Felipe Warrener-Iglesias @fwrnr Twitter profile

Pinned Tweet

Felipe Warrener-Iglesias

7 months

I was awarded $65,400 for my submissions on @bugcrowd #ItTakesACrowd The #bugbounty #bugbountytip here is turn off your testing mindset and turn on your vulnerability research mindset.

58

38

717

Last Seen Profiles

@CuckoldOnlyBBC

@MkhtarA55201

@blackdogs2020

@amaneko_ad12

@yy0531582937

@SteamPrwedWoman

@bokeplokalmalam

@biltocx

@hiddenkotoraya

@doll_puppy_

@kulk1818

@aazsxx2

@m7md_madouh

@bai_mao33228

@asd1589664

@xxx1159843

@PatriotsofFire

@yuanzhisheng321

@bai_yi763

@dfo7E2Ur9hLR0XR

@d_fird

@me_oxxolove

@mJ4urVrjY3FgTxs

@stw_pdg

@xiaodoya1

@XinNai_Xabrine

@mehmetcmert63

@Carlos46076137

@melvynprior

@F_binhathleen

@sac4nagem

@jorny54188

@marvettelacy

@Flowing_Waves

@sososana12

Felipe Warrener-Iglesias

@fwrnr

3 years

@TheOllieJT @vallejocolors Your ‘paints’ literally say the colour

1

0

45

Felipe Warrener-Iglesias

@fwrnr

3 months

All submissions in bug bounty platforms to program teams should be anonymised from the program team view. There is zero reason for a program team to know who submitted a bug other than to favoritise them or discriminate against them. Bug bounty should be a meritocracy.

5

3

50

Felipe Warrener-Iglesias

@fwrnr

4 months

Bali in full swing 🙏

8

0

46

Felipe Warrener-Iglesias

@fwrnr

5 months

Recently had a disappointing experience on @Bugcrowd . Reported two critical vulnerabilities to @FISGlobal compromising integrity of a product. One bug took 3 months for full payment, while the other was marked as self-duplicate due to copy-pasting of code...?

9

1

43

Felipe Warrener-Iglesias

@fwrnr

7 months

@nicojrme @nico_jeannen @daniel_nguyenx Exactly, this is a conflict of interest. They could just DDoS the customers themselves to boost revenue...

2

0

41

Felipe Warrener-Iglesias

@fwrnr

6 months

@Hammad7361 You cannot 'download' .php files by visiting them... That's the whole point of php, to not reveal the code. You're probably getting 0 size because these files are libraries and are not meant to output any data, they are instead meant to be imported by other php files.

1

0

36

Felipe Warrener-Iglesias

@fwrnr

9 months

@zer0pwn @realGeorgeHotz Real ones know

It Was Called the Cold War Because Russia Is Cold

Song · George Hotz · 2014

open.spotify.com

1

33

Felipe Warrener-Iglesias

@fwrnr

7 months

@nicojrme @nico_jeannen @daniel_nguyenx Or, more realistically, implement relatively poor DDoS protection for their own benefit.

0

28

Felipe Warrener-Iglesias

@fwrnr

3 years

Nursing the @BSidesLondon hangover with @CalumBoal @uidzero @_kaovd 🥴

3

1

26

Felipe Warrener-Iglesias

@fwrnr

4 months

age++! 25 years old today and partying to celebrate 😎 here's to another year of progress and growth 🙏

3

0

24

Felipe Warrener-Iglesias

@fwrnr

3 years

@edbutler2 @jonathandata1 Hi Ed, the person you've featured here has a track record of maliciously spreading misinformation on device security that has been disproven and debuinked by some of the world's top security professionals (eg. @taviso ). Please take this story down and do better journalism.

0

23

Felipe Warrener-Iglesias

@fwrnr

4 months

Well @shodanhq 's search logic is now so broken that you can't even search for a specific organisation string anymore. It tokenizes it and then includes every result containing 'Inc'...

2

0

19

Felipe Warrener-Iglesias

@fwrnr

3 years

@mikko @ClarkQwertyuiop The original caption of the photo is even better

1

3

19

Felipe Warrener-Iglesias

@fwrnr

5 months

@jobertabma @Hacker0x01 Did you train the AI agent off of the submissions of humans in hackerone? If so, that's really unethical.

