SinSinology
@SinSinology
Followers
12,028
Following
570
Media
219
Statuses
1,956
Pwn2Own 20{22,23,24}, i look for 0-Days but i find N-Days & i chase oranges 🍊
Joined June 2018
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
TLP THE SECRET OF RING
• 919135 Tweets
凱旋門賞
• 132119 Tweets
Jets
• 99732 Tweets
Semih
• 68976 Tweets
Vikings
• 65038 Tweets
Rodgers
• 59776 Tweets
シンエンペラー
• 59522 Tweets
中嶋監督
• 48576 Tweets
Brighton
• 42117 Tweets
#الملك_سلمان_بن_عبدالعزيز
• 40954 Tweets
Penaltı
• 34425 Tweets
Hoca
• 31132 Tweets
Browns
• 29494 Tweets
Watson
• 27012 Tweets
ブルーストッキング
• 25862 Tweets
Panthers
• 25488 Tweets
#GSvALN
• 22591 Tweets
Mertens
• 22102 Tweets
Texans
• 21352 Tweets
Ange
• 16547 Tweets
Darnold
• 16019 Tweets
#GFKvBJK
• 14491 Tweets
Winston
• 13412 Tweets
Salih
• 12139 Tweets
Pinned Tweet
🔥Advanced .NET Exploitation December Edition is now available for registration, lets see some shellz 🔪🩸
Register at:
1
2
21
🙋♂️Ayo, I did a thing, check out the latest episode where we chat about approaching Pwn2Own targets, some advice and answer some .NET questions🔥
ctbbodcast thanks for having me (give them a sub people, they do cool shit)
7
22
1K
🔥You see, I've been trying hard to promote my training by dropping blogs, poc, teaching different countries/cons, following that idea this Sat I thought, what if, I dropped 3 exploits & 3 blogs on the same day? so after sleeping only 2 hours in the last 48h, they're ready😏🫳🎤
3
12
1K
🚨🚨🚨PoC DROP! As part of today's triple exploit drop 🔥, here is the link to 1/3 poc, Progress Whatsup gold Pre-Auth Remote Code Execution 🩸 using the GetFileWithoutZip Primitive 🪲 to achieve a write what where and then popping a she'll 🤷♂️
2
12
800
2
164
681
🕵️♂️Here is the Exploit for the second 🤞 pre-auth Remote Code Execution 🔥 targeting progress whatsup gold which exploits a dangerous .NET WCF Service over NetTcpBinding UnAuThenTicated 🤷♂️
1
15
503
🚨🚨🚨 PoC DROP!!! We at watchTowr have released our latest work 🔥 on exploiting MOVEit Transfer, ability to access all your SECRET files 🩸 only by having your username, this was a .NET Target 😏, So fuckin proud of the exploit chain WE crafted 🔥🤝 🔥
Progress just un-embargoed a very closely guarded auth bypass in MOVEit Transfer's SFTP mechanism - CVE-2024-5806.
We were lucky enough to receive a tip-off :-) Enjoy our analysis, we had a lot of fun.
