Sebastian Lekies @slekies
Automated Security Scanning & Vulnerability Management @Google Zürich, Schweiz Joined October 2011-
Tweets1K
-
Followers3K
-
Following422
-
Likes742
The vulnapocalypse is here, but Opus 4.7 still routinely confuses the direction of a wild memcpy. LLMs are super crazy powerful, and in many ways superhuman, but in some ways ... well, not quite there yet.
@RSnake Funnily enough most actively exploited infrastructure vulns don’t even have a CVE or CVSS score assigned.
Got a knack for security? We've launched a rewards program for OSV-SCALIBR and want your help! Earn cash 💰 for creating new plugins that detect vulnerabilities, secrets, or extract software inventory. bughunters.google.com/blog/655159064…
@kevin_mizu @kkotowicz @sirdarckcat This is awesome! Thank you very much for putting this together and sharing it with the community!
I'm happy to release a script gadgets wiki inspired by the work of @slekies, @kkotowicz, and @sirdarckcat in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4
Protect your systems from leaked credentials! 🚨 We're excited to announce Veles, a new open-source secret and credential scanner from Google. Veles helps you find and fix sensitive data exposures in your source code and artifacts, with more features on the way! Learn how Veles is battle-tested at Google and how it can help secure your organization: goo.gle/veles-scanner #Veles #OpenSource #Security #Cybersecurity #SecretsScanning
Veles, Google's new open-source secret scanner, is now available. This tool, built into our SCALIBR scanner, identifies exposed credentials with an extensible architecture for new secret types. We'd love to hear your feedback and answer any questions. opensource.googleblog.com/2025/07/stop-l…
Today Google announced a new OSV-SCALIBR: A library for Software composition analysis. It allows to extract software dependencies, generate SBOM’s and scan them via osv.dev! More details in our blogpost: security.googleblog.com/2025/01/osv-sc…
Google has launched OSV-SCALIBR, an open-source library for software composition analysis! It identifies vulnerabilities and generates SBOMs, supporting various OS and languages. 🛡️🔍 #OpenSource #Google #SoftwareSecurity #CybersecurityNews link: ift.tt/qE5l48z
Google releases OSV-SCALIBR, an open source library for software composition analysis and file system scanning. securityweek.com/google-release…
Google’s New OSV-SCALIBR: Your Software’s Superhero or Just Another Sidekick? Hot Take: Google's OSV-SCALIBR: Because keeping tabs on your software vulnerabilities should be as easy as keeping tabs on your ex's Instagram story. With this new tool, Google is basically saying, "Don't worry, we got your back (and your code's back)!" buff.ly/42jkbj7
Github Repo: github.com/google/osv-sca…
SCALIBR is a library that allows you to enumerate all software installed in a given file system, such as containers, VMs, running machines, or code repositories. Additionally, it offers extensible vulnerability scanning capabilities. Reach out in case you have questions.
Today, we announced the official release of OSV-SCALIBR, Google's software composition analysis library. If you are working in vuln management / security scanning, SCALIBR is for you! SCALIBR is powering most of Google's vuln scanning. Please RT security.googleblog.com/2025/01/osv-sc…
OSV-SCALIBR: A library for Software Composition Analysis security.googleblog.com/2025/01/osv-sc…
⚒️ SCALIBR (Software Composition Analysis Library) An extensible file system scanner used to extract software inventory data (e.g. installed language packages) and detect vulnerabilities By @Google github.com/google/osv-sca…
OSV-SCALIBR: A library for Software Composition Analysis: ift.tt/XrvxnOD by Google Online Security Blog #infosec #cybersecurity #technology #news
"OSV-SCALIBR combines Google’s internal vulnerability management expertise into one scanning library with significant new capabilities ..." security.googleblog.com/2025/01/osv-sc… < it's open source, and you can use what Google uses for software composition analysis
@we1x @arthursonzogni @manicode I.e start with opt out, after x years you have to opt-in and after another x years you drop that too. What’s an acceptable usage percentage to phase out a browser feature btw?
