1 week ago
0
0
0
0
Posts by Shielder
#KubeCon EU starts today and guess what? Our very own @suidpit.sh will be on stage with a panel about the @kubernetes.io Security Audit we performed during 2025 with the support of @ostifofficial.bsky.social!
ποΈ March 25 - 16:45 CET
π Hall 8 | Room F
1 week ago
3
5
1
1
Attending @1ns0mn1h4ck.bsky.social?
Meet @not4nhacker.bsky.social @luk3ros.bsky.social and Severus from our AppSec and Red teams!
They are eager to discuss about breaking complex authentication implementations and relaying all the things to DA!
2 weeks ago
4
4
0
0
Presenting our 2025 annual report! In our report, youβll see that OSTIF's story and mission are intertwined. OSTIF will continue to fight for open source infrastructure and the privacy rights of users for as many decades as youβll let us.
Our statement and report link: ostif.org/2025-annual-...
2 months ago
3
2
0
1
Love breaking things just to see how they work? ππ¨
βA @shielder.com delegation is on the ground at @fosdem.org, and we're looking for fellow hackers and security researchers.
βIf you are passionate about securing the Open Source world, we definitely need to talk!
2 months ago
3
3
0
1
Happy New Year, Hackers! π
Weβre looking forward to a 2026 full of crazy exploits, instant patches, and - most importantly - YOU, the amazing human beings behind the screens.
3 months ago
2
1
0
0
Bootloaders acting weird? π
If you are at #39c3, catch @shielder.com's own @thezero.org to geek out over bootloader oddities and low-level vulnerabilities.
3 months ago
0
1
0
0
Want to learn more about our approach into auditing complex libraries and writing cool exploits?
ποΈ: Dec 02
π: 20:00 CET
RSVP: luma.com/ostif-meetup...
4 months ago
2
3
0
1
Attending #theSAS25? Meet @paupu.bsky.social for his PAM pwnage talk!
It won't be recorded and it might *wink wink* contain a cool drop you don't want to miss π
5 months ago
1
3
0
0
ππΏ Hackers!
Are you a Red Teaming Wizard π§πΏ looking for a new challenge? @shielder.com is hiring a Red Teaming Lead to join our crew!
More info β¬οΈ (share appreciated) #hiring #redteaming
romhack.io/job-opportun...
7 months ago
2
3
0
0
Advertisement
In partnership with @aswf.io, OSTIF and @shielder.com worked on audits of MaterialX and OpenEXR. Our deepest gratitude for this opportunity to work with incredible maintainers and cool projects such as these- read about them at our blogs: ostif.org/materialx-au..., ostif.org/openexr-audi...
8 months ago
3
2
0
0
Blog post: shielder.com/blog/2025/07...
Reports: github.com/ShielderSec/...
8 months ago
0
0
0
0
π¨ New Open Source Audit Alert! π¨
Shielder, with @ostifofficial.bsky.social & ASWF audited OpenEXR and MaterialX:
π 11 issues found (1 critical, 3 still to be published)
βοΈ Most fixed, others planned
π£οΈ ndaprela @smaury.bsky.social @suidpit.bsky.social @thezero.org
Full details in the blog post β¬οΈπ§΅
8 months ago
4
4
1
1
Last week Apple released MacOS 13.4 which contains a fix for a vulnerability @suidpit.bsky.social exploited to escape the Sandbox.
Update now and stay tuned for the technical details!
Ref: support.apple.com/en-us/122373
11 months ago
9
5
0
0
In Lausanne for @1ns0mn1h4ck.bsky.social? Donβt miss the chance to meet our very own @not4nhacker.bsky.social! If you're into cursed OAuth hacking techniques or breaking mobile apps, find a comfy spot -- you might be there for a while!
1 year ago
7
5
0
0
Ship happens- and that's why security audits are an important part of security efforts. We facilitated work on #Karmada thanks to support from the @cncf.io and with auditing performed by @shielder.com. You can now sea the impact of an audit for yourself at ostif.org/karmada-audi...