7
84
184
4
12
520
🔥 I've just published the details of my latest progress pre-auth Remote Code Execution this is CVE-2024-4885
4
65
497
🚨🚨DO NOT PANIC! I'm publishing my detailed analysis of CVE-2024-29855 which targets Veeam Recovery Orchestrator Authentication 🩸, this has a score of CVSS 9 🪲, but IMHO its not as severe, however, I like the technical details of it, so here we go 🔥
2
46
393
🔥💀 Here is the "Real" writeup and exploit for the
pre-auth deserialization RCE I reported to Ivanti
CVE-2024-29847
Apparently, folks at horizon3 tried to write about my bug before me but they did it wrong
8
140
411
It took me almost the same amount of time ⏳️ as the actual RCE exploit 🩸 to make this rick roll PoC, worthed it 🔥🔥🔥
[ZDI-24-881|CVE-2024-29206] (Pwn2Own) Ubiquiti Networks EV Station setDebugPortEnabled Exposed Dangerous Method Remote Code Execution Vulnerability (CVSS 8.0; Credit: Sina Kheirkhah (
@SinSinology
) of Summoning Team (
@SummoningTeam
))
0
3
10
3
7
320
Here is the second blog post of today (2/3) ⚡️⚡️, I've just published the details of my other pre-auth Remote Code Execution 🔥 against progress this is CVE-2024-4883 🪲
1
32
298
🚨🚨🚨 PoC DROP! Full Details of the CVE-2024-4358 are out now!, a deserialization issue 🔥 chained with an authentication bypass 🪲 leading to pre-auth RCE🩸, This research would've not been possible without the help of my dear friend Soroush
@irsdl
💪
10
114
287
⚠️Here is the Exploit 🩸 for the Veeam Enterprise Manager Authentication Bypass CVE-2024-29849 🔥🔥🔥
6
75
252
🚨🚨🚨 (CVE-2024-4358) I've exploited a chain of bugs allowing Authentication Bypass 🔥 and eventually Remote Code Execution🩸targeting the famous Telerik Report Server, The PoC and the Writeup are being dropped very soon 🪲
7
50
249
After not sleeping for 2 days, I finally cooked the exploit, unauthenticated RCE against Veeam backup and Replication CVE-2024-40711, Imma go sleep now
Hot off the press from watchTowr Labs member
@SinSinology
, with a nice side of silent patching from Veeam 😉 details to come later (CVE-2024-40711 and friends..).
Special thanks to
@irsdl
for his help with this exploit!
0
14
71
6
31
237
#CSRF
One of the oldest and sometimes greatest
P.S: Dear chrome stop pushing new mitigations for Cookies let us BountyHunters work for a minute <3
@PwnFunction
@Burp_Suite
@Jhaddix
@zseano
@NahamSec
@ChromiumDev
#bugbounty
#bugbountytip
#Bugbountytips
#infosec
4
72
226
Nothing to be scared about folks, just another CVSS 9.8 0day disclosed 0days ago that's gonna get code execution in 0 seconds (3 seconds to be more accurate), no limitation, no authentication, no shit, just straight up remote code execution
#IvantiForLife
16
72
232
💀Here is my unauthenticated whatsup gold SQL injection to authentication bypass exploit
P.S: my Friday starts now
4
55
226
Oh my god, this is one of the best days in my life :D, finally, after 3 months (For God's sake Microsoft), it's finally here, I'm honored to say working with the MSRC team for over 3 years been my golden moments
Thank you, God <3
Thank you, MSRC <3
#bugbounty
#cybersecurity
15
27
211
🚨🚨🚨PoC DROP! Full Details 🔥 of the Veeam Enterprise Manager Authentication Bypass🩸CVE-2024-29849 is out now! 🪲
2
65
208
5
69
200
Attention ⚠️
We ain't playing here. This is 6 unauthenticated remote code executions that yield root access. Keep an eye for the patch I guess
2
35
183
🤷♂️Enjoying the blog posts so far? well this is the 3rd writeup for today ☠️, details of my privilege escalation ⏫against progress is out now, this is CVE-2024-5009 🔥
2
30
153
⚠️⚠️⚠️WARNING! Exploit Drop 🔥
@watchtowrcyber
does it again!💪 Here is the exploit🩸for the latest php-cgi RCE, shout out to
@orange_8361
🍊 for always surprising the world with his top notch research ⭐️
speak soon.
CVE-2024-4577, Argument Injection in PHP-CGI
8
188
923
1
37
160
⚠️Here is the Exploit Chain targeting Telerik Report Server CVE-2024-4358/CVE-2024-1800 that allows pre-authenticated Remote Code Execution 🩸 by chaining a deserialization 🪲 and an interesting authentication bypass 🔥🔥🔥
2
62
159
🔥 I've also finished the
#VMWare
vRealize Network Insight Metasploit module, right now it can be found on my repo until
@metasploit
reviews it. (Pre-Auth
#RCE
)
3
50
156
🧵For the past 10 days, I've been reversing a lot of c++ which thankfully led to multiple corruptions 🤌
dealing with lots of vtables and abstraction was interesting.
