Sick.Codes

@sickcodes

Weaponizing source code 🧨 Vulnerabilities 🧬 Research 🧪 Maintaining open source ordnance 🚀 We ❤️ 0days 📑

https://sick.codes/pgp
github.com/sickcodes
Joined June 2020
803 Photos and videos Photos and videos

Tweets

You blocked @sickcodes

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @sickcodes

  1. Pinned Tweet
    14 Nov 2021

    Finally added the rest of the gang to Docker-OSX macOS VM's on Linux & Windows (WSL2 btw)! Full house of VM's for security research: - Monterey - Big Sur - Catalina - Mojave - High Sierra Discord Telegram

    15 replies 276 retweets 1,004 likes
    Show this thread
    Show this thread
    Undo
  2. Retweeted
    10 hours ago

    If you didn't know, if you say "in good faith" when you report a security issue to a company they legally can't accuse you of not acting in good faith. Follow for more keys to responsible disclosure success.

    4 replies 6 retweets 39 likes
    Undo
  3. 24 hours ago

    If that’s ready to market bug bounty, I don’t know what to say. Without any bounties? Threat of legal? Charity programs AND commanding out of scope smh... Is someone deliberately doing these programs lmao? Send this one back to the drawing board 🤦‍♂️

    1 reply 1 retweet 5 likes
    Undo
  4. Retweeted
    Mar 30

    A Java Springcore RCE 0day exploit has been leaked. It was leaked by a Chinese security researcher who, since sharing and/or leaking it, has deleted their Twitter account. We have not verified the exploit. tl;dr big if true Download the 0day POC here:

    33 replies 438 retweets 1,159 likes
    Undo
  5. Mar 30

    Is this a fair and accurate depiction of the lifecycle of a vulnerability or 0day?

    and
    1 reply 2 retweets 16 likes
    Undo
  6. Retweeted
    Mar 29

    So I've been a *mostly* happy customer, despite a few hiccups with their Cloud Key Gen 2+ model space heater. And a security breach. That I first found out about from . Against whom Ubiquiti has apparently just filed a lawsuit.

    134 replies 734 retweets 2,375 likes
    Show this thread
    Show this thread
    Undo
  7. Retweeted
    Mar 30

    Good bye H1. Your decision is completely wrong and I will NOT USE HACKERONE except withdrawing the bounties. I'm not volunteer for the Starbucks and I don't work without any payments.

    6 replies 6 retweets 77 likes
    Undo
  8. Retweeted
    Mar 30

    bug bounty platforms should set up a clear and standard policy to handle fix re-tests and bypass. It's obvious the bounty amount is rewarded for the security finding so any extra work such as fix confirmation and retesting must be paid for 1/5

    1 reply 4 retweets 36 likes
    Show this thread
    Show this thread
    Undo
  9. Retweeted
    Mar 29

    are back again 👀 they shared admin credentials to Globant 's confluence, jira and github

    4 replies 23 retweets 58 likes
    Undo
  10. Retweeted
    Mar 30

    I shall now refer to malicious software as "hurtful software" or "cruel software" exclusively.

    113 replies 351 retweets 2,509 likes
    Undo
  11. Retweeted
    Mar 30

    SCOOP: Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests

    29 replies 1,041 retweets 1,811 likes
    Show this thread
    Show this thread
    Undo
  12. Retweeted
    Mar 30

    SCOOP: Apple and Facebook provided user data in response to forged legal requests sent by hackers using compromised law enforcement email systems, according to three people familiar with the matter. Full story with much more details to follow.

    77 replies 3,296 retweets 10,374 likes
    Show this thread
    Show this thread
    Undo
  13. Retweeted
    Mar 29

    it is correct to refer to GNU/Linux as GNU/Linux

    18 replies 22 retweets 103 likes
    Undo
  14. Retweeted
    Mar 29

    Update your threat models

    22 replies 102 retweets 507 likes
    Undo
  15. Retweeted
    Mar 28

    My questions for Okta: You knew that the machine of one of your customer support members was compromised back in January. Why didn't you investigate it? Having the capability to detect an attack is useless if you aren't willing to respond. 7/N

    7 replies 39 retweets 293 likes
    Show this thread
    Show this thread
    Undo
  16. Retweeted
    Mar 29

    Im ready for the next run of Infosec starters care packages for 2 people in Australia. They include A new dell laptop, mouse and case Nostarch books pack Pentester labs access CV review and coaching support from me or someone better Know someone in need, connect me? Also RT?

    7 replies 46 retweets 64 likes
    Show this thread
    Show this thread
    Undo
  17. Mar 28

    Got an even better PoC now, just waiting on to patch on iOS

    1 reply 2 likes
    Show this thread
    Show this thread
    Undo
  18. Mar 28

    Results are in! SSO 15% AD 22% Both: 41% At least 78% think one or both of SSO and AD was a mistake 22% of delegates disagreed, or abstained

    Which of the following was a mistake?
    Show this thread
    2 likes
    Undo
  19. Retweeted
    Mar 28

    SunPhone

    108 replies 538 retweets 3,606 likes
    Undo
  20. Retweeted
    Mar 27
    Replying to

    > without all the Google stuff Not quite true. It isn't until you move to ungoogled-chromium (or similar) that the Google web service is removed

    1 reply 4 retweets 37 likes
    Undo
  21. Retweeted
    Mar 27

    This is the best logo. You cannot change my mind. Even Microsoft can't.

    19 replies 93 retweets 808 likes
    Show this thread
    Show this thread
    Undo

@sickcodes hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·