smaury
@smaury.bsky.social
Co-Founder @shielder.com
CTF Player jbz.team
Cliff Jumping Lover (23mt max so far)
CTF Player jbz.team
Cliff Jumping Lover (23mt max so far)
👋🏿 Hackers!
Are you a Red Teaming Wizard 🧙🏿 looking for a new challenge? @shielder.com is hiring a Red Teaming Lead to join our crew!
More info ⬇️ (share appreciated) #hiring #redteaming
romhack.io/job-opportun...
Are you a Red Teaming Wizard 🧙🏿 looking for a new challenge? @shielder.com is hiring a Red Teaming Lead to join our crew!
More info ⬇️ (share appreciated) #hiring #redteaming
romhack.io/job-opportun...
RomHack - Job opportunities
Check for RomHack sponsor's job opportunities
romhack.io
August 7, 2025 at 7:38 PM
👋🏿 Hackers!
Are you a Red Teaming Wizard 🧙🏿 looking for a new challenge? @shielder.com is hiring a Red Teaming Lead to join our crew!
More info ⬇️ (share appreciated) #hiring #redteaming
romhack.io/job-opportun...
Are you a Red Teaming Wizard 🧙🏿 looking for a new challenge? @shielder.com is hiring a Red Teaming Lead to join our crew!
More info ⬇️ (share appreciated) #hiring #redteaming
romhack.io/job-opportun...
Working with folks from @lucasfilm.bsky.social, @ilmvfx.bsky.social, and Apple to secure some of the OSS foundations the movie and entertainment industries rely on was so cool!
Big shout-out 📣 to the @ostifofficial.bsky.social and ASWF for making this possible.
Big shout-out 📣 to the @ostifofficial.bsky.social and ASWF for making this possible.
🚨 New Open Source Audit Alert! 🚨
Shielder, with @ostifofficial.bsky.social & ASWF audited OpenEXR and MaterialX:
🔍 11 issues found (1 critical, 3 still to be published)
✔️ Most fixed, others planned
🗣️ ndaprela @smaury.bsky.social @suidpit.bsky.social @thezero.org
Full details in the blog post ⬇️🧵
Shielder, with @ostifofficial.bsky.social & ASWF audited OpenEXR and MaterialX:
🔍 11 issues found (1 critical, 3 still to be published)
✔️ Most fixed, others planned
🗣️ ndaprela @smaury.bsky.social @suidpit.bsky.social @thezero.org
Full details in the blog post ⬇️🧵
July 31, 2025 at 3:23 PM
Working with folks from @lucasfilm.bsky.social, @ilmvfx.bsky.social, and Apple to secure some of the OSS foundations the movie and entertainment industries rely on was so cool!
Big shout-out 📣 to the @ostifofficial.bsky.social and ASWF for making this possible.
Big shout-out 📣 to the @ostifofficial.bsky.social and ASWF for making this possible.
Reposted by smaury
The TumpiCon experience will start tomorrow!
Can't wait to meet y'all in Pinerolo 🏞️
Schedule is out: tumpicon.org
Can't wait to meet y'all in Pinerolo 🏞️
Schedule is out: tumpicon.org
June 25, 2025 at 8:23 PM
The TumpiCon experience will start tomorrow!
Can't wait to meet y'all in Pinerolo 🏞️
Schedule is out: tumpicon.org
Can't wait to meet y'all in Pinerolo 🏞️
Schedule is out: tumpicon.org
Woah - thanks Nestlè and @intigriti.com!
May 23, 2025 at 9:34 AM
Woah - thanks Nestlè and @intigriti.com!
It's so cool working with the GoogleVRP team - folks over there are amazing.
I love the concept of "you report something, then we work together with you to escalate it as much as possible".
High bounties are also a nice addendum :)
#BugBounty #bugbountytips
I love the concept of "you report something, then we work together with you to escalate it as much as possible".
High bounties are also a nice addendum :)
#BugBounty #bugbountytips
May 20, 2025 at 6:53 PM
It's so cool working with the GoogleVRP team - folks over there are amazing.
I love the concept of "you report something, then we work together with you to escalate it as much as possible".
High bounties are also a nice addendum :)
#BugBounty #bugbountytips
I love the concept of "you report something, then we work together with you to escalate it as much as possible".
High bounties are also a nice addendum :)
#BugBounty #bugbountytips
Romhack is coming up and the CfP is still open!
Got novel research you’d love to present in front of an eager audience, with the stunning Roman landscape as your backdrop, and on the same stage where @jameskettle.com will deliver the keynote?
Submit now!
cfp.romhack.io/romhack-2025/
Got novel research you’d love to present in front of an eager audience, with the stunning Roman landscape as your backdrop, and on the same stage where @jameskettle.com will deliver the keynote?