3

1

16

Felipe Warrener-Iglesias

@fwrnr

6 months

@caseyjohnellis Gamified VDPs extract free labour from people. Bug bounty platforms are meant to facilitate hackers being paid for their work. VDPs are a conflict of interest and a slippery slope. Bug bounty wouldn't exist without the 'no more free bugs' movement.

1

17

Felipe Warrener-Iglesias

@fwrnr

2 years

32 degrees in Bangkok today.

1

0

15

Felipe Warrener-Iglesias

@fwrnr

3 months

Some more food for thought. #bugbounty

0

16

Felipe Warrener-Iglesias

@fwrnr

2 months

I keep warning people not to give your important recon info to black boxes run by teams of bug bounty hunters that *could* use it for their own benefit unbenknownst to you. It is genuinely so stupid that people put the recon they worked hard for into a black box. :-)

Attaxa

@attaxapty

2 months

Due to recent concerns with the team at Dorki, we advise against using , as the server is now under the control of an unauthorized party using it for malicious purposes. We have decided to part ways with this individual and will now focus on Dorki, which

2

5

26

6

1

16

Felipe Warrener-Iglesias

@fwrnr

4 months

Hello Bali... 🙏

0

15

Felipe Warrener-Iglesias

@fwrnr

3 years

@TheOllieJT @vallejocolors Your tweet is not regarding the etymology of the word ‘black’ though, it’s saying the Spanish word ‘negro’ is a racial slur, which is isn’t and neither is the world black - it is essentially ‘I’m so disappointed in this company for being based in Spain’

0

13

Felipe Warrener-Iglesias

@fwrnr

6 months

My local boss man is now a nice guy named Shintaro who runs a small restaurant serving Fukuoka ramen, I rocked up there today at 2am and they wondered where I'd been the past few weeks. Super nice guy who teaches me more about Japan every time I visit.

2

0

13

Felipe Warrener-Iglesias

@fwrnr

6 months

It's Songkran time... w/ @TheGrandPew #songkran2024 #Songkran

1

0

14

Felipe Warrener-Iglesias

@fwrnr

2 years

I grilled some meat yesterday, does this mean I'm ready to become a father now? 🤣

2

0

12

Felipe Warrener-Iglesias

@fwrnr

2 years

I’m in the bar @BSidesChelt with the mega famous and next gen @UK_Daniel_Card @brianwhelton come and give us hugs

2

0

13

Felipe Warrener-Iglesias

@fwrnr

7 months

Good to be back in Vietnam 🇻🇳

1

0

10

Felipe Warrener-Iglesias

@fwrnr

3 years

Drunk Bob Ross painting tonight at the @VicHarkness residence 😎 @Jabellz2 @0xLegacyy

1

0

12

Felipe Warrener-Iglesias

@fwrnr

2 years

#BinleyMegaChippy

1

0

12

Felipe Warrener-Iglesias

@fwrnr

6 months

@LiveOverflow @0xTib3rius @BrutusTak @RachelTobac Social engineering is not hacking.

2

12

Felipe Warrener-Iglesias

@fwrnr

4 months

I'm genuinely blown away by the quality of the @HITBSecConf #hitbxphdays conference. Amazing people, great food and great technical talks with no bs! Thank you to @l33tdawg and all of the other organisers.

0

2

11

Felipe Warrener-Iglesias

@fwrnr

6 months

@TheMsterDoctor1 @PikuHaku @MiniMjStar @young_vanda_ @intigriti 20 in a few hours? That's more than one bug every 10 minutes... Finding bugs on VDPs is not comparable to finding bugs on paid targets.

3

0

11

Felipe Warrener-Iglesias

@fwrnr

6 months

Heading to full-moon tonight 🍹

1

0

10

Felipe Warrener-Iglesias

@fwrnr

2 years

The return of @InfoSecSteak … @Steel_Con @0xLegacyy @infosux @CalumBoal @lukeDVK @mrmdhaynes @Clarkee #steelcon2022

1

4

11

Felipe Warrener-Iglesias

@fwrnr

1 year

Anybody think they got a tougher DEFCON flight itenary than me? 😎 #Defcon #defcon31

2

1

11

Felipe Warrener-Iglesias

@fwrnr

2 years

@theflow0 @hardwear_io Do you not think $20,000 is pretty low? Are they only reserving the critical category for remotely exploitable vulnerabilities or scalable compromise of DRM?