Below is a list of tools to help:
3
31
151
Aaaaaand that's a wrap ♾, here is the 3/3 exploit of today, a privilege escalation ⏫ targeting progress whatsup gold, this is CVE-2024-5009 🚨 don't forget, I teach things like this (and waaay more) in my Advanced .NET Exploitation Training 🔥🪲🔥
1
16
137
🔥 Here is my writeup about the Whatsup gold Unauthenticated SQL Injection which is exploitable by default, enjoy
P.S: my Friday starts now
0
37
147
0
28
135
Well, Don't you think its time for a good-old
#CRLF
?
@zseano
@NahamSec
@Jhaddix
@filedescriptor
@TomNomNom
@EdOverflow
1
34
116
This an awesome post, Looking for Remote Code Execution bugs in the Linux kernel by
@andreyknvl
0
40
119
@h0mbre_
Awww I appreciate it hombre you are too kind ^_^, to be fair zdi is always "super" kind and efficient with this and all of my other entries, as corny as it sounds, they are THE BEST 🏆 program "in my opinion" points or no points dupe or anythin, my 0days always gonna end up there
0
0
105
🔥Our Technical Analysis for Veeam Agent local privilege escalation has been published: CVE-2022-26503
Thanks to
@MDSecLabs
2
35
110
0
28
103
The G.O.A.T (
@orange_8361
) has popped the sonos one in matter of seconds 🍊
Lets gooooooo
@d3vc0r3
🔥
@thezdi
#Pwn2Own
1
9
102
A generic way to turn a file write into code execution leveraging a specific feature of
#Python
by
@Sonar_Research
0
16
96
🔥 I'm super excited to announce that my Advanced .NET Exploitation August edition now has 28 students registered 🤯 and to make sure everyone gets proper attention,i've added more hours without extra charge to make sure quality is not impacted, LFG 💪
Students check your email
1
5
92
I'm super happy🥳to announce my Advanced .NET Exploitation Training a 4 day training course on teaching you how to exploit advanced .NET enterprise targets 🔥, bypass mitigations, chain bugs🐞🪲 and pop shellz. more information can be found below
5
20
92
Unauth RCE, default installation, droppin very soon (very)
[ZDI-24-1185|CVE-2024-6670] Progress Software WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability (CVSS 9.8; Credit: Sina Kheirkhah (
@SinSinology
) of Summoning Team (
@SummoningTeam
))
0
4
17
5
3
91
I'm super pumped 🥳 to announce I've joined
@watchtowrcyber
, where we continue casting spells with my fellow wizards 🔥🩸
We’re thrilled to welcome our newest watchTowr Labs member,
@SinSinology
🚀
The mayhem will continue until the planet is hacked 🫡
0
4
32
18
5
90
🔥 Wow 28 people attended, and the room was packed! I had such a blast teaching my Advanced .NET Exploitation 🪲 at
@reconmtl
today, what engaging students, until next time...
9
4
87
⚠️⚠️⚠️PoC Drop! Here is my exploit 🔥 for the recent CVE-2024-29855 which targets 🎯 Veeam Recovery Orchestrator Authentication 🩸
0
32
83
Here is the
#exploit
that targets the "VMWare Aria Operations for Networks" which has CVSS 9.8 and targets all the versions from 6.0 to 6.10 (CVE-2023-34039) 🔥
I just wrote the exploit, but the discovery credit is for
@rootxharsh
and
@iamnoooob
👏
0
40
81
1
30
79
This was a fun project! It took me some time to find a memory leak primitive to get around the ASLR but I finally found one 😉
3
4
72
Here is my
#exploit
and blog post for the VMWare Aria Operations for Networks which has CVSS 9.8 and targets all the versions from 6.0 to 6.10 (CVE-2023-34039) Apparently VMware forgot to regenerate their SSH keys 🔐
2
26
69
Alex (
@alexjplaskett
) and McCaulay (
@_mccaulay
) captured in the wild droppin the coolest pwn2own talk 🔥🪲
1
4
67
It was awesome to catchup with friends, so much work went into making this competition. huge thank you to the folks at
@thezdi
, they put countless hours in order to make this happen, respect 🔥
1
3
63
Now we got the legend on stage, Chris
@mufinnnnnnn
just crushed the SOHO Smashup 🔥
He goes home with $100k
3
1
58
After many hours, It's out 🔥
Happy Monday! watchTowr Labs member
@SinSinology
deep dives into Veeam Backup & Response CVE-2024-40711 in our latest post 🚀
We hope you enjoy it!