Submit now!
cfp.romhack.io/romhack-2025/
RomHack Conference 2025
Schedule, talks and talk submissions for RomHack Conference 2025
cfp.romhack.io
April 27, 2025 at 6:35 AM
Romhack is coming up and the CfP is still open!
Got novel research you’d love to present in front of an eager audience, with the stunning Roman landscape as your backdrop, and on the same stage where @jameskettle.com will deliver the keynote?
Submit now!
cfp.romhack.io/romhack-2025/
Got novel research you’d love to present in front of an eager audience, with the stunning Roman landscape as your backdrop, and on the same stage where @jameskettle.com will deliver the keynote?
Submit now!
cfp.romhack.io/romhack-2025/
Reposted by smaury
We are so excited to announce the publication of our audit of PHP core! This work was made possible through a collaboration between OSTIF, @thephpf.bsky.social, and @quarkslab.bsky.social with funding provided by @sovereign.tech. For the report and further links, check out ostif.org/php-audit-co...
April 10, 2025 at 7:12 PM
We are so excited to announce the publication of our audit of PHP core! This work was made possible through a collaboration between OSTIF, @thephpf.bsky.social, and @quarkslab.bsky.social with funding provided by @sovereign.tech. For the report and further links, check out ostif.org/php-audit-co...
Is there a way I can wipe this from my brain?
Jim Carrey any recommendations?
mobapc.it/prodotto/sha...
Jim Carrey any recommendations?
mobapc.it/prodotto/sha...
April 10, 2025 at 6:47 AM
Is there a way I can wipe this from my brain?
Jim Carrey any recommendations?
mobapc.it/prodotto/sha...
Jim Carrey any recommendations?
mobapc.it/prodotto/sha...
Reposted by smaury
Just published some talks on tumpicon.org
Wanna join us? Follow the trail 🥾
Wanna join us? Follow the trail 🥾
The second edition of TumpiCon is here!
📅 June 27-28, 2025
📍 Somewhere near Turin, Italy
🔒 Invite-only
No flashy stages. No fluff. Just raw, technical, and unfiltered hacking.
More details? If you know, you know.
Follow the trail: tumpicon.org
📅 June 27-28, 2025
📍 Somewhere near Turin, Italy
🔒 Invite-only
No flashy stages. No fluff. Just raw, technical, and unfiltered hacking.
More details? If you know, you know.
Follow the trail: tumpicon.org
April 9, 2025 at 9:35 AM
Just published some talks on tumpicon.org
Wanna join us? Follow the trail 🥾
Wanna join us? Follow the trail 🥾
Reposted by smaury
Last week Apple released MacOS 13.4 which contains a fix for a vulnerability @suidpit.bsky.social exploited to escape the Sandbox.
Update now and stay tuned for the technical details!
Ref: support.apple.com/en-us/122373
Update now and stay tuned for the technical details!
Ref: support.apple.com/en-us/122373
April 7, 2025 at 8:58 AM
Last week Apple released MacOS 13.4 which contains a fix for a vulnerability @suidpit.bsky.social exploited to escape the Sandbox.
Update now and stay tuned for the technical details!
Ref: support.apple.com/en-us/122373
Update now and stay tuned for the technical details!
Ref: support.apple.com/en-us/122373
Woah -- more Google Chrome VRP swag in my mailbox today!
Wondering how to get some yourself? Find vulnerabilities in Chrome!
More info here: bughunters.google.com/about/rules/...
Wondering how to get some yourself? Find vulnerabilities in Chrome!
More info here: bughunters.google.com/about/rules/...
April 3, 2025 at 12:20 PM
Woah -- more Google Chrome VRP swag in my mailbox today!
Wondering how to get some yourself? Find vulnerabilities in Chrome!
More info here: bughunters.google.com/about/rules/...
Wondering how to get some yourself? Find vulnerabilities in Chrome!
More info here: bughunters.google.com/about/rules/...
One of my old Google VRP reports just went public -- check it out if you want to see an example of CEF exploitation.
bughunters.google.com/reports/vrp/...
bughunters.google.com/reports/vrp/...
CEF Debugger Enabled in Google Web Designer | Google Bug Hunters
Found a security vulnerability? Discover our forms for reporting security issues to Google: for the standard VRP, Google Play, and Play Data Abuse.
bughunters.google.com
March 18, 2025 at 1:02 PM
One of my old Google VRP reports just went public -- check it out if you want to see an example of CEF exploitation.
bughunters.google.com/reports/vrp/...
bughunters.google.com/reports/vrp/...