1

10

Felipe Warrener-Iglesias

@fwrnr

6 months

Koh Samui, how I have missed you 🌴🥥 ☀️ 🌊

1

0

9

Felipe Warrener-Iglesias

@fwrnr

3 months

In BurpSuite, combining host header match-and-replace with DNS overrides is often not enough to access the desired host because the match-and-replace is not applied to the SNI in the TLS Client Hello (as I've just found) - does anybody know a way to get around this in Burp?

2

1

10

Felipe Warrener-Iglesias

@fwrnr

3 years

@albanwr I used to do this in school 🤣 SPF records were always too lax on school email domains 😬

1

0

10

Felipe Warrener-Iglesias

@fwrnr

9 months

Freezing in Toronto this morning 🥶

3

0

10

Felipe Warrener-Iglesias

@fwrnr

5 months

Happy Friday 🫡

1

0

9

Felipe Warrener-Iglesias

@fwrnr

9 months

Toronto -> Vancouver -> Tokyo -> Bangkok Very tired.

0

9

Felipe Warrener-Iglesias

@fwrnr

1 year

age = 24; I really appreciate all of my amazing twitter folk and the good times we've shared. Turbulent year but also one full of surprises and opportunities. :)

2

0

10

Felipe Warrener-Iglesias

@fwrnr

4 months

@NahamSec Respectfully, I believe it is yourself, content creators and the 'bugbountytips' posters that created this culture. Spoonfeeding valuable knowledge and techniques that took others time to develop intuition for, devaluing it in the process, discourages actual skill development.

4

0

10

Felipe Warrener-Iglesias

@fwrnr

3 years

Successfully exploited #Log4j RCE :D

1

0

9

Felipe Warrener-Iglesias

@fwrnr

3 years

Dug into some chateaubriand today with @David3141593 and @lewisparsons123 - paging @InfoSecSteak !

2

1

9

Felipe Warrener-Iglesias

@fwrnr

3 years

@AlexCervilla @LiveOverflow It is the scheduler that prevents the whole system from getting stuck, the scheduler uses an algorithm to determine how big of a 'time slice' that process is allowed to have amongst the other processes. And a hardware-based timer interrupt dictates the end of that time slice. :)

1

0

9

Felipe Warrener-Iglesias

@fwrnr

6 months

@Hammad7361 No, when you go to profile.php on Facebook obviously you can't access the PHP code for that file? The only way would be with an LFI

0

9

Felipe Warrener-Iglesias

@fwrnr

6 months

@mdisec Surely 'log4j LDAP injection' lol

0

2

9

Felipe Warrener-Iglesias

@fwrnr

9 months

@nav1n0x This is telling you it's a prepared statement, and forming the statement failed because there is no way to map a non-UUID compatible string to a UUID (hence 'parse') - you will not be able to achieve SQL injection on the UUID.

2

0

9

Felipe Warrener-Iglesias

@fwrnr

3 years

Friday was my last day @FSecureLabs . I’m really grateful to have met so many likeminded and talented people during my time there. I’m taking a bit of time off for the summer to recharge and will be starting a new role in August. Have a great summer everyone!

0

9

Felipe Warrener-Iglesias

@fwrnr

3 years

This is as close to hacking in the early 2000s as I will ever get... #pwnkit

0

8

Felipe Warrener-Iglesias

@fwrnr

2 years

I will be making my way to @Steel_Con once I cure this fkn hangover, hotel breakfast work your magic

1

0

8

Felipe Warrener-Iglesias

@fwrnr

7 months

@farazsth98 Next-gen and production ready

0

8

Felipe Warrener-Iglesias

@fwrnr

2 years

@CyberZombi3 @hackerfantastic Hardware wise, it can, software wise it doesn't because well that would be a disaster - the replay protection protocols in the readers aren't as secure as they make out - as I found out whilst auditing one 🫢

0

8

Felipe Warrener-Iglesias

@fwrnr

9 months

@JeshGyawa Why do you think people would give you this information? Information which makes them money? You're not asking a specific question, you're just saying 'take time out of your day to explain all your knowledge to me'?...

0

8

Felipe Warrener-Iglesias

@fwrnr

3 years

I don’t think I’m built for winter, I always feel like the world is on my shoulders more than usual around winter time. Early dark makes me feel tired and unmotivated. Maybe my Spanish genetics are suboptimal for this season.

