Daniel Cuthbert
@dcuthbert
Followers
32K
Following
46K
Media
3K
Statuses
16K
Documentary photographer, old creaky hacker. Co-author of @OWASP ASVS standard. Blackhat/Brucon Review Board & Co_chair UK Gov Cyber Security Advisory Board
Airport lounges.
Joined April 2008
Really happy @MagnumPhotos has started producing videos like this https://t.co/0dkJiB2NP1 How one manages such a vast archive of photography is interesting as hell to a photo nerd like me
0
0
0
It is Xmas and therefore no tech is allowed, so that means German tinkering time
0
0
8
🎄 Trump Advisor: Bernie Sanders is coming for your favorite Christmas ads @StephenMoore warns that Bernie Sanders' plan to end pharmaceutical ads may sound good to some - but could be abused by a future Democrat admin to ban things like Christmas ads for gas-powered cars.
5
47
138
Modern iOS Security Features – A Deep Dive by Moritz Steffin and @naehrdine
https://t.co/FRdenEEfqB
4
110
514
A bunch of very smart security nerds (and, along for the ride, me) are standing up a conference about AI/security (the intersection of those ideas, not just the security of AI). https://t.co/R82QCfJZTe
8
32
222
Hi everyone, I work in high-end hospitality planning bespoke trips in Asia. I usually do this for VIP clients, but I've been lurking here and see a lot of first-timers stressing out about logistics. To keep my skills sharp (and verify a new workflow I'm testing), I have some
0
0
1
Wow, remote OS command injection (from the same network segment) in FreeBSD IPv6 stack via router advertisement packets: https://t.co/8TrK41m96g rtsold passes the unescaped domain search list option from the RA packet to the resolvconf shell script.
3
67
184
Pssst Sick of the AI hyperbole? Come and see what actually is working https://t.co/eufIVq6qjL
0
9
33
When VX brings receipts…
@isabellasg3 @SamouraiWallet Isa, we don't know each other, and you're a person behind this computer, so I don't want to sound rude. Did you actually read the court documents? That's a serious question. I'm asking because, based on what you've said, it sounds like you have NOT read the court documents. The
0
0
0
Forest, MTB’ing and possibly the hardest camera ever made. The mighty Nikon F5. Saw action inside Myanmar with the Karen Rebels, Pripyat (Chernobyl), and now on dad duty Such an amazing bit of kit this
1
0
9
Instagram has some truly amazing human beings. Like Taco El Flako https://t.co/xfV5FmXUQL NGL, the style is inspiring and I am indeed wanting a car and pants.
0
0
0
2026: here’s to less touch screen wank and more buttons. More tactile knobs. More of “I can feel it” https://t.co/8bWOInKdZs
instagram.com
0
1
7
I'm thrilled to share my latest post: Why Packers are Rare and Sus on macOS! 📦 I discuss how macOS's native security mechanisms make traditional packing techniques uncommon, and why third-party packers are often a bad fit for Mac devs and offensive security engineers.
1
8
53
Key Features of $COMPFI Reward Mechanism: Holders receive pSOL directly to their wallets every 15 minutes. This is automatic, with no user intervention required, and the yields compound infinitely for long-term growth. Asset Backing: Rewards are in real Staked Solana ($pSOL
4
7
7
There is just something so compelling, so 'grab you by the neck and make you look...' about large format photography. Bob Thall's work from the 70s and 80s is incredible on so many levels. Maybe it's the depth and scale, or the cars, it just resonates https://t.co/et6Goh3nbN
0
0
10
When @halvarflake writes, i stop and read. Ask your LLM for receipts: What I learned teaching Claude C++ crash triage https://t.co/AiBGSIa92i
1
20
80
Good week for RAPTOR, and thanks the community for all the PR's and patches. Like https://t.co/phktr8fmw7 who added an offsec-specialist skillset We are also working hard on the crash analysis capabilites
1
7
46
Hell, even SAML says this https://t.co/zctBYGbTT3 Yes, I'm totes fun at parties but I'm sick of how lazy SF tech companies are with security and standards. Lazy ass shits, the lot of them
0
0
0
Rules aside, it's also a shit idea. https://t.co/04yA2jvpnM Client-side redirects can be manipulated if the redirect URL is exposed in the page content, they're harder to audit and validate programmatically and tools and proxies can't properly follow/validate the chain
1
0
0
Section 6.4 defines redirect status codes (301, 302, 303, 307, 308) specifically for this purpose. Using a 200 OK with JavaScript to redirect circumvents the intended HTTP semantics for redirection.
1
0
0
Waht in the shittery names of jack and sally... Using a client-side redirect via satans spawn (java lite, or javascript) instead of a proper server-side HTTP 302/303 redirect. Rules, we need dem rules https://t.co/9sPoa1IAup
datatracker.ietf.org
The Hypertext Transfer Protocol (HTTP) is a stateless \%application- level protocol for distributed, collaborative, hypertext information systems. This document defines the semantics of HTTP/1.1...
1
0
0