Reposted by smaury
Our next meetup is a presentation from our friends at X41 D-Sec GmbH. Join us next Wednesday, March 26th, at 14:00 CDT for a presentation and discussion with Markus Vervier and Eric Sesterhenn on their audit of @mullvad.bsky.social. We can't wait for this one! RSVP at lu.ma/wreregye
Security Code Audit of Mullvad VPN · Zoom · Luma
Join us for a presentation and meetup with Markus Vervier and Eric Sesterhenn of X41 D-Sec GmbH around their company's audit of Mullvad VPN.
Markus Vervier is…
lu.ma
March 17, 2025 at 7:50 PM
Our next meetup is a presentation from our friends at X41 D-Sec GmbH. Join us next Wednesday, March 26th, at 14:00 CDT for a presentation and discussion with Markus Vervier and Eric Sesterhenn on their audit of @mullvad.bsky.social. We can't wait for this one! RSVP at lu.ma/wreregye
Reposted by smaury
We recently analyzed the latest Cellebrite device support matrix published in February 2025.
The reality is worrisome. It can be used to unlock most of the mobile devices we use every day.
Read our report:
(ENG) osservatorionessuno.org/blog/2025/03...
(ITA) osservatorionessuno.org/it/blog/2025...
The reality is worrisome. It can be used to unlock most of the mobile devices we use every day.
Read our report:
(ENG) osservatorionessuno.org/blog/2025/03...
(ITA) osservatorionessuno.org/it/blog/2025...
A deep dive into Cellebrite: Android support as of February 2025
A deep dive into Cellebrite: Android support as of February 2025
osservatorionessuno.org
March 17, 2025 at 10:35 AM
We recently analyzed the latest Cellebrite device support matrix published in February 2025.
The reality is worrisome. It can be used to unlock most of the mobile devices we use every day.
Read our report:
(ENG) osservatorionessuno.org/blog/2025/03...
(ITA) osservatorionessuno.org/it/blog/2025...
The reality is worrisome. It can be used to unlock most of the mobile devices we use every day.
Read our report:
(ENG) osservatorionessuno.org/blog/2025/03...
(ITA) osservatorionessuno.org/it/blog/2025...
Swag day -- thanks ChromeVRP and @amyre.bsky.social
March 13, 2025 at 11:11 AM
Swag day -- thanks ChromeVRP and @amyre.bsky.social
Reposted by smaury
In Lausanne for @1ns0mn1h4ck.bsky.social? Don’t miss the chance to meet our very own @not4nhacker.bsky.social! If you're into cursed OAuth hacking techniques or breaking mobile apps, find a comfy spot -- you might be there for a while!
March 13, 2025 at 9:43 AM
In Lausanne for @1ns0mn1h4ck.bsky.social? Don’t miss the chance to meet our very own @not4nhacker.bsky.social! If you're into cursed OAuth hacking techniques or breaking mobile apps, find a comfy spot -- you might be there for a while!
Reposted by smaury
Hey hackers!
We’ve started sending out the first invites — check your inbox! 👀
Didn’t get one? Take the fast track and submit a talk!
We’ve started sending out the first invites — check your inbox! 👀
Didn’t get one? Take the fast track and submit a talk!
February 6, 2025 at 11:32 AM
Hey hackers!
We’ve started sending out the first invites — check your inbox! 👀
Didn’t get one? Take the fast track and submit a talk!
We’ve started sending out the first invites — check your inbox! 👀
Didn’t get one? Take the fast track and submit a talk!
🗣️
Hey hackers!
We’ve started sending out the first invites — check your inbox! 👀
Didn’t get one? Take the fast track and submit a talk!
We’ve started sending out the first invites — check your inbox! 👀
Didn’t get one? Take the fast track and submit a talk!
February 6, 2025 at 11:36 AM
🗣️
On my way to @fosdem.bsky.social!
If you are into securing open source code then we should definitely have a chat -- looking forward to meeting y'all!
If you are into securing open source code then we should definitely have a chat -- looking forward to meeting y'all!
February 1, 2025 at 3:08 AM
On my way to @fosdem.bsky.social!
If you are into securing open source code then we should definitely have a chat -- looking forward to meeting y'all!
If you are into securing open source code then we should definitely have a chat -- looking forward to meeting y'all!
Reposted by smaury
Discover blocklist bypasses via unicode overflows using the latest updates to ActiveScan++, Hackvertor & Shazzer! Thanks to Ryan Barnett and Neh Patel for sharing this technique.
portswigger.net/research/byp...
portswigger.net/research/byp...
January 28, 2025 at 2:01 PM
Discover blocklist bypasses via unicode overflows using the latest updates to ActiveScan++, Hackvertor & Shazzer! Thanks to Ryan Barnett and Neh Patel for sharing this technique.
portswigger.net/research/byp...
portswigger.net/research/byp...