2

0

8

Felipe Warrener-Iglesias

@fwrnr

1 year

Ho Chi Minh, Vietnam 🫠

1

0

8

Felipe Warrener-Iglesias

@fwrnr

4 months

@_godiego__ My thoughts - 20% of the bug bounty hunters will be responsible for 80% of the platform's revenue. It only takes a small group of people forming putting aside $$$ for a few months and forming a union to negotiate all the bs away:)

1

0

8

Felipe Warrener-Iglesias

@fwrnr

2 years

Up the lions 🦁🦁🦁

0

8

Felipe Warrener-Iglesias

@fwrnr

2 years

The money shot. #bangkok #lightning #thunder #storm

0

1

7

Felipe Warrener-Iglesias

@fwrnr

2 years

Arrived this morning in Chiang Mai ready for #lanternfestival 🔥

0

7

Felipe Warrener-Iglesias

@fwrnr

3 years

Lol @offsectraining also forced me to take my exam on dates I did not have the time. They automatically cancelled it and want me to pay for a retake. Can we talk about how forcing people to take the exams by certain dates only benefits them? @thecybermentor

Joe Helle - Mayor of Hacktown

@joehelle

3 years

Profiteering off of student failure is a horrible practice. If you have a poor passing rate own your failure as an educator and figure out how you can do better for your students. Jacking the price up some more to cash in on it isn't the answer. #TryHarder I guess. Or whatever

11

14

129

0

2

6

Felipe Warrener-Iglesias

@fwrnr

1 year

I'm open minded to pretty much everything except dog meat 😂 #vietnam

2

0

7

Felipe Warrener-Iglesias

@fwrnr

1 year

Wheels down Bali! 🙏

0

7

Felipe Warrener-Iglesias

@fwrnr

3 years

I am super grateful for these people

M D Haynes

@mrmdhaynes

3 years

MEGA WEEKEND! Thanks @brianwhelton Dave Thomas, plus all the goons, speakers & mentors for #BSidesLDN2021 Epic to meet up with the team @UK_Daniel_Card @uidzero @fwrnr + new friends! Too many to list, but just a few... @greg_IT @SPCoulson @Jenny_Radcliffe @cybersecstu

3

1

19

0

7

Felipe Warrener-Iglesias

@fwrnr

2 years

Skybar Bangkok 🌆

0

7

Felipe Warrener-Iglesias

@fwrnr

2 years

Next gen

mRr3b00t

@UK_Daniel_Card

2 years

@fwrnr and I are super sober 🤣

1

0

4

2

0

7

Felipe Warrener-Iglesias

@fwrnr

3 years

You’re all about to get maxpl0ited noobs

maxpl0it

@maxpl0it

3 years

Today was my last day at F-Secure. It’s been fantastic working with this team of incredibly skilled people and I’ve learned a LOT from them I’m excited for the future as big things are happening! (about to be a lot more active 👀)

10

0

108

0

7

Felipe Warrener-Iglesias

@fwrnr

2 years

Hi @LloydLabs @hela_luc

1

0

6

Felipe Warrener-Iglesias

@fwrnr

2 years

Well @BSidesChelt was awesome, so great to see everyone again, enjoy your next gen hangovers!

0

7

Felipe Warrener-Iglesias

@fwrnr

2 months

It's frustrating that most port scanners don't take input in the form of <ip:port>, this is really useful if you are simply trying to probe ports that you know are bound and open but might be blocked based on src address.

1

0

4

Felipe Warrener-Iglesias

@fwrnr

1 year

@zseano can you DM? :)

1

0

1

Felipe Warrener-Iglesias

@fwrnr

3 months

@badcrack3r @ITSecurityguard Why does somebody need to state that like it's a fact? Obviously it's literally possible. I think the debate is about whether marketing it as 'possible' is actually marketing it as 'plausible'. It is very much not plausible statistically speaking.

1

0

6

Felipe Warrener-Iglesias

@fwrnr

2 years

There are worse places to spend your first life crisis, I suppose. 🙂

0

6

Felipe Warrener-Iglesias

@fwrnr

10 months

@ajxchapman Real

0

Felipe Warrener-Iglesias

@fwrnr

2 months

@z0idsec My original post is simply highlighting that there is risk in sending your dorks to a third-party, the '*could*' there is hypothetical, now it's not that hypothetical. You can't audit the third-party code, or access controls, or members of a third-party.

