Include Security
@IncludeSecurity
Followers
2K
Following
33
Media
5
Statuses
209
Simply stated: Give us any kind of app and we'll hack it better than the rest. Our clients include awesome tech companies in Silicon Valley, NYC, and beyond.
Brooklyn and the world
Joined May 2012
Do you use or exploit WebSockets? Check out our new blog post to see how modern browsers may (or may not) be protecting you from Cross-Site WebSocket Hijacking!.
blog.includesecurity.com
Include Security's latest blog post covers Cross-Site WebSocket Hijacking and how modern browser security features do (or don't) protect users. We discuss Total Cookie Protection in Firefox, Private...
2
6
14
See you all at BSidesSF later this month! @IncludeSecurity will be there with a lot of our team!.
Thank you to @IncludeSecurity for sponsoring the lanyards at BSidesSF 2025!. #bsidessf #BSidesSF2025 #infosec
0
0
2
Today our team at IncludeSec is releasing a site to help with key collision concerns. We've known for a while that private keys should not be shared, use this site to ensure they are not!
0
2
3
New research🤩 on old tech👴! Our team's latest blog post demonstrates many ways memory vulnerabilities can occur in your legacy Delphi code despite being described as a "memory safe" language by the NSA.
blog.includesecurity.com
In our team's latest blog post, we build a few examples that showcase ways in which memory corruption vulnerabilities could manifest in Delphi code despite being included in a list of "memory safe"...
0
2
4
It's winter, so hacking space heater IoT devices to completely control their firmware seems like the thing to do! In our latest blog post, you'll see some of the things we do for our IoT/HW clients!!.
blog.includesecurity.com
Our team hacks space heater firmware updates over wifi in the latest Include Security blog post. We break down, literally and figuratively, each step of the attack to demonstrate how anonymous users...
0
3
4
Hey folks, for those who like the HTB community we've done a collab contribution of a challenge box (free, no subscription needed), give it a spin if you like to hack the hackers! 🪓 👩💻. Hint: It's a tough box, check our github and our blog for info.
0
0
2
We're happy to sponsor great learning resources like @OpenSecTraining, the world is awash with a lot of bad training/certs, here's some courses that are solid and open/free!😀.
As the year comes to a close, we want to once again thank all of the individual and corporate donors who generously contributed to #OST2's nonprofit mission this year! You help ensure that OST2 will be around for years to come!. Platinum Partners:.
0
0
4
New blog! Join us as we explore seemingly safe but deceptively tricky ground in Elixir, Python, and the Golang standard library. Well-documented behavior is not always what it appears!.
blog.includesecurity.com
Join us as we explore seemingly safe but deceptively tricky ground in Elixir, Python, and the Golang standard library. We cover officially documented, or at least previously discussed, code functio...
0
2
5
Who hacks the hackers? We do!. Our new research on vulns in multiple common C2 frameworks used by netpen and red teams. If you use any of these take a look and patch up.
blog.includesecurity.com
Team Research blog
1
41
121
It's always great to work on open source security, even better when it helps users who need secure and private access online!.
.@OpenTechFund’s Security Lab partner @IncludeSecurity’s security audit of VPN Generator (software that lets anyone provide a VPN to a small group) revealed that the tool only had 4 “low-risk” issues, 3 of which have already been fixed. Learn more.
0
0
2
Fresh blog post for ya;. We introduce coverage-guided fuzzing as a concept to hunt down bugs faster via modification of the Fuzzilli fuzzer from Google Project Zero.
blog.includesecurity.com
In our latest blog post, we introduce coverage-guided fuzzing with a brief description of fundamentals and a demonstration of how modifying program instrumentation can be used to more easily track...
0
5
9
RT @BSidesNYC: Check out this @BSidesNYC 0x03 interview by @cybersnacker with Erik Cabetas where he discusses how BSidesNYC is different fr….
0
1
0
We're glad everybody enjoyed our April fool's joke for 2024. See you can be serious about security but also have fun!.
0
0
0
We released our new semgrep rules today. Given the recent news about executive orders from the Whitehouse, we thought it would be important to flag all of the code that doesn't meet federal standards. Memory Safety is serious stuff today:.
github.com
Use these SAST rules to prevent federally illegal code in your applications! - GitHub - IncludeSecurity/Memory-Safety-Detector-Rulepack: Use these SAST rules to prevent federally illegal code in y...
1
6
11
We're happy to support great open/free security training to get more folks into our industry. If you want to learn low-level RE/hacks/OS check out OST2!
Thanks to @IncludeSecurity for Sponsoring #OST2 at the Bronze🥉 level!.More about them here:
0
1
6
We're still seeing a lot of Ruby code out there in the tech world. If we see it we hack it! Latest blog post on advanced Ruby deserialization gadget chains for exploitation of application is up.
blog.includesecurity.com
If you have ever looked at the source code of a Ruby deserialization gadget chain, I bet you've thought "what sorcery is this"?
0
6
15
It’s here folks, here’s an actually deeper dive into the topic of LLM prompt injection; Much more complete than all the fluff you see out there on the topic today. If you like under-the-hood AI context, this one is for you.
blog.includesecurity.com
In Part 2 of our series focusing on improving LLM security against prompt injection we’re doing a deeper dive into transformers, attention, and how these topics play a role in prompt injection...
1
4
4
This is why we're thinking through though AI/ML security problems for our clients and the public, thanks for the appreciation @ZanderMackie.
@IncludeSecurity I want to thank you for publishing this. Your blog helped me solidify my thinking that LLMs are like von nuemann computers. And prompt injection is like a stack smash. Your suggestions to keep instruction/data separate using the roles APIs is 😍.
0
0
2
RT @ZanderMackie: One of the better posts on prompt injection I’ve seen. And this is because it gives actionable advice to developers!. A….
0
1
0