Reposted by smaury
🚨 New Open Source Audit Alert! 🚨
Shielder, with @ostifofficial.bsky.social & @cncf.io, audited karmada-io:
🔍 6 issues found (1 high, 1 medium, 2 low, 2 info)
✔️ Most fixed, others planned.
🗣️ to @suidpit.bsky.social and @thezero.org
Full details in the blog post!
www.shielder.com/blog/2025/01...
Shielder, with @ostifofficial.bsky.social & @cncf.io, audited karmada-io:
🔍 6 issues found (1 high, 1 medium, 2 low, 2 info)
✔️ Most fixed, others planned.
🗣️ to @suidpit.bsky.social and @thezero.org
Full details in the blog post!
www.shielder.com/blog/2025/01...
Shielder - Karmada Security Audit
Karmada Security Audit, sponsored by the CNCF (Cloud Native Computing Foundation), facilitated by Open Source Technology Improvement Fund (OSTIF) and performed by Shielder.
www.shielder.com
January 16, 2025 at 4:01 PM
🚨 New Open Source Audit Alert! 🚨
Shielder, with @ostifofficial.bsky.social & @cncf.io, audited karmada-io:
🔍 6 issues found (1 high, 1 medium, 2 low, 2 info)
✔️ Most fixed, others planned.
🗣️ to @suidpit.bsky.social and @thezero.org
Full details in the blog post!
www.shielder.com/blog/2025/01...
Shielder, with @ostifofficial.bsky.social & @cncf.io, audited karmada-io:
🔍 6 issues found (1 high, 1 medium, 2 low, 2 info)
✔️ Most fixed, others planned.
🗣️ to @suidpit.bsky.social and @thezero.org
Full details in the blog post!
www.shielder.com/blog/2025/01...
Love when we can publish the results of our effort!
🚨 New Open Source Audit Alert! 🚨
Shielder, with @ostifofficial.bsky.social & @cncf.io, audited karmada-io:
🔍 6 issues found (1 high, 1 medium, 2 low, 2 info)
✔️ Most fixed, others planned.
🗣️ to @suidpit.bsky.social and @thezero.org
Full details in the blog post!
www.shielder.com/blog/2025/01...
Shielder, with @ostifofficial.bsky.social & @cncf.io, audited karmada-io:
🔍 6 issues found (1 high, 1 medium, 2 low, 2 info)
✔️ Most fixed, others planned.
🗣️ to @suidpit.bsky.social and @thezero.org
Full details in the blog post!
www.shielder.com/blog/2025/01...
Shielder - Karmada Security Audit
Karmada Security Audit, sponsored by the CNCF (Cloud Native Computing Foundation), facilitated by Open Source Technology Improvement Fund (OSTIF) and performed by Shielder.
www.shielder.com
January 16, 2025 at 4:33 PM
Love when we can publish the results of our effort!
Reposted by smaury
The second edition of TumpiCon is here!
📅 June 27-28, 2025
📍 Somewhere near Turin, Italy
🔒 Invite-only
No flashy stages. No fluff. Just raw, technical, and unfiltered hacking.
More details? If you know, you know.
Follow the trail: tumpicon.org
📅 June 27-28, 2025
📍 Somewhere near Turin, Italy
🔒 Invite-only
No flashy stages. No fluff. Just raw, technical, and unfiltered hacking.
More details? If you know, you know.
Follow the trail: tumpicon.org
January 12, 2025 at 11:52 AM
The second edition of TumpiCon is here!
📅 June 27-28, 2025
📍 Somewhere near Turin, Italy
🔒 Invite-only
No flashy stages. No fluff. Just raw, technical, and unfiltered hacking.
More details? If you know, you know.
Follow the trail: tumpicon.org
📅 June 27-28, 2025
📍 Somewhere near Turin, Italy
🔒 Invite-only
No flashy stages. No fluff. Just raw, technical, and unfiltered hacking.
More details? If you know, you know.
Follow the trail: tumpicon.org
Looking for a chill, invite-only, and uncensored conference?
Then you are in the right place :)
Then you are in the right place :)
The second edition of TumpiCon is here!
📅 June 27-28, 2025
📍 Somewhere near Turin, Italy
🔒 Invite-only
No flashy stages. No fluff. Just raw, technical, and unfiltered hacking.
More details? If you know, you know.
Follow the trail: tumpicon.org
📅 June 27-28, 2025
📍 Somewhere near Turin, Italy
🔒 Invite-only
No flashy stages. No fluff. Just raw, technical, and unfiltered hacking.
More details? If you know, you know.
Follow the trail: tumpicon.org
January 12, 2025 at 11:55 AM
Looking for a chill, invite-only, and uncensored conference?
Then you are in the right place :)
Then you are in the right place :)