m0z

@LooseSecurity

The greatest trick the devil ever pulled, was convincing the world that cyber security existed.

Ireland

Joined December 2018

184Following

7KFollowers

Pinned

m0z@LooseSecurity · Jan 27

It's been a while since I last had a personal blog. Created a new one and we start off with a pretty cool chain. "Developing a Docker 1-Click RCE chain for fun" m0z.ie/research/2025-…

187

107

12.0K

m0z@LooseSecurity · Jul 14

150k lifetime bounties 1 million audit 😂

EEhsan@Ehsan1579 · Jul 13

A lot of people probably wonder what my company, Pantheon Labs, actually is and what the goal is. Basically, in a couple months, once I build more of a name in the cybersecurity space, we’ll be offering full audits to blockchain companies directly. Each audit will guarantee that…

1.0K

m0z@LooseSecurity · May 15

Finally arriving today, 32GB RAM, 2TB SSD and a RTX 5070. Can't wait for it to still struggle to handle all the CTF web docker containers. 😅

4.0K

m0z@LooseSecurity · May 12

Come and play with us 💪

AARESx@ARESxCTF · May 12

ARESx is actively recruiting for experienced CTF players! Join a DEFCON qualifying team in future competitions: shorturl.at/wI24S

706

m0z@LooseSecurity · Apr 8

It's a sad day for mankind.

IIntent To Ship@intenttoship · Apr 7

Blink: Intent to Deprecate and Remove: Remove auto-detection of ISO-2022-JP charset in HTML bit.ly/3FUL2Je

1.0K

m0z@LooseSecurity · Mar 4

Why does Python's webbrowser.open() method literally run arbitrary commands on Windows?? ("calc.exe") why?? 😅

662

m0z@LooseSecurity · Mar 1

I found a cool technique to make onblur fire without any user interaction. Open a window to the XSS payload and focus it: <bla tabindex=1 onblur=alert() autofocus> Then using the opener, redirect the window to hash of some element ID. This will unfocus and fire blur! 😀

3.0K

m0z@LooseSecurity · Dec 16

They're really clutching here. Big budget propaganda 😭bestreamwise.com/#risks

LooseSecurity's tweet card. BeStreamWise: When you use illegal streams, you risk letting criminals in.

690

m0z@LooseSecurity · Dec 9

Nicely done 😄

SSonar Research@Sonar_Research · Dec 9

🧵 [1/4] Here is our DOMPurify 3.2.1 bypass, using a namespace confusion technique where each element is initially in a “correct” namespace. When it was allowed, the ‘is’ attribute was not handled correctly, making the attribute content’s regex check obsolete. #mXSS #XSS

750

m0z@LooseSecurity · Nov 21

"If you want to make your parents proud you have to learn to exploit cloud"

626

m0z@LooseSecurity · Nov 13

Hope you guys enjoy my web challenge. 😏

T@ ·

365

m0z@LooseSecurity · Nov 6

Let's go! What an event 👀 Had a lot of fun and always a pleasure to play with such a talented team 😃

EENISA@enisa_eu · Nov 5

🏆It's a three-peat! Team Europe wins again the International Cybersecurity Challenge 2024 in Santiago, Chile 🇨🇱! Congratulations to all the players and coaches for their outstanding performance!👏 Find out more and get ready for ICC 2025: europa.eu/!x6tPFW

808

m0z@LooseSecurity · Sep 27

👏👏👏

RRick de Jager@rdjgr · Sep 26

Here's my quick and dirty PoC for the CUPS vulns. I wrote it after spotting the patches in the public CUPS repo. As always, expect CTF-quality code :D github.com/RickdeJager/cu…

548