Major cheat code for life: Commiting to something. The world is filled with the half-finished dreams of people who were too afraid to truly commit. Half in is actually all out. Even 90% gets you nowhere. There’s a magic in that last 10%. And it does not take talent, just courage.

For those missing the talk, Blog: https://t.co/XBvFMbsfi0 Slides:

“When a man can’t find a deep sense of meaning, they distract themselves with pleasure.” — Viktor Frankl

The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die:

Today, together with Jonathan Elkabas, we're releasing EntraGoat - A Deliberately Vulnerable Entra ID Environment. Your own hands-on Entra lab for identity attack simulation. Built for red teams, blue teams and identity nerds. Check it out here👉 https://t.co/5qlXQiSYHS

I just learned that OSC8 (hyperlinks) in Windows Terminal uses ShellExecute(). Excellent trolling potential for README files 😆

Annual Defcon Bikeride is officially a go! I encourage you to try it this year if you’ve never been. 😎 #defcon33 #wehackhealth https://t.co/eFafs4hik3

We recently identified a number of privilege escalation vulnerabilities in Lenovo Vantage on Windows; check out our latest blog for a technical deep dive

First ever (i think?) cli coding agents battle royale! 6 contestants: claude-code anon-kode codex opencode ampcode gemini They all get the same instructions: Find and kill the other processes, last one standing wins! 3... 2... 1...

GGs #NBAFinals

We are looking for a junior security researcher 🤠 No university degree or previous work experience required, but MUST be able to demonstrate interest in the field and some basic skills by either: 1. Have published blog post detailing 0-day vulnerability (found by yourself)

Man if I ever write a database hacking tool — I’m just gonna call it paul_gerste. He’s always pointing out neat database pwnage opportunities that have been overlooked for years. Would recommend his recent Defcon talk and blogs. 🔥🔥🔥

Anyone else feel boxed out from watching the #NBAFinals ? 😂

Our new @GoogleDeepMind paper, "Lessons from Defending Gemini Against Indirect Prompt Injections," details our framework for evaluating and improving robustness to prompt injection attacks.

https://t.co/7liEcc344r

Great read with solid takeaways for instructing LLMs to assist in bug hunting. An interesting highlight besides the bug itself were the stats: o3 found it in 8/100 tries, Sonnet 3.7 in 3/100 runs, Sonnet 3.5 goes 0/100. I wonder how the new Sonnet 4 would perform? 🤔

We all wish to visit those hills someday.

The first edition of the Arizona CTF (this one open just to undergrads in the state's various colleges) is running right now! Just over 100 undergrads pwning at the moment across AZ, 13 challenges solved, 10 challenges and 5 hours to go. First prize is $1337. Hype!

We're excited to announce our exclusive Zero Day Quest flash challenges, offering awards up to $100K for researchers who have qualified for the Zero Day Quest Onsite Hacking Event. These time-sensitive challenges will task our qualified researchers with uncovering hidden flags in

I’m puzzled why Wisconsin didn’t go straight to the rim on that last possession. GGs none the less.