Eduardo Vela
@sirdarckcat
Followers
12,272
Following
590
Media
540
Statuses
7,085
not mad. mentally divergent. personal profile, opinions my own. everything I say is probably wrong. 🐘 @sirdarckcat @infosec .exchange
Zurich, Switzerland
Joined January 2008
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
taeil
• 1317634 Tweets
#湊あくあ卒業ライブ
• 873772 Tweets
Arlington
• 409529 Tweets
ホロライブ
• 214029 Tweets
伝説のアイドル
• 77366 Tweets
Marley
• 37096 Tweets
$NVDA
• 33260 Tweets
西鉄バス
• 31230 Tweets
OpenSea
• 27609 Tweets
あくたん6年間
• 26519 Tweets
ドーピング
• 23712 Tweets
カグラバチ
• 21421 Tweets
#العمق_فيصل_هدلان
• 15469 Tweets
月見パイ
• 14133 Tweets
Araceli Saucedo
• 13326 Tweets
Salzburg
• 12721 Tweets
朝倉未来
• 12458 Tweets
ふつうの軽音部
• 11757 Tweets
DONBELLE NEW PROJECT
• 11574 Tweets
SMCI
• 10694 Tweets
Muniain
• 10591 Tweets
We just opensourced the Google CTF challenges from last year!
2
292
622
Ever wondered what makes a CTF challenge good? I've asked myself that many times. I wrote this to help me answer that question based on discussions with others in the community
8
211
543
Put public key in. Get private key out.
2
87
330
Hey folks. You know, on
@GoogleVRP
we actually want to pay you xD. If we tell you something is not meeting the bar, it's a dupe or so, it's because we want to be consistent and fair. The rewards don't come out of our salaries, and we have no quotas to fill. Budget is not an issue
9
26
298
Anyone knows someone called Singh? They found an XSS, but we don't know who to pay for it! If this was you, respond to this tweet with the address you used to verify your identity!
42
72
283
Open source needs everyones help. Starting today Google will be issuing rewards to OSS contributors that help with vulnerability response. Even for bugs found by Google. Read more:
0
144
205
So... we'll give out 100k USD in Grants for Google Cloud vulnerability research and we'll pay the best report we get in 2019 another 100k
4
59
192
Calling all CTF Authors!
Do you love building CTF tasks? New competition to find the best CTF Tasks, both original (never seen before) and of the past year (Hall of Fame)
12
77
199
Pro tip: if you send an email with ${jndi:dns://foo.com} and you get a DNS callback to - consider that maybe (just maybe), the thing that did the DNS resolution is checking the domain for SPAM.
8
13
172
Anyone likes open redirects? If hostname is checked, but not the scheme you can use (note that the target url isn't sent to the server)
9
52
176
For those that might have missed it.
@Google
issues monetary payments to the top Google bug hunters, even when no vulnerabilities are found (and before research is started). You can apply for Google's Vulnerability Research Grants here:
10
110
169
I opensourced tamper chrome! sorry for my hacky code =)
4
103
153
Wow, just discovered this great writing resource :-). For those that do bug hunting, a well written report is 10x faster to triage than a poorly written one. If you feel you are often misunderstood and ignored, take a look! I just went through it now.
1
52
154
Looks surprisingly good :-) kinda wanna give a free copy to everyone!
19
18
150
For those that might need this, but didn't know, Google has been sponsoring CTFs this year (see ). 21 CTFs sponsored so far this year, we are aiming to sponsor 52 by EOY.
2
38
151
One of the best things about CTFs are unintended solutions 😁.
The Google CTF this year had a web task with an HTTP Desync, another one with a race condition, and a third one with a unexpected prototype pollution. IMHO, they were more interesting than the intended bugs!
5
21
148
Thanks for working with us
@LiveOverflow
:-). We are huge fans and hope we can do more of this in the future! 1/n
New video! I'm talking with the bug bounty hunter
@wtm_offensi
about a vulnerability he found in Google Cloud Shell.
And the funny part is, Google even sponsored the video :D
7
119
419
2
12
136
Google Cloud Privilege Escalation Cheat Sheet
1
53
147
Timing attacks against jQuery's selector. Stealing content on sites using user input into jQuery.query(...) By
@ArthurSaftnes
2
84
144
Very cool write-up for a Google bug with 7,500 USD reward - probably a few more like these hidden around!
2
65
137
2020
#BugBountyGoals
- Pay 6,000,613 USD in rewards
- Celebrate 10 year
@GoogleVRP
anniversary
- Meet more Bug Hunters!
