It happened! My #DEFCON 33 talk on hacking Pokémon Go is live!
Looking back, it was an absolute pleasure to dip into that 2016 nostalgia and share with the security community the untold story of Team Unknown6, on stage in front of a packed full audience.
m.youtube.com/watch?v=2En9...
Amazing vibe and crowd at Reversim Summit today! I'm so humbled to be here and present my research to you all!
וואו, איזה אווירה ואיזה קהל ב-Reversim Summit היום!
שמחתי מאוד על הזכות להיות פה ולהציג בפניכם את המחקר שלי, תודה!
So happy the Reveresim Summit is here!
It’s always such a great event with awesome talks. This year is extra special because I get to speak for the first time!
Come hear about Android hacking, and how I spent summer 2016 breaking into Pokémon Go.
Tomorrow, October 27th, at 13:20 in the main hall!
איזה כיף שהגיע הכנס השנתי של Reversim Summit!
כנס שתמיד נהדר להיות בו עם הרצאות מעניינות ומעולות, והפעם הוא מתוק במיוחד כי יוצא לי להרצות בו בפעם הראשונה!
מוזמנים לבוא לשמוע על איך נראה האקינג למשחקי אנדרואיד, ואיך ביליתי את ימי הקיץ אי שם ב2016 כדי לפרוץ לפוקימון גו.
מחר, 27/10, ב13:20 באולם הגדול!
Had a great time presenting the OWASP Top 10 NHI Project today at #LASCON Austin with Tomer Yahalom!
We've had the pleasure to give the talk to a great crowd and amazing people. Looking forward to the second day filled with interesting talks!
Today, we released an open-source tool to help mitigate some of the security implications of today's #MCP server implementations: the "MCP Secret Wrapper", which in a simple 2-step flow, removes those pesky static credentials from your configuration files!
github.com/astrix-secur...
Our analysis discovered that the majority of servers rely on long-lived API keys or credentials given to them through static configuration files. This unfortunate side effect of the rush to use #AI #Agents comes at a cost by downgrading security.
The #MCP framework took the world by storm. But is it safe?
We downloaded over 5 thousand of the highest starred MCP implementations to answer that question!
astrix.security/learn/blog/s...
A few years later (and I still can't quite believe this is happening) I'm going to be that person on stage! So, despite me, I'll be presenting my research on the main stage on the second day (Tuesday, 28/10) at 13:20.
Hope to see you there!
The first Reversim I attended was actually one of the first conferences I'd ever been to. I distinctly remember sitting in the audience, watching a speaker present their cool project, and thinking how incredible it must feel to be up there on stage sharing your work with such an engaged crowd.
I am absolutely delighted to share that I'll be giving a talk at Reversim Summit 2025 on breaking Pokémon Go's anti-cheating mechanism!
On a personal note, every time I visit Reversim, it shows me just how awesome, welcoming, and genuinely interesting community-driven events can be.
Breaking 'Em All!
The blog posts going deeper into hacking Pokemon Go that accompany my #DEFCON talk are live on my blog!
taltechtreks.com/2024/04/06/H...
taltechtreks.com/2025/08/09/H...
Happy to get questions on the research!
Talking in an hour at #DEFCON about Pokemon Go on track 3. Couldn't be more excited!
I've worked on it multiple nights in the past months, and I hope you'll enjoy it!
If you're not here in person, you can catch the talk live at www.youtube.com/live/fzbrrKP...
or www.twitch.tv/defcon_dctv_...
Giving a talk on Pokemon Go, I just had to convert myself to a Pokemon trainer.
The amazing Ryan Rockenbaugh surprised me with a limited edition sticker of Trainer Tal
Sticker wall at #DEFCON got 2, and I will be giving what's left tomorrow at my talk
Breaking 'Em All! 11:30 Track 3. See you!
Excited and humbled to speak once again in DEF CON.
Talk is on Saturday at 11:30, track 3.
I'll be in the conf till Sunday, hit me up if you want to chat over the talk or any other project.
The #DEFCON 33 schedule is live and I'm excited to announce I'll be giving a talk this year on unique research I was a part of a few years back!
"Breakin 'Em All – Overcoming Pokémon Go's Anti-Cheat Mechanism"
Join me on stage - Sat, 11:30 AM, Track 3
defcon.org/html/defcon-...
Looks like I'll be at Hacker Summer Camp this year!
Exciting #DEFCON33 ☺
Just got back from #AppSecIL2025!
Ended up 4th place in the #CTF 🎉
Solved 12/15 challenges alone - Android pwn, JS sandbox escapes, cache poisoning, XSS bypasses. The usual suspects: SQLi, LDAP injection, XXE.
Had a blast!
Looking forward to the next one.
Writeup: taltechtreks.com/2025/06/04/a...
I'm building something cute and new, but as opposed to my normal ways, this time I'm using #Cursor heavily and the flow blows my mind.
Although I'm certain that without prior good knowledge of coding it wouldn't work that well.
Ah, I wondered when this was due to come out.
Can't wait to experiment!
www.anthropic.com/news/integra...
Excited to present my research tomorrow at #RSAC!
Come by to hear John and me share conclusions and insights on the first publicly available report on Non-Human identity security!
See you there,
May 1, 10:50 am at Moscone West 3004!
For today, a bit Friends content! Or, uhh, actually, computer science!
What’s the largest sofa you can pivot around a corner?
Heard about this problem in the past, but I thought it's one of those we will never be able to prove. (At least until quantum computers arrive to solve some NP problems)
Took a bit of hiatus from posting here, was quite busy the past few months (CFP season amiright…)
But I do have more cool stuff ready for sharing as well as writing 2 blog posts about projects I worked on lately.
Looking forward to sharing with you all
Great time presenting OWASP NHI Top 10 at #SnowFROC!
If you're here, come say hi!
Well, that was an hour of my life well spent.
An amazing adaptation of minesweeper to include old-school RPG elements.
UPDATE: Had to go back and play, another 4 hours to achieve a perfect clear. Incredible game!
Great thread on the emerging new details on the ByBit breach
A cute post showcasing the basis of every website - HTML! The site goes over (almost) all HTML tags, by using them.
Seeing this, it’s unfortunate that text inputs in websites don't allow most tags but rather encapsulate how the final result is displayed for users. Give us more, please!
Managed to squeeze in 2 talk submissions to #fwd:cloudsec just before the first round CFP closes.
Hoping for good news, will be the perfect reason to finally attend in person!
Check out this wild project: #Steam #Brick.
The author transformed the Steam Deck to a brick that still connects to screens or VR while reducing size by a third
Projects like this (author used steam-provided data) are a great example of "right-to-own", critical to enhance electronics sustainability