We are looking for code and non-code contributions. We have extensive documentation for contributors https://t.co/e7yJouQ01m Talk to us via Github discussions or Discord - https://t.co/F8yEpXbtVe -

Hacktoberfest is here! https://t.co/iI7VQ1UiSx Mantis, our in-house ASM tool, will be part of it. If you want to contribute, visit our repository, look for "issues"/"discussions" with the tag "hacktoberfest"/"hackathon" and get started! https://t.co/9TicIYyBsD

hello, we need your help, have a min? 🚨 for over 8 years now, we have fought with courage & strategy to protect our right to privacy, free speech, & innovation in an increasingly digital society. 💪 but, we can't retain our autonomy, transparency & independence without YOU.🧵

Akshay ( @mast3root ) and I will be presenting Mantis ASM framework at @HITBArmory If you are at the conf and interested in Attack Surface Management esp from a Produce Security PoV, do drop by!

So, Google Chrome gives all *.google.com sites full access to system / tab CPU usage, GPU usage, and memory usage. It also gives access to detailed processor information, and provides a logging backchannel. This API is not exposed to other sites - only to *.google.com.

📣Debuggers 1102: Introductory Ghidra released!📣 https://t.co/Ao8PrkYDC8 This class by Erin Cornelius https://t.co/CPkecD9LYh and @XenoKovah provides students with a hands-on introduction to Ghidra as a debugger, wrapping GDB or WinDbg, thus providing decompilation support.

TIL: ACM India Membership (1700 INR) with Skills Bundle (75 USD) gives you access to OReilly (499 USD). OReilly is like OTT for tech books & courses. This is one subscription I found a lot of value in. https://t.co/AqDnkkA2AR

This photo is 113 years old. It was taken by Sergey Prokudin-Gorsky, an early pioneer of colour photography. If you've ever wondered what the world used to look like, Prokudin-Gorsky's photos will show you...

P.S. - We did disclose the bug responsibly to the founders but it hasn't been fixed in over a month.

Let's say, during an Internet wide recon we stumbled upon an Indian startup leaking 1000s of highly sensitive medical records. What are our options here? For now, minding my own business & ignoring the issue but open to other morally/legally right options Asking for a Friend ;)

. @mast3root and I delivered an introductory talk on security testing on iOS at #THREATCON2023 This is a breadth first talk that can be used as a quick reference during #iOS security testing Slides at

This tool will be presented by our team at @BlackHatEvents Europe in London next week. If you are around, please drop by at the Arsenal booth for the talk and some swag. https://t.co/oiYJINelKZ

*Tool launch* Over the past few months, we built a security framework that automates #discovery, #recon & vuln scans. We aimed to tackle the challenges we face in ASM as a Product Security team. This is WIP and we are ready to build in public. https://t.co/0FhbY5BEG5

Leave my name alone, you idiots! #BharatVsIndia

Haven't been using twitter much lately, but just FYI people can't DM you anymore unless they pay the troll toll. Might want to switch this off if you didn't realize it was switched on.

It's @THREAT_CON time (Sep 13th) Akshay (@mast3root) & I will be talking about getting started with iOS (&apple ecosystem) security research from bug bounty PoV. We have a few student passes to give away. Reach out if you need one. Register at - https://t.co/xHtabOhmx6

This project has 100% coverage (Enumerates every valid and active subdomain under https://t.co/8aeiiQI1lP) NIC doesn't maintain a directory of subdomains/apps so this project will help research orgs/think tanks like @cis_india to perform studies on these govt domains/websites

Publishing a little project I have built - "National Informatics Centre subdomain tracker" https://t.co/lo9Abcuwv6 This project enumerates all the subdomains of https://t.co/8aeiiQI1lP using a DNS technique and pushes them to the git repo everyday once.

New video is up on the channel showcasing some advanced techniques for root detection and how to bypass them using frida. @fridadotre @mobilesecurity_ @radareorg https://t.co/19kwFbs1mk