@we1x @arthursonzogni @manicode There seems to be a depreciation problem for outdated web tech. Would be nice if there was a mechanism / policy / standard that allows browsers vendors to phase out old tech. Opt out seems to be the easiest, but I wonder if the opt out could be turned into opt-in over time.
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
@[email protected]... @SecurityMB
11K Followers 284 Following Improving the world’s security at Google. Opinions are mine.
LiveOverflow 🔴 @LiveOverflow
160K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
lcamtuf @lcamtuf
40K Followers 499 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
James Kettle @albinowax
83K Followers 102 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Eduardo Vela @sirdarckcat
13K Followers 614 Following not mad. mentally divergent. personal profile, opinions my own. everything I say is probably wrong. @Google
Luca Carettoni @lucacarettoni
4K Followers 793 Following Application Security @Doyensec | Build with Security
svbl @svblxyz
11K Followers 2K Following 🇺🇦🌻 - My tweets represent your employers opinions. Most of this is false. I am making this up. I always tell the truth. Verified.
Frans Rosén @fransrosen
43K Followers 907 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Soroush Dalili @irsdl
20K Followers 941 Following Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐
Rahul Maini @iamnoooob
15K Followers 2K Following Research at @httpvoid0x2f @HacktronAI, before @pdiscoveryio
🎻 ➡️ BlueSky @ericlaw
14K Followers 3K Following I moved to https://t.co/GaDsKjTnnm Twitter died. X is the Nazi bar. Hope fights in the dark.
Justin Gardner @Rhynorater
37K Followers 2K Following Christian | Full-time Bug Bounty Hunter | Host of @ctbbpodcast | Advisor @CaidoIO | 4x LHE MVH | 🗣️ English, 日本語 | ♥️ @mariahchan_ ♥️
ProjectDiscovery @pdiscoveryio
42K Followers 144 Following Real, exploitable vulnerabilities. No noise. Nuclei scans fast. Neo closes the loop. @pdnuclei × @neo_ai_engineer
Gynvael Coldwind @gynvael
39K Followers 1K Following security researcher/programmer/director @ HexArcana Cybersecurity GmbH ⁂ @pagedout_zine ⁂ @DragonSectorCTF ⁂ https://t.co/ShG2c5As1K ⁂ ex-Google ⁂ he/him
Tuan Anh Nguyen⚡️... @haxor31337
16K Followers 2K Following 29 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
cam the ham @camellia7887
14 Followers 800 Following soft spoken but my likes are loud 💖 follow back
Ismail Arabi @IsmailArabi18
72 Followers 2K Following
Tmawe Li @DRAGONFLAME1111
0 Followers 209 Following
Mogtaba @MOGTABA_X
22 Followers 820 Following
Mr ELON X🚀 @garrett_da71256
536 Followers 7K Following Constitutional Conservative. Fighting for secure borders, Second Amendment rights, individual liberty, and the American dream. Proud American 🇺🇸
cem @cemonatk
10 Followers 617 Following
Satar @satar_nz
587 Followers 7K Following
Guy Goldenberg @GuyGoldenberg
370 Followers 153 Following Building apps by day, breaking them by night. 👨💻 Building Wiz’s Red Agent. ☁️ Securing Clouds @ Wiz (@wiz_io) ✦
Gadi Evron @gadievron
7K Followers 2K Following CEO & Founder, Knostic. CISO-in-Residence for AI, Cloud Security Alliance. Founder @Cymmetria (acquired). Scifi geek, dance teacher. Opinions my own.
