Alvaro Muñoz

@pwntester

Security Researcher with . CPO (Chief Pwning Officer) at ;) CTF . Opinions here are mine!

Madrid  
Joined December 2008

Tweets

You blocked @pwntester

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @pwntester

  1. Retweeted
    May 7

    Looking for a bug hunting challenge? Then this Java CTF is for you! Hunt for a pre-auth RCE while also learning all about CodeQL's tracking features.

    Undo
  2. Retweeted
    May 6

    "Our goal is for every CVE in OSS that gets found that could be generalized, we create a CodeQL query that will cover that. Instead of manually fixing bugs one at a time, we can eradicate whole categories of vulnerabilities across software"

    Undo
  3. May 6

    Totally recommended if you want to learn to write bug-finding CodeQL queries! Also if you want to practice your EL injection skillz since payload is not straightforward! Looking forward for original submissions!

    Undo
  4. Retweeted
    May 6

    Looking for a vulnerability hunting challenge? Then this Java CTF challenge is for you! You will hone your bug finding skills to find a pre-auth RCE and also learn all about CodeQL's taint tracking features.

    Undo
  5. Retweeted
    May 6

    Code scanning, powered by CodeQL, helps protect your code from vulnerabilities you might otherwise miss.

    Show this thread
    Undo
  6. Retweeted
    May 2

    Esta mujer es neuróloga en el hospital 12 de octubre. Es digna de escuchar. Es la cruel realidad y aún lo niegan. 👇👇

    Show this thread
    Undo
  7. Retweeted
    Apr 30

    A Journey From JNDI/LDAP Manipulation to Remote Code Execution Dream Land, by

    Undo
  8. Retweeted
    Apr 30

    This photo compilation will be in the American History textbooks one day.

    Undo
  9. Apr 24

    v1.33 released with a ton of new features. Thanks to for the great PRs! You can see whats new here

    Undo
  10. Apr 24
    Undo
  11. Retweeted
    Apr 22

    Don’t miss out on presentation "InQL: GraphQL security testing made easy!" at the next GitHub Security Virtual Meetup (Thu, April 23, 2020 4PM PDT) The event is sold out! Don’t worry, the recording will be available.

    Undo
  12. Retweeted
    Apr 21

    Check out mo's last work, he fuzz Android's NFC stack and found 4 RCE (The 'R' stands for NFC distance). ()

    Undo
  13. Retweeted
    Apr 21

    Calling all bounty hunters: get rewarded for CodeQL queries that find multiple vulnerabilities or that identify vulnerability classes with high precision!

    Undo
  14. Retweeted
    Apr 20

    Dropwizard users have been urged to update after a previous patch failed to fully fix an RCE flaw in the Java framework – discovered by

    Undo
  15. Retweeted
    Apr 16

    GHSL-2020-053: Use After Free in Chrome WebAudio - CVE-2020-6450

    Undo
  16. Retweeted
    Apr 16

    GHSL-2020-040: Use After Free in Chrome WebAudio - CVE-2020-6449

    Undo
  17. Retweeted
    Apr 16

    GHSL-2020-041: Use After Free in Chrome WebAudio - CVE-2020-6451

    Undo
  18. Retweeted
    Apr 16

    GHSL-2020-035: Use after free in Chrome WebAudio - CVE-2020-6427

    Undo
  19. Retweeted
    Apr 16

    GHSL-2020-038: Use after free in Chrome WebAudio - CVE-2020-6429

    Undo
  20. Retweeted
    Apr 15

    GHSL-2020-030: Server-Side Template Injection in Dropwizard - - CVE-2020-5245 - CVE-2020-11002

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·