Log inSign up
Alvaro Muñoz
5,277 posts
user avatar
Alvaro Muñoz
@pwntester
Security Researcher with @XBOW. CTF #int3pids. Opinions here are mine! bluesky: pwntester.bsky.social
Madrid 🇪🇸
pwntester.com
Joined December 2008
511
Following
13.2K
Followers

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • user avatar
    Alvaro Muñoz
    @pwntester
    Dec 10, 2021
  • user avatar
    Alvaro Muñoz
    @pwntester
    Jun 13, 2018
    Finally my best 0 day was released yesterday ☺️
  • user avatar
    Alvaro Muñoz
    @pwntester
    Aug 11, 2019
    Whitepaper and slides for our .NET SAML bypass research is now available at @BlackHatEvents server: i.blackhat.com/USA-19/Wednesd… [WhitePaper] i.blackhat.com/USA-19/Wednesd… [Slides] github.com/pwntester/Dupe… [Burp Plugin]
  • user avatar
    Alvaro Muñoz
    @pwntester
    Jun 25, 2021
    When time permits I will write a blog post about how I found all these vulnerabilities using CodeQL as an audit oracle. Would you read it?
    This post is unavailable.
  • user avatar
    Alvaro Muñoz
    @pwntester
    Apr 21, 2019
    Two new tools using ysoserial.net and implementing the technique I presented last year for generating RCE viewstates (speakerdeck.com/pwntester/dot-…) were released today (1/2)👇🏼
    GitHub - pwntester/ysoserial: A proof-of-concept tool for generating payloads that exploit unsafe...
    From github.com
  • user avatar
    Alvaro Muñoz
    @pwntester
    Sep 23, 2017
    Releasing `ysoserial.net`, a deserialization payload generator for a variety of .NET serializers: github.com/pwntester/ysos…
    GitHub - pwntester/ysoserial: A proof-of-concept tool for generating payloads that exploit unsafe...
    From github.com
  • user avatar
    Alvaro Muñoz
    @pwntester
    Dec 16, 2021
    CVE-2021-45046 is vulnerable when attackers can control **non-message** parts of the pattern layout. Here are some examples 🧵
  • user avatar
    Alvaro Muñoz
    @pwntester
    Dec 10, 2021
    This Log4J RCE is HUUGE you should patch ASAP! if you want to understand more about the internals make sure to check our 2016 presentation (blackhat.com/docs/us-16/mat… and blackhat.com/docs/us-16/mat…) and @artsploit follow up research (veracode.com/blog/research/…)
  • user avatar
    Alvaro Muñoz
    @pwntester
    Feb 19, 2021
    #CodeQL was also used by @NASAJPL to find critical bugs on Curiosity mission 9 years ago and they were fixed remotely!
    user avatar
    Nat Friedman
    @natfriedman
    Feb 19, 2021
    Honored that @NASA is using GitHub, Actions, and CodeQL for the Mars drone flight software: github.com/nasa/fprime If anyone working on this needs GitHub support, please feel free to DM me directly!
  • user avatar
    Alvaro Muñoz
    @pwntester
    Dec 16, 2021
    🚨@_atorralba and I just managed to bypass the allowedLdapHost and allowedClasses checks. 2.15 with no formatMsgNoLookups mitigations is still vulnerable to RCE. 2.15.0 w/o those mitigations is vulnerable only if attackers can control non-message parts of the pattern layout🚨
  • user avatar
    Alvaro Muñoz
    @pwntester
    Dec 28, 2021
    Most Java apps working with databases have configuration files where you specify the JNDI address to fetch the JDBC datasource. Please do not start requesting CVEs for them 🙏🏼
  • user avatar
    Alvaro Muñoz
    @pwntester
    Mar 31, 2022
    #Spring4Shell details are now public, It is an old ClassLoader Manipulation. Actually, CVE-2022-22965 is just a bypass of the 12 years old CVE-2010-1622 (exchange.xforce.ibmcloud.com/vulnerabilitie…)
  • user avatar
    Alvaro Muñoz
    @pwntester
    Jan 27, 2023
    Had some fun with OGNL sandboxes last year. Read how I bypassed Atlassian Confluence and Struts ones in my latest blog post
    Bypassing OGNL sandboxes for fun and charities
    From github.blog
    40K
  • user avatar
    Alvaro Muñoz
    @pwntester
    Dec 10, 2021
    Wait waattt? Released 9 moths ago?! github.com/nice0e3/log4j_… #log4j