5
8
131
Very cool video from
@LiveOverflow
about using XSSAuditor for an XS-Search attack - are you vulnerable? :-) -
1
35
119
One of the few unsolved tasks in
#GoogleCTF
was (mainly an excuse for me to play Beat Saber :-) but also revealed that PNaCl as an XSS vector is not very well known!
3
34
116
Check out the slides at ! :)
Thanks to
@a13xp0p0v
@Markak_
@fkaasan
@tehjh
@ky1ebot
@_tsuro
@_fel1x
@koczkatamas
@_MatteoRizzo
and others for their valuable feedback! =D
“Joy of Exploitation the Kernel”. Another excellent
#H2HC2022
talk, this time with
@sirdarckcat
. Great didactics.
1
2
32
3
35
110
I'm on rotation for
@GoogleVRP
this week. Please only send cool bugs that are easy to repro. Videos *with* music. And NO invalid reports. Thanks.
9
8
102
1. new version of so it's as cool as bug hunters deserve
2. new version of so it's more friendly to frequent bug hunters
3. Research Grants every week
4. Meet more bug hunters in person
5. Receive more bugs!
Not only hackers, programs also have Bug Bounty Goals for 2018. What is your goal for 2018?
0
1
22
3
28
105
Ever wanted to query the linux kernel for vulnerability release metadata and syzkaller crashes? here's how to do it with 's database. 1/6🧵
3
22
107
Another type of CSP nonce bypass. FF+Chrome. Works with traditional reflected XSS. Happy new year!
5
66
99
My favorite one was, a colleague found a uXSS in Internet Explorer, reported it, and Microsoft fixed it. Then overnight a significant portion of Google broke because, it turned out part of the behavior of the uXSS was used in a lot of JS apps
1
28
96
This is a cool list of Google Cloud products if you wanna go bug hunting.
1
24
94
Finally a CVE description that makes sense
CVE-2023-4613 [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]
13
82
314
1
9
93
Sharing some of our log4j research from last year 🙂
0
26
89
Hi!
I would like to release the new version of Tamper Chrome. It's a HTTP Request/Response interception tool.
It's very simple for now. If you have time, please help me test it to uncover embarrassing bugs!
Fixed the old bugs.
New version of Tamper Chrome under development. Looking for testers :)
Known Bugs:
- Deleting headers doesn't delete them
- You have to scroll to see new requests below
Missing Features:
- Response interception
- Repeating requests
4
10
59
0
42
87
Dear Bug Hunters:
While we appreciate you adding music to your videos (please always do that), if you don't choose a royalty-free song (), you'll add Ads to your video.
That said, I would rather watch a video with Ads than a video without music!
6
14
87
Reversing Zenbleed was super fun!
One of my favorite moments was when we confirmed that the speculation rollback of the FPU was the culprit because we had an experiment where you could see the *correct* value of ymm0 (with the upper bits zero as they are supposed to be) changing
New video is live on YouTube - Zenbleed (CVE-2023-20593). Is this the worst CPU bug?
4
32
180
0
14
90
How about we create a /hackers.txt that says whether something is in scope or not of a vulnerability reward program and where to report it?
12
29
83
I can't believe I survived to see this during my lifetime
Overcoming same-origin policy on same-site-but-cross-origins by setting `document.domain`, will be no longer possible from Chrome 106. Take action now ➡️ // Chrome will disable modifying `document.domain` to relax the same-origin policy
2
57
161
4
8
84
LoL
Most hilarious xss vector:
Write & publish a book with xss on the cover, then 0wn all the shopz!!
@thornmaker
@sirdarckcat
@garethheyes
9
336
992
5
23
84
Google CTF 2018! New this year: "Beginner Quest" for those just starting, there will be an unscored "quest" so everyone can have fun :-).
2
41
81
Google CTF () will feature challenges from
@gynvael
@robertswiecki
@molnar_g
@phib_
@_tsuro
Bleichenbacher and more!
6
40
73
3MUSD rewards! 125k in grants! 🤑🤑🤑🤑🤑🤑💸💸💸💸💸
1
31
70
Just released a CTF collaboration tool. Interested to hear feedback from CTF teams!
5
34
79
We will give 32 rewards to the best write-ups for GoogleCTF challenges. If you solved a challenge on the quals, submit a write-up before June 30! We have only received 25 so far, easy money!
2
28
69
Seems like Wouter found a privilege escalation in Cloud SQL. Unfortunately the only privilege he had was to chat with an SRE 😁
This is what it looks like when you get caught by Google SRE :)
@epereiralopez
and me finally dropped a shell in a, less significant than hoped, system. Suddenly a greetings.txt appeared :) Kudo's to the kind people of SRE!
