Hackers don't wait, why should we? SANS 2025 Attack Surface & Vulnerability Management Survey – We Need Your Voice! survey.sans.org/jfe/form/SV_...

Old school CSS escape room!

csscape-room.iamdanielmarino.com

That was fun. Took about 10 minutes of clicking around. Last two I brute-forced :) Thanks for sharing.

Slack: lack of port normalisation allows bypass of Blocked Previews YouTube video by jub0bs

For instance, if your Slack workspace blocks example[.]com, share a link with an explicit port left-padded with enough zeroes, e.g. httpx//:example[.]com:000443, and your link will be unfurled.

Admittedly not much of a security impact; just a broken functionality. 🤷

youtu.be/uI0JrHkLAXA

2/2

Respect! 🤩

I couldn't help myself do a kiosk escape considering the entire table is a touch screen menu

Hacker Space - Skjelbred Poiree - River Security Hacking Team YouTube video by River Security

The most fun time of the year is not Christmas! It's our hacker spaces youtu.be/u6DdqrmylZQ

We're looking for passionate cybersecurity professionals, both junior and senior roles, to join our remote pentesting team. There is a hacking challenge below... Does this sound enticing?Message me.

209.38.109.251 (Reach out if you need hints) 💪

Coaching a CTF team was one of last years highlights. I hope I get to do it again. www.htx.gov.sg/whats-happen...

ktrlpanel ep 3 - Chris Dale | The evolution of pentesting, becoming a SANS instructor, remote teams YouTube video by ktrlpanel

In this podcast I am discussing things like how peneration testing is changing, modern penetration testing methodlogy, and more. www.youtube.com/watch?v=kRwG...

In case the post gets taken down, here is a screenshot.

Workforce | DOGE: Department of Government Efficiency Workforce data for the U.S. government.

🍿 DOGE.gov breached: doge.gov/workforce?or...

ORM vs Raw SQL queries - Careful Either Way - www.nodejs-security.com/blog/raw-sql...

Top 10 web hacking techniques of 2024 Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! portswigger.net/research/top...

Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform - research.md

Very cool write-up on a deanonymizing attack using Cloudflare's Cache - gist.github.com/hackermondev...

Credential Stuffing: Hacking Without Being a Hacker YouTube video by Chris Dale

Credential stuffing — no advanced hacking skills needed. A short 6 minute video to explain the concept www.youtube.com/watch?v=1BTF...

I'm not sure which is more frustrating: interacting with a support system run by an LLM or dealing with technicians who seem to rely solely on predefined playbooks without critical thinking...

Keeping free open-source software maintained is often an unrewarding and unrecognized effort. Thank you!

Setting up an unmarked malicous cable and it comes with a warning: "Do Not Eat"... Wow 🙈

Feel like Santa Claus 🎅 Bug bounty on Christmas Eve. An IDOR which at first seemed impossible to enumerate, but once I reduced the JSON object to the least parameters that would still make the request work, I found two enumerable values which ended up in a nice vulnerability. Happy holidays!

Exposing the Honey Influencer Scam YouTube video by MegaLag

Honey, the browser plugin with godmode to your browser activity, found to rewrite afilliate links. Keep your browsers clean all, you use it for too much important stuff. www.youtube.com/watch?v=vc4y...

I don't particularly enjoy questions like these, but then again, how would you answer it? I'd say: "Start with a problem, and what you want to achieve. Seek the answers by firmly understanding the problem and the technology you operate.".

FBI PSA; Some good tips on protecting against threat actors using AI against us. My favorite is to have a secret passphrase between family members to validate on another is not AI. www.ic3.gov/PSA/2024/PSA...

Hi Matt, nice to meet you 🤟😂

It was a commodore 64, but what happened after was truly amazing times

Is My Phone Listening To Me? Is My Phone Listening To Me?

A common question (or rather, statement) I often hear from everyday users is, "Clearly, my phone is listening to everything I say—I keep getting targeted ads based on my conversations." Well, they are listening, just not in the way most people think. The EFF breaks it down for us here:

Great Turkish restaurant that is, absolutely love it myself.

Ever since the Gen AI revolution started I've found myself more and more skeptical about any and all content I read. Even direct messages with people sometimes make me go 🤨

Intentionally vague post:

If you've pentested an org and they later have "an incident," I recommend you don't write speculative blog posts about how you think it maybe went down. 💩