physicist now mostly interested in security stuff
Nadim Kobeissi @kaepora
26K Followers 162 Following Applied cryptographer. Mainly working in the cryptography auditing industry, but sometimes venturing back into academia.
Jazzy @ret2jazzy
5K Followers 1K Following solving problems @zellic_io @v12sec and challenges @pb_ctf
Chris Lattner @clattner_llvm
94K Followers 146 Following Building beautiful things like Mojo🔥 and MAX @Modular, lifting the world of production AI/ML software into a new phase of innovation. We’re hiring! 🚀🧠
codecolorist@infosec.... @CodeColorist
6K Followers 1K Following
David Cramer @zeeg
33K Followers 755 Following fractional executive, full time founder @sentry https://t.co/quHCKoIxj2
Nick Frichette @Frichette_n
7K Followers 2K Following Staff Security Researcher @datadoghq | DEF CON/Black Hat main stage speaker | Created https://t.co/QGWMJjuBzE
Atum @Atuml1
337 Followers 122 Following Fundamental Security Lead at @XuanwuLab, views are my own| AI enthusiast,AI security expert | Co-founder of @r3kapig | Blackhat, DEFCON, CCS, S&P, EuroS&P, AAAI
stuxf @stuxfdev
484 Followers 205 Following co-founder and ceo @verialabs (yc f25) | hack things @smiley_ctf
Jenny Qu @GuanniQu
2K Followers 1K Following
sahuang @sahuang97
4K Followers 782 Following Founder @ProjectSekaiCTF | Web3 Security Researcher @osec_io | Ex Software Engineer @Microsoft | Chunithm/Maimai 虹レ
Harsh Jaiswal @rootxharsh
22K Followers 1K Following Building @hacktronai | researching at @httpvoid0x2f | auditing at @cure53berlin | prev @zomato @vimeo @pdiscoveryio
Oren Yomtov @orenyomtov
4K Followers 2K Following principal security researcher at @getkoidex, blockchain research lead @fireblockshq
Josselin Feist @Montyly
5K Followers 1K Following Working on blockchain security & program analysis. Ex @trailofbits. DM for security reviews
Gal Weizman @WeizmanGal
2K Followers 567 Following Security Researcher of Browsers, JavaScript, Web and AI • Created SnowJS (acquired by @metamask’s LavaMoat)
Jonathan Bar Or (JBO)... @yo_yo_yo_jbo
4K Followers 1K Following Hacker, security researcher at @Crowdstrike. Ex @Microsoft Defender. Linux, Windows, Android, MacOS, iOS, ChromeOS, bare metal. 日本語オーケーです👌
Dave Aitel @daveaitel
29K Followers 2K Following Cyber Security Researcher | Policy Analyst | Technical Team Member at OpenAI | @[email protected]
b33f | 🇺🇦✊ @FuzzySec
33K Followers 1K Following 意志 / mobile research @ ▓▓▓▓▓ / Team 501 / ex IBM Capability Lead & FireEye TORE / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
Major_Tom @MajorTomSec
3K Followers 387 Following Underground control to Major_Tom. Security ninja @Synacktiv CTF Player @SentryWhale
Mia @newbe3e
388 Followers 17 Following 🐝🏳️⚧️ semi professional computer toucher. more active on mastodon https://t.co/dmAVegJb6b
Nagli @galnagli
48K Followers 509 Following Hacker; Red Agent & Offensive AI at @wiz_io / @Google; $3,000,000 Bug Bounty Hunter and Live Hacking Events Winner.
AIfredo 0rtega @ortegaalfredo
9K Followers 1K Following Software Developer - Security researcher - Cybergaucho - @[email protected] AI-related: https://t.co/hhQltrgzKS https://t.co/ibyCcAp6zv
Simon Willison @simonw
194K Followers 6K Following Creator @datasetteproj, co-creator Django. PSF board. Hangs out with @natbat. He/Him. Mastodon: https://t.co/t0MrmnJW0K Bsky: https://t.co/OnWIyhX4CH
Trends for United States
You might like
Bvck
@bvckplug
1K Followers
Retired
@ReverseRaccoonz
656 Followers
kirby
@checkoutfail
145 Followers
💎🥶💙
@sxhxbxdev
1K Followers
ben10
@benfawkes2
185 Followers