#Google
#GoogleVRP
3
40
234
0
13
72
Another 31k-50k 🤩. Nicely done folks!
1
4
73
Someone will get $31k-$50k 🤑.
1
7
68
This year
#GoogleCTF
will be running on for the first time. kCTF is a
#Kubernetes
based infrastructure for CTFs.
Get ready for the 2021 Google CTF! Runs for 48 hours, starting Saturday, July 17, 00:01 UTC! Details:
3
229
649
3
18
64
Interesting tweet (and replies). But our team
@Google
has a lot of (seasoned) CTF players, but that's (maybe) just because our interview process optimizes for folks with CTF experience. We test a lot for tech/vuln/exploit knowledge+problem solving under pressure in several areas.
My unsolicited advice to young hackers: don’t get stuck for too long with CTFs, don’t be afraid to move to real-world stuff. It’s more fulfilling and interesting than you think.
Chances are that real-world challenges are even easier than CTFs (for some definitions of “easier”).
12
52
332
3
3
66
7
65
59
Write-up for Web Assembly Google CTF challenge -
http://45.55.68.215:2368/web-assembly-writeup/
2
40
64
The
#GoogleCTF
is open for pre-registration. - teams are first-come, first-served. Creating a team requires a Google account. Joining a team does not.
1
45
61
Google's Product Security Team (my broader team!) is hiring in Brazil! Here's the link for the Manager we want to hire there to start the team!
1
31
72
New version of Tamper Chrome under development. Looking for testers :)
Known Bugs:
- Deleting headers doesn't delete them
- You have to scroll to see new requests below
Missing Features:
- Response interception
- Repeating requests
4
10
59
Very cool Google vuln by Ramzes
0
52
58
just wanted to say, I'm very happy that the CSS attacks are getting so much publicity now a days! We lost a lot of cool tricks like these when died, but I hope a read only version will come back one day.
@RSnake
4
6
58
If you ever wanted to learn about Ethereum vulnerability research, take a look at the security audits from
@AugurProject
(they are launching a bug bounty program next week!)
1
26
58
Regarding the
#GoogleCTF
crypto-reality task: We are truly sorry it was so guessy! We didn't include the source code by accident, and when we noticed, some teams had already solved it, so we felt it wasn't fair to those teams to change the task. We'll be more careful next time 🙇
2
13
58
Wow...
@Facebook
Security (at the time of
@alexstamos
) exploited a vulnerability in a privacy tool (Tails) to unmask someone abusing their platform.
New: Facebook helped the FBI hack a child predator and sextortionist.
The social media giant paid a cybersecurity firm six figures to develop a zero-day exploit to help the FBI unmask a serial child predator that was using Facebook to terrorize girls.
24
247
506
3
9
59
I needed a new nickname, I like cats. BlackCat sounded too feminine, so I added Sir. Then I found Sir Francis Drake, and I wanted to make it similar so changed it to Sir Dark Cat. That said, I failed at spelling and wrote SirDarckCat instead. Noticed the typo years later.
5
1
54
Anyone up to a small challenge? Here is a 100 year old Mexican ciphertext. Apparently the Mexican president (Venustiano Carranza) used to communicate by telegram, and relied solely on the secrecy of his monosubstitution cipher.
3
18
54
Had a blast this past weekend at
@h2hconference
talking about the basics of CPU vulns and about my experience analyzing a couple vulns from
@taviso
- you can check my slides at (they are not just about Reptar though!) and PoCs:
1
19
71
Short blog post: Measuring web security mitigations 👨🏽🔬👩🏽🔬
1
39
55
Cool blind XSS testing tool. Allows users to automatically report XSS through security.txt and generates non-intrusive capture of the DOM.
Psst. this is still a work in progress, but has had a little upgrade.
Less intrusive capture - Capture DOM nodeName/className/id
Auto reporting through /.well-known/security.txt
Payload Generation - Not quite finished
Support for Webex Teams
3
27
76
1
12
52
also.. #!this is a valid javascript comment, wtf
import("data:text/javascript,%23!this is a comment, lol%0aalert(1)")
3
8
55
Tempted to make a public version of the training I did for my team about security@-response 😛. Not sure where I would present it, though.. It's more process/management focused more than technical. Any suggestions?
14
4
52
The bonus challenge of episode 3 of is fun! There's a discord channel for solving it here: (
#h4ck1ng
-g00gl3-ep003-bonus)
1
14
54
3
0
51