1

0

6

Felipe Warrener-Iglesias

@fwrnr

2 months

@z0idsec So this query, which could contain patterns and recon niches private to me, goes to somebody else now and you have no control over their actions and what they do with it? You're proving my point lol.

1

0

6

Felipe Warrener-Iglesias

@fwrnr

2 years

Chiang Mai CAD Khomloy sky lantern festival last night. It was so surreal.

0

1

6

Felipe Warrener-Iglesias

@fwrnr

1 year

There are four things certain in this life: death, taxes, the quality of Japanese whiskey, and the taste of a drink crafted by Kohei 🇯🇵 Thank you for everything you've taught me. 💪

0

6

Felipe Warrener-Iglesias

@fwrnr

2 years

My mouth tasted of lighter fluid for about half an hour after this 🫡🫡🫡

3

0

6

Felipe Warrener-Iglesias

@fwrnr

3 years

age++

3

0

6

Felipe Warrener-Iglesias

@fwrnr

5 months

I just sort of went into bug bounty saying "I'm not gonna be that guy with the support tickets and pinging people asking them to look into X etc" but I very quickly became that and if you don't like having labour stolen, you unfortunately will too as it's a big part of bug bounty

2

0

5

Felipe Warrener-Iglesias

@fwrnr

3 years

@nnwakelam Congrats buddy, undeniably based and pre-auth-pilled

1

0

6

Felipe Warrener-Iglesias

@fwrnr

3 years

Check this out from @maxpl0it 8)

SentinelOne

@SentinelOne

3 years

🐧New on SentinelLabs! Meet CVE-2021-43267! @maxpl0it has discovered a heap overflow #vulnerability in the #TIPC module of the #Linux Kernel which can allow attackers to compromise an entire system. #CVE #Kernel #HeapOverflow #infosec cc: @LabsSentinel

0

48

150

1

0

6

Felipe Warrener-Iglesias

@fwrnr

3 years

@BSidesCymru @PenTestPartners It’s too late, we saw you deep fry the pentest partners logo, there is no going back, embrace it 😎

1

6

Felipe Warrener-Iglesias

@fwrnr

9 months

I'm a massive geohot fan, he's the reason I got into hacking! But this is also true. See by Hector Martin of @fail0verflow - it doesn't make Geohot's hypervisor escapes any less impressive though. :)

PlayStationHaX

@PlayStationHaX

9 months

@todayininfosec @HydrogenNGU This is not accurate at all and insulting to real hackers/reverse engineers such as @fail0verflow . We could already jailbreak our consoles several months before this event. The actual hackers had the keys for a long time and didn’t release them for obvious reasons.

1

2

21

3

1

6

Felipe Warrener-Iglesias

@fwrnr

2 years

Swag @BSidesBSK

3

0

5

Felipe Warrener-Iglesias

@fwrnr

3 years

My best mates have just become parents to the most gorgeous little soul, it has filled me with joy. The innocence of new life should be cherished.

1

0

5

Felipe Warrener-Iglesias

@fwrnr

2 years

@ThePrimeagen @LiveOverflow It's quite common in poor/developing countries where people can't afford a laptop/PC and opt to use a cheap Android device (which with optimisation and ARM instruction set, isn't a bad deal performance wise)

1

0

5

Felipe Warrener-Iglesias

@fwrnr

2 years

Managed to get 8 minutes straight in the ice cold plunge today, beating previous record of 4 minutes set just 4 days ago! Going for 10 next time 😁

0

5

Felipe Warrener-Iglesias

@fwrnr

3 years

Devon is packed atm and today is going to be another scorcher :) Looking forward to getting in the sea today 😅

1

0

5

Felipe Warrener-Iglesias

@fwrnr

3 years

Es hora de caldo 😌

2

0

5

Felipe Warrener-Iglesias

@fwrnr

4 months

@TeslaTheGod Top software engineers also make 5-20x more money than the average bug hunters - it is really pointless sharing stuff like this.

2

0

5

Felipe Warrener-Iglesias

@fwrnr

2 years

#ExmouthFestival

1

0

5

Felipe Warrener-Iglesias

@fwrnr

3 years

When I talked about OWASP Top 10 trending towards being out of touch with modern production web applications in 2019, everyone dog piled on me. Todays discussions indicate people seem to have caught up to this now. 😅

0

5

Felipe Warrener-Iglesias

@fwrnr

2 years

@aaronbassett I mean he's right about one thing...