When you go looking for bugs... you find them.

You should be aware of the term "harvest now, decrypt later". At some point, the encryption we use today will be easily crackable. Don't rely too heavily on it. Better to be very protective of where your data ends up, even if it's encrypted.

Credit union BECU has turned off Quicken access for 2 months and counting due to cyber attacks. MANY banks still allow user:pass only access to OFX with no MFA, ripe for password spray and reuse attacks. https://t.co/vnkOvrIt3Y

My write-up for the #DEFCON31 @paymentvillage Card Hacking Challenge. https://t.co/Nw7JwgiiIL

.@Grifter801 what if you make a beer cold by launching it into space? #DEFCON31

Thanks @paymentvillage for a fun, realistic, hacking challenge! $100,000 charged and 18 card numbers stolen. #DEFCON31

SSL/TLS issues come up all the time during PenTests and explaining the technical detail of all of the different TLS configuration options can be quite difficult - so I put together a handy guide! https://t.co/mCNEjDyv7H

Just got laid off from Google. If anyone needs SMB 1/2/3 protocol or Open Source experience, I'm interested.

if you don't release an API people will build a whole selenium browser automation over it smh

As an industry, security needs to move away from filing a vulnerability Jira ticket and calling it a day. Business risk is only reduced when vulnerabilities are mitigated or fixed. Far too many Jira tickets stay open for months or even years. In these cases, we haven't helped. 🧵

The most thorough timeline and technical explanation of the incident I've read so far. A lot of good lessons learned for other companies in this post mortem.

A lot has been spoken about Uber case, but I went and purchased the trial transcripts before they were set to release in 2023: A blameless post-mortem of USA v. Joseph Sullivan https://t.co/qNyt3bqJKb

If you enjoyed the Web App Hacker’s Handbook, I’d encourage you to try out our Burp Challenge on @WebSecAcademy. It’s fun and current, you’ll probably learn something new, and you might even win some exclusive @Burp_Suite swag.

. @2600 Sorry, I liked this.

This is an immediately usable template for communicating unpopular change to your company. Thanks @libber.

Pictured: Proof that Node + NPM is madness. This pic is showing the chain of dependencies leading to a vulnerable package, but it's so big it broke our CSS. 😂 View vuln chains for your projects (for free): https://t.co/rjlsL6JssD Who can find the longest chain? Share yours 👇

Who? -> Whoever What? -> Whatever When? -> Whenever Where? -> Wherever Why? ->

From the TLS Newsletter: Coursera announced the much-delayed Cryptography II course by Dan Boneh starting in October. Boneh created the very popular Cryptography I course many years ago. https://t.co/Uognt5ji0d, https://t.co/dZbi7gpSQc July issue: https://t.co/qnqPySoYq1

Sumo! Sumo! Sumo! Sumo!

Continuing our series of chaotic IP facts: All of the items below are equivalent to 127.0.0.1. Don't believe us? 🤔 Ping them! 👇 127.1 2130706433 0x7F000001 You can also "overflow" digits, for example 127.0.256 is equivalent to 127.0.1.0 🤯 Follow us for more mayhem.

And now, a rundown of my personal (not corporate) security posture. Let's tune in...