(as always, where there's smoke - there is fire 😉 for next time..)
5
56
140
5
6
58
0
9
59
Wow
@Doyensec
, Bravo 👏 this
@maxenceschmitt
working with you is a clever beast 🔥, I enjoyed reading his whitepaper, checkout their work
1
6
57
🥳 Oh myyyyyyyyy god, if it isn't the one and only Master of Pwn Pedro
@pedrib1337
, it was awesome catching up with this ninja at
@reconmtl
🔥🔥🔥
0
0
56
I am Super happy 🥳 to announce that I'll be presenting my research about Ivanti vulnerabilities 🔥 in RomHack 2024
Lorenzo Cavallaro
@lcavallaro
➡️Trustworthy AI…for Systems Security
Sina Kheirkhah
@SinSinology
➡️unveiling the ivanti vulnerability: from discovery to exploitation
Alex Plaskett
@alexjplaskett
McCaulay Hudson
@_mccaulay
➡️revving up: the journey to pwn2own automotive 2024
⬇️
1
1
4
2
9
54
@evilsocket
What a fantastic writeup👏, I'm so sorry that you're dealing with so many twats but hey you've been around way more than most of us to say fuck em 🙋♂️
1
1
51
Wow, this writeup is soooooo well written 🔥, assetnote doesn't stop with its surprises
1
5
50
Ubiquiti is 💯 the only vendor that I have ever worked with that has one of the best security response team and highly skilled devs who make network equipments, etc. when ever I submit a report to them, their response time is in minutes ⚡️🔥
Go
@underlinux
and team 💪
Ubiquiti Friends, if you are running UniFi Connect or UniFi Access I recommend you to update. Please take a look on our Security Advisory bulletin 039 , thank you to
@Synacktiv
,
@SinSinology
and
@thezdi
for reporting this.
2
17
62
2
6
48
My precious pwn2own tokyo exploit is now public 🔥
[ZDI-24-1048|CVE-2024-23920] (0Day) (Pwn2Own) ChargePoint Home Flex onboardee Improper Access Control Remote Code Execution Vulnerability (CVSS 8.8; Credit: Sina Kheirkhah (
@SinSinology
) of Summoning Team (
@SummoningTeam
))
0
2
11
0
7
47
A beautiful collaboration with
@steventseeley
leading to Unauthenticated RCE as root, PATCH NOW 🚨
Also blog post coming soon 🔥
#vmware
CVE-2022-31678
1
7
45
0
10
46
Wow met the legendary
@smaury92
at RomHack, truly what an amazing guy, definitely one of the best italian hackers 🇮🇹
2
0
76
0day let's gooooo
[ZDI-24-446] (0Day) D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability (CVSS 8.8; Credit: Sina Kheirkhah (
@SinSinology
) of Summoning Team (
@SummoningTeam
))
0
2
12
0
4
44
I guess everyone already knows, but in case it might help someone, you can use IDACode by
@layle_ctf
to easily Run and debug your IDA scripts from VS Code
0
6
41
I'll be at 44con this year again🤞, teaching my Advanced .NET Exploitation 🔥
0
3
43
CVE-2018-0952: Privilege Escalation Vulnerability in Windows Standard Collector Service by
@Atredis
0
9
40
If you've missed NiNi Chen's (
@terrynini38514
) talk on destroying MikroTik at pwn2own 🪲🔥, watch it here...
1
7
42
🔥 progress dedicated their latest update to me
shout out to the talented security researchers at
@thezdi
for making this happen 🌟
0
0
42
I'm super happy to announce, the advanced .NET exploitation November edition has 19 students registered since its anouncement (1 more seat left) 🔥🔥🔥🔥🔥
1
4
41
0
7
41
An interesting read from
@MsftSecIntel
Don't forget about the IIS Raid PoC by
@0x09AL
, which I think was the first Native backdoor known to the public
1
11
38