Lil Bindle @YungBindlestiff
100 Followers 5K Following
void @kmraj1992
13 Followers 614 Following
xamse carab @HamzaAr12721415
11 Followers 546 Following
BugHunter @9_ttg28114
13 Followers 618 Following
sherif @0xCOD3
72 Followers 1K Following ”I have seen everything that is done under the sun, and behold, all is vanity and a striving after wind“
HackerStorm @hackerstorm
3K Followers 3K Following Official X Account for https://t.co/KFNKyY7SRB where you can find Free Stuff like Vulnerability Reports, News and Threat Research.
duskxy @duskxy
36 Followers 1K Following
Johnny @Luckyrocky2028
249 Followers 8K Following Stay Hungry, Stay Foolish. Only those who are self-disciplined can attain true freedom.|No Politics.
emlynnenang34329 @emlynnenan91317
39 Followers 1K Following
Youngjoon Kim @youngjoon421
3 Followers 186 Following
Felipe Nascimento @f7nascimento
390 Followers 3K Following
ijdod @Ijdod
14 Followers 396 Following
Professor the Hunter @bughuntar
15K Followers 73 Following Security Researcher at HackerOne | Multiple CVE Honoree | Google Hall of Fame Rank 1st (Bangladesh) | #FreePalestine 🇵🇸 🇧🇩
NUT&BOLT @nutandbolt_
0 Followers 464 Following
Duc Nguyen @nduc193
0 Followers 87 Following
Mr. @al1k0k
67 Followers 2K Following
/𝚌𝚛𝚔/.𝚓�... @JamRoot0
71 Followers 5K Following Mail Cracker | Tech Enthusiast | RedDevil | MAKE AMERICA GREAT AGAIN!!!🇺🇸 📷♟️♞🎲⚽🏀🎱🎳🏑🛹🎾🏸🏏🏓👨💻💻👾🎭🍾🥃🥂🍻🎸 🎶 🎵🎻🎹🦅🐦🔥🦇🕷️🐞🏴☠️🃏🎩
Sambam4mba @he31707900
18 Followers 2K Following Bor3d hacker of iot devices, security researcher? Security Breacher!
Isaiah @Hacker_Ise
4 Followers 668 Following Web & Mobile Security Reseacher | Exploring Blockchain and Cloud Security | ARM | Chasing My Curiousity
walid berrouk @berrouk_wa44115
3 Followers 79 Following
Ashek-Alahi @mdashekalahi35
14 Followers 907 Following
Simbios1s @AlaaSimbiosis
2 Followers 195 Following
cling clang @clingclangless
1 Followers 94 Following
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following JavaScript for hackers: Learn to think like a hacker. https://t.co/e0aNEbEDk5
@[email protected]... @SecurityMB
11K Followers 284 Following Improving the world’s security at Google. Opinions are mine.
LiveOverflow 🔴 @LiveOverflow
160K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
lcamtuf @lcamtuf
40K Followers 499 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
Halvar Flake @halvarflake
45K Followers 3K Following Choose disfavour where obedience does not bring honour. I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected]
James Kettle @albinowax
83K Followers 102 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Eduardo Vela @sirdarckcat
13K Followers 614 Following not mad. mentally divergent. personal profile, opinions my own. everything I say is probably wrong. @Google
Nicolas Grégoire @Agarri_FR
28K Followers 627 Following Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks
@mikko @mikko
224K Followers 946 Following Researcher and a best-selling author. Keynote talks at RSA, Black Hat & DEF CON. TED Speaker. Chief Research Officer at Sensofusion.
Luca Carettoni @lucacarettoni
4K Followers 793 Following Application Security @Doyensec | Build with Security
svbl @svblxyz
11K Followers 2K Following 🇺🇦🌻 - My tweets represent your employers opinions. Most of this is false. I am making this up. I always tell the truth. Verified.
Frans Rosén @fransrosen
43K Followers 907 Following Co-founder of @centrahq/@detectify/@poweredbyingrid. I do not advertise doing hacking services, do not trust the ones telling you I do.
