Alvaro Muñoz
@pwntester.bsky.social
Security Researcher with @GHSecurityLab. CTF #int3pids. Opinions here are mine!
Reposted by Alvaro Muñoz
It has been great fun building this and watching it deliver a steady stream of real vulnerabilities in live sites! If you're curious how we did it, @nicowaisman.bsky.social has a new post: xbow.com/blog/top-1-h...
June 24, 2025 at 8:01 PM
It has been great fun building this and watching it deliver a steady stream of real vulnerabilities in live sites! If you're curious how we did it, @nicowaisman.bsky.social has a new post: xbow.com/blog/top-1-h...
Reposted by Alvaro Muñoz
This is the first of a series of posts we're doing on some of the vulns found as part of the HackerOne work – we have lots more fun ones coming up about some great SSRF, SQLi, and RCE vulns it discovered, with very clever exploit techniques :)
Real security is POC || GTFO – and XBOW agrees.
We’re releasing technical deep-dives on cool findings from our journey to the top of the HackerOne US leaderboard.
The first is a zero-day XSS in Palo Alto Networks GlobalProtect by @pwntester.bsky.social.
xbow.com/blog/xbow-gl...
We’re releasing technical deep-dives on cool findings from our journey to the top of the HackerOne US leaderboard.
The first is a zero-day XSS in Palo Alto Networks GlobalProtect by @pwntester.bsky.social.
xbow.com/blog/xbow-gl...
XBOW – Breaking the Shield: How XBOW Discovered Multiple XSS Vulnerabilities in Palo Alto’s GlobalProtect VPN
XBOW discovered multiple cross-site scripting (XSS) vulnerabilities in Palo Alto Networks’ GlobalProtect VPN web application
xbow.com
June 24, 2025 at 8:07 PM
This is the first of a series of posts we're doing on some of the vulns found as part of the HackerOne work – we have lots more fun ones coming up about some great SSRF, SQLi, and RCE vulns it discovered, with very clever exploit techniques :)
For the last 6 months I’ve been helping an incredible team to build
@xbow.com
and there was not a single day without being amazed by XBOW findings and reasoning. It even got to the top of
@hacker0x01.bsky.social
US leaderboard 🤯Stay tuned for blog posts and detailed traces!
@xbow.com
and there was not a single day without being amazed by XBOW findings and reasoning. It even got to the top of
@hacker0x01.bsky.social
US leaderboard 🤯Stay tuned for blog posts and detailed traces!
XBOW – Breaking the Shield: How XBOW Discovered Multiple XSS Vulnerabilities in Palo Alto’s GlobalProtect VPN
XBOW discovered multiple cross-site scripting (XSS) vulnerabilities in Palo Alto Networks’ GlobalProtect VPN web application
xbow.com
June 24, 2025 at 9:37 PM
For the last 6 months I’ve been helping an incredible team to build
@xbow.com
and there was not a single day without being amazed by XBOW findings and reasoning. It even got to the top of
@hacker0x01.bsky.social
US leaderboard 🤯Stay tuned for blog posts and detailed traces!
@xbow.com
and there was not a single day without being amazed by XBOW findings and reasoning. It even got to the top of
@hacker0x01.bsky.social
US leaderboard 🤯Stay tuned for blog posts and detailed traces!
December was my last month at GitHub, and after a refreshing Xmas break, I’m thrilled to announce that I’ll be starting a new adventure at @xbow! 🚀 Grateful for all the memories and experiences at GitHub, and can’t wait to help shaping the future of security testing!
January 8, 2025 at 10:32 PM
December was my last month at GitHub, and after a refreshing Xmas break, I’m thrilled to announce that I’ll be starting a new adventure at @xbow! 🚀 Grateful for all the memories and experiences at GitHub, and can’t wait to help shaping the future of security testing!
After an amazing journey, this is my last week at GitHub. It’s been an incredible 5 years working alongside the talented team at the Security Lab. Grateful for the experiences, collaborations, and the amazing culture I’ve been a part of. On to the next adventure!
December 19, 2024 at 9:41 PM
After an amazing journey, this is my last week at GitHub. It’s been an incredible 5 years working alongside the talented team at the Security Lab. Grateful for the experiences, collaborations, and the amazing culture I’ve been a part of. On to the next adventure!