You can watch the recording of today's @offby1security stream with @albinowax here: .

Novel HTTP/1 Request Smuggling/Desync Attacks with James Kettle

"A modern black glass house with warm lighting, nestled among tall trees beside a tranquil river in a misty forest.". Create images and videos in seconds with Grok Imagine.

Join me at 11AM PT today with @albinowax on the @offby1security stream for a session on "Novel HTTP/1 Request Smuggling/Desync Attacks!".

RT @albinowax: It's been great to see people 'enjoying' the 0CL @WebSecAcademy lab! Tune in this Friday at 11AM PT to watch me livestream t….

The @offby1security stream will return next Friday as we are at DEF CON this weekend.

RT @0xfluxsec: Introducing: Hells Hollow - Thought rootkit SSDT hooking was dead? Following my previous work, I have managed to essentially….

RT @natashenka: While most vendors ship timely patches for vulnerabilities reported by Project Zero, they don’t always reach users. Today,….

The heavily updated version of the Advanced Exploit Dev course "SEC760" with my coauthor @0xabe_io was just recorded and available at . Updates include Linux Chrome V8 Exploitation, IDA 9.1, Kernel Debugging Windows Mitigations, 2025 patch diffs, etc. .

I'm not a DFIR guy, but @DarkWebInformer is one of the accounts I've seen making the public aware of a lot of this type of activity.

Just came across some breach data for sale that was deeply alarming. If your Cyber Threat Intel team isn’t watching the dark web, Telegram, and other leak/sale channels, you’re likely flying blind. You could be missing early indicators of compromise and reduced dwell time.

RT @offby1security: We're almost at 30K subscribers on YouTube, have over 100 videos, passed 50K hours watched, and are up to 21 members! P….

Thanks to the team @dreadnode for joining me for an informative stream today! You can watch the recording on YouTube here: @offby1security.

Building and Deploying Offensive Security Agents with Dreadnode

RT @dreadnode: Rise and shine! We're going live on Off By One with @Steph3nSims this afternoon—meet us here at 11 AM PT: .

Join me this Friday at 11AM PT on the @offby1security stream with the team from @dreadnode for a session on "Building and Deploying Offensive Security Agents!" .

Join me this Friday at 11AM PT on the @offby1security stream with the good folks from @dreadnode for a session on offensive/adversarial AI. Details coming soon!.

Exploiting a Windows Application Using Return Oriented Programming

I will be streaming a portion of the SANS SEC660 course I'm teaching today in DC on Introduction to Windows Exploit Development. We will use ROP to get around DEP on Windows 11. 1PM PT.

RT @linkersec: Fuzzing Linux Kernel Modules, with Slava Moskvin. Stream by @slava_moskvin_ hosted by @Steph3nSims about building a custom f….

If there's interest I was thinking about doing a stream for an hour this Friday while I'm teaching a class on introductory Windows exploit development. Next Friday I'm hoping to continue turning the recent patch diff we did on ole32.dll into a crash condition PoC.