Soroush Dalili @irsdl
20K Followers 941 Following Hacker (ethical), web appsec specialist, trainer, tools builder & apps breaker 🕸️https://t.co/YipuTcYnWc🥷 🍏A dad-joke maker🍐
Gynvael Coldwind @gynvael
39K Followers 1K Following security researcher/programmer/director @ HexArcana Cybersecurity GmbH ⁂ @pagedout_zine ⁂ @DragonSectorCTF ⁂ https://t.co/ShG2c5As1K ⁂ ex-Google ⁂ he/him
ash @uglypackets
2K Followers 3K Following he/him. set disassembly-flavor intel. offensive security and video games.
Guy Goldenberg @GuyGoldenberg
370 Followers 153 Following Building apps by day, breaking them by night. 👨💻 Building Wiz’s Red Agent. ☁️ Securing Clouds @ Wiz (@wiz_io) ✦
billy leonard @billyleonard
5K Followers 705 Following pogue life. sec @ A\, fmr @Google TAG, Global Head of Analysis of State Sponsored Hacking And Threats.
Nagli @galnagli
48K Followers 507 Following Hacker; Red Agent & Attack Surface at @wiz_io / @Google; $3,000,000 Bug Bounty Hunter and Live Hacking Events Winner.
Gadi Evron @gadievron
7K Followers 2K Following CEO & Founder, Knostic. CISO-in-Residence for AI, Cloud Security Alliance. Founder @Cymmetria (acquired). Scifi geek, dance teacher. Opinions my own.
Raluca Ada Popa @ralucaadapopa
7K Followers 178 Following Head of Security and Privacy Research @ Google DeepMind. @UCBerkeley security professor. MIT PhD. Co-founder of @OpaqueSys, @imua & @PreVeil.
Josh Woodward @joshwoodward
63K Followers 778 Following VP, @Google @GoogleLabs @GeminiApp @GoogleAIStudio
Logan Kilpatrick @OfficialLoganK
325K Followers 3K Following Member of technical staff, working on Gemini, @GoogleAIStudio, the Gemini API, & Kaggle. My views!
Kévin GERVOT (Mizu) @kevin_mizu
7K Followers 779 Following Vulnerabilty researcher at @assetnote 🐛 | DOMLogger++ developer 👨🏻💻 | CTF with @FlatNetworkOrg, @rhackgondins 🦦 | @ECSC_TeamFrance 2023 🇫🇷
Bob Callaway @rdcallaw
691 Followers 135 Following OSS Supply Chain Security @google. @projectsigstore @theopenssf Technical Advisory Council - Ex-Red Hat, NetApp, IBM. PhD ECE NCSU.
Anthony Weems @amlweems
3K Followers 272 Following Cloud Vulnerability Research • The opinions stated here are my own, not those of my company.
Shane Huntley @ShaneHuntley
17K Followers 1K Following Security / tech guy. Google Threat Intelligence Group but tweets are my own.
Annie Mao @AnnieNMao
10 Followers 30 Following
Aleksandr Dobkin @a_dob
902 Followers 762 Following
Demis Hassabis @demishassabis
1.1M Followers 172 Following Nobel Laureate. Co-Founder & CEO @GoogleDeepMind - working on AGI. Solving disease @IsomorphicLabs. Trying to understand the fundamental nature of reality.
Zoubin Ghahramani @ZoubinGhahrama1
35K Followers 707 Following VP Research, Google DeepMind, ex-head of Google Brain. Professor at University of Cambridge. Machine Learning Researcher. ex-Chief Scientist & VP of AI, Uber.
Qualys @qualys
34K Followers 4K Following The leading provider of disruptive cloud-based security, compliance and IT solutions.
madison | taladrane@f... @taladrane
449 Followers 661 Following putting the charisma, uniqueness, nerve, and talent back into cybersecurity one day at a time 💃 advisory database curation manager @github. she/her
Julien Bachmann @milkmix_
2K Followers 621 Following security engineer @google, organizer @blackalpsconf, re/pwnable and mountain stuff. Opinions are my own https://t.co/Wb4oBNQq20 @[email protected]
Oriol Vinyals @OriolVinyalsML
203K Followers 86 Following VP of Research & Deep Learning Lead, Google DeepMind. Gemini co-lead. Past: AlphaStar, AlphaFold, AlphaCode, WaveNet, seq2seq, distillation, TF.
