Want to become an ethical hacker? 🥷 Here's a list of my favourite [mostly practical] resources 📚 They are all free (or have a free option) and there's more high quality material here than anybody realistically has the time to complete ⏳

My writeup for the "Ghost Whisper" challenge by @Brumens2 (@yeswehack) 💜 This was a cute Halloween challenge featuring a basic command injection vulnerability and unicode overflow 👻 https://t.co/YlC2x2UBts

Diffing 7-Zip for CVE-2025-11001 https://t.co/mz5XjU1TtJ

Low-Level Software Security for Compiler Developers If you ever wanted a textbook-style guide to memory safety bugs, undefined behavior, exploit mitigations, side channels, etc. All in one spot, this free book is it: https://t.co/XfY21Uzen1

Part 3 of our Hacking AI Apps series. This time we hacked OpenAI Atlas Browser: A vulnerability that let us control tabs, leak browsing activity, and hijack your Reddit/Facebook accounts by stealing OAuth tokens. https://t.co/rhGzrfj5TW Stay tuned for Part 4: Antigravity!

Stay ready for outages with Powerwall and Storm Watch during extreme weather.

New on our Frontier Red Team blog: We tested whether AIs can exploit blockchain smart contracts. In simulated testing, AI agents found $4.6M in exploits. The research (with @MATSprogram and the Anthropic Fellows program) also developed a new benchmark:

New video covering the solution to the Mother Printers challenge I created for @hackinghub_io 💜 Tried to make it as beginner friendly as possible as I know many players aren't familiar with rev/pwn 😇 https://t.co/r8PjGTkgFP

My very first blog post is live: https://t.co/Ud0Iffh4Gg During research, I've run into and documented a simple universal SQLite Injection RCE trick. Enjoy! N-day Analysis about Synology Beestation RCE (CVE-2024-50629~50631) by legendary DEVCORE 🎃 🍊 Thanks to @u1f383

You can write '2' (0x32) anywhere in the filesystem of a Linux-based network switch. How do you get root? That's basically what my talk at @GrehackConf was about - enjoy! https://t.co/KRJSndycqm

ICYMI: videos from @WEareTROOPERS 2025 dropped recently! I'm starting with this talk about hacking security cameras at Pwn2Own: https://t.co/1z5D1fVkti

Happy black friday! 😇

At #Pwn2Own2025, our experts @Tek_7987 & @_Anyfun remotely compromised a Synology Beestation Plus via a pre-auth exploit, leading to full system takeover. The vuln is now tracked as CVE-2025-12686 🔍 🔗 Full write-up:

I've also covered this set of tasks in a writeup:

You can still play the challenge for free!

Shout-out to @stephenfewer and @starlabs_sg - their awesome research was the inspiration behind the theme of this challenge 💜 https://t.co/CYN1VyG8ys https://t.co/gM1QqYYUCV

Didn't get chance to solve my "Mothers Printers" challenge on @hackinghub_io? 🖨 Here's the official writeup ➡ https://t.co/eGRqJgGG8L Prefer video? Stay tuned for a beginner-friendly walkthrough on YT next week ▶

Reversing web CVEs isn't guesswork. It's process. New blog: how we go from "vague advisory" → local lab → patch diff → safe Nuclei PoC, with concrete examples (Zimbra, Ivanti, Versa, Lucee). Read the full methodology:

We've found a high-severity zero-day vulnerability in Firefox using @WeAreAisle's autonomous AI security system. It's now going by the name of CVE-2025-13016. If you're interested, here's my detailed technical blog post: https://t.co/o13azuTBw0

Breakin 'Em All – Overcoming Pokemon Go's Anti Cheat Mechanism (@defcon) https://t.co/D0a65IYlfF

Over the last 12 months, watchTowr Labs uncovered thousands of leaked credentials: cloud keys, AD creds, API tokens, even KYC data - already being abused. Join us on our journey into “innocent” developer tools. https://t.co/0ozS0DWfuI

Advent of Pwn = daily @pwncollege challenges running from December 1-12 🎄 https://t.co/TmzREOwovB