1 year ago
3
3
0
0
π¨ New Open Source Audit Alert! π¨
Shielder, with @ostifofficial.bsky.social & @cncf.io, audited karmada-io:
π 6 issues found (1 high, 1 medium, 2 low, 2 info)
βοΈ Most fixed, others planned.
π£οΈ to @suidpit.bsky.social and @thezero.org
Full details in the blog post!
www.shielder.com/blog/2025/01...
1 year ago
6
5
0
2
Pizza box with a infosec illustration saying "Cooking delicious exploits since 2014"
Stickers, a kway, and a medal
Medal saying "10 years of cyber security, still can't fix your printer"
The best infosec swag in town.
@shielder.com
1 year ago
5
2
0
0
Attending #TheSASCon2024 in the beautiful BaliποΈ?
Make sure not to miss @suidpit.bsky.social's talk about his novel research on the macOS π sandbox and how to bypass it.
ποΈ Wednesday, October 23 - 15:10
1 year ago
1
1
0
0
For the weekend, we gift you with not one, but TWO ways to escalate `sudo iptables` (+ a couple other boring preconditions) into a r00t shell - read how @smaury.bsky.social and @suidpit.bsky.social managed to climb your friendly neighborhood π₯wall!
www.shielder.com/blog/2024/09...
1 year ago
3
1
0
1
Advertisement
Our very own @suidpit.bsky.social will present his novel #macOS research at #TheSAS2024 - if you want to learn more about the macOS sandbox and how to escape it make sure to be in Bali ποΈ from Oct 22 to Oct 25!
Learn more here: thesascon.com
1 year ago
1
1
0
0
During a recent engagement Mindless hacked his way through Vtiger CRM which led to discover a privilege escalation and a SQL injection.
Learn more in the dedicated advisories:
- CVE-2024-42994 #sqli www.shielder.com/advisories/v...
- CVE-2024-42995 #privesc www.shielder.com/advisories/v...
1 year ago
3
2
0
0
Back in December 2023 our researchers @thezero.org @suidpit.bsky.social and Mindless performed an audit sponsored by AWS and facilitated by OSTIF on boost.
It resulted in 7 findings and 15 new fuzzers.
The report is now public, check the details here: www.shielder.com/blog/2024/05...
1 year ago
2
2
0
0
In early 2023 we (@thezero.org & @smaury.bsky.social) collaborated with SecureDrop to start designing and prototyping the #E2EE messaging protocol for a future version of SecureDrop.
π blog post: securedrop.org/news/introdu...
π» poc code: github.com/freedomofpre...
1 year ago
5
3
0
0
Exciting news! We've just released a new blog post on mobile app security, where @suidpit.bsky.social and @thezero.org used their intent-fu to discover vulnerabilities (CVE-2024-26131, CVE-2024-26132) in Element, a @matrix.org client for Android. #writeup #CVE
www.shielder.com/blog/2024/04...
1 year ago
3
3
1
0
We recently partnered with the Open Source Technology Improvement Fund (OSTIF) to perform a security audit sponsored by AWS on Bref. The audit resulted in 5 findings promptly addresses by @mnapoli.bsky.social.
The report is now public, check the details here: www.shielder.com/blog/2024/03...
2 years ago
2
2
0
0
Advertisement
Hey hackers - attending #Nullcon? Pop to say hi and talk about AppSec and VR!
You can find @smaury.bsky.social @thezero.org @suidpit.bsky.social around ππΏ
2 years ago
2
1
0
0
During a recent Red Team Assessment @thezero.org and @smaury.bsky.social discovered a vulnerability in PostgreSQL's #PgAdmin which in the worst case allows unauthenticated attackers to run arbitrary server-side code.
Check out the #RCE advisory and patch now!
www.shielder.com/advisories/p...
2 years ago
5
3
0
0
Hey hackers! Are you attending @fosdem.bsky.social?
If you want to talk about open-source software and hardware security make sure to hit up @smaury.bsky.social and @thezero.org!
2 years ago
1
1
0
0