ℵ₁ @aleph_one@inf... @aleph_one
6K Followers 201 Following
Grype @GrypeProject
1K Followers 257 Following Grype is an open source vulnerability scanner for Software Bills of Material (SBOMs), containers, and filesystems. Created and maintained by @Anchore.
Syft @SyftProject
1K Followers 316 Following Syft is an open source tool to generate a Software Bill of Materials (SBOM) from a container image or filesystem. Created and maintained by @Anchore.
Anna Berenberg @kniga
2K Followers 189 Following Engineering Fellow at Google. Services, Load balancing, reliable distributed systems. Mother of grown up children. Knitting. Tweets are my own.
Allan is @allanfriedm... @allanfriedman
7K Followers 2K Following #SBOM Champion. Full service technocrat. Now at @CISAgov, formerly NTIA. Lapsed{engineer, academic, author}. Personal Account.
Pete Markowsky @PeteMarkowsky
812 Followers 595 Following Cofounder & CEO @northpolesec Prev: @google working on Security Agents including Santa. Cofounder and Chief Architect @capsule8 (tweets are my own.)
Mihai Maruseac @mihaimaruseac
3K Followers 2K Following Building AGI with security and privacy at @openai. Previously: @google (model-signing, GUAC, @tensorflow), LeapYear (Haskell, ML, DP)
Brandon Lum @lumjjb
970 Followers 626 Following 🔑CNCF Security TAG Co-Chair Emiritus 💻Google Engineer 🎸Musician/Guitarist All things Containers + Security... Opinions are my own...
Marco Lancini @lancinimarco
7K Followers 382 Following 💼 Director of Security 📬 @CloudSecList 📚 https://t.co/TrQKzxfnYg 💬 I write about security strategy, technical leadership, and cloud security.
the_storm @the_st0rm
4K Followers 971 Following Security Engineer @OpenAi, Ex @Meta @Lacework, @Deloitte, @SecForce_LTD. CTFer with LCBC, vulnerability researcher and exploit dev. Opinions are my own
David K. @ncd_leen
59 Followers 260 Following where is my mind? IT security research @tuBraunschweig Interested in, e.g., web security, input validation, enforcement of security and privacy properties
Peter Valchev @pvalchev
136 Followers 32 Following
Oliver Chang @halbecaf
2K Followers 147 Following https://t.co/bmyDmTlFKv Senior Staff Eng @ Google DeepMind. Former: founder of https://t.co/K575lba4tt, lead/co-founder for OSS-Fuzz.
jason polakis @jpolakis
934 Followers 228 Following Associate Professor of Computer Science, University of Illinois Chicago
Sooel Son @sooel_son
25 Followers 17 Following
Crash Override @crashappsec
3K Followers 228 Following The only developer productivity insights platform with code-to-cloud visibility through deep build inspection.
(past account, never ... @whereistanya
16K Followers 0 Following Find me at: https://t.co/lxewisR9C5 https://t.co/W5sWwGx52a https://t.co/UavAOmwtSI https://t.co/UVpMpZBNEr
Prabhakar Raghavan @WittedNote
9K Followers 201 Following SVP @google. My tweets represent my own views. WittedNote is an anagram.
Sunil Potti @sunilpotti
2K Followers 289 Following
Julie Qiu @JQiu25
2K Followers 198 Following
ATT&CK @MITREattack
117K Followers 517 Following MITRE ATT&CK® - A knowledge base for describing the behavior of adversaries. Replying/Following/Re-tweeting ≠ endorsement. @ https://t.co/wt46ArkZVtYou might like
