In my web security training I often get asked for multi context payloads. This is the one I've created and learned to love in the past 10 years. Try yourself with @owasp_juiceshop by @bkimminich #bugbounty #hacking #juiceshop #owasp #hackerone #Security #WordPress #number23

How often do you use ChatGPT and alike weekly? #ChatGPT #OpenAI

During a recent code review I noticed something in the VSCode Language Server JSONRPC implementation that made my brain tingle. Why not investigate this on stream? Maybe we find nothing, maybe we find something useful. https://t.co/X3ezcY4Uq3

DroppedConnection - a fake VPN server that captures credentials and executes code via the Cisco AnyConnect client. https://t.co/X8IlRj8BIt

A prototype @Burp_Suite extension for Enterprise/Pro using the new Montoya API. Leverages the Google Safe Browsing API to check that any URLs in the enumerated site map aren't known to be malicious. Help detect those watering holes! Code 👇 https://t.co/TO02ZJ1uAL [1/2]

New blog post and updated #binaryninja plugin: "Statistical Analysis to Detect Uncommon Code" We use statistics to identify obfuscation in an #Anticheat, a mobile DRM, a #Windows kernel module & malware. Link: https://t.co/AxDgMwgxmT Code: https://t.co/wWPTnvSflh

I can highly recommend to work with @moritzj

How do we encourage women to pursue tech? https://t.co/8h68JWHGlw

Wait... they never fixed that?? 🤣 https://t.co/1zmHfdDoCJ

Someone criticized us for using "the LGBTQ flag" in this artwork (made by @Nico_n_art), and said they would not follow vx-underground if we supported "the homosexual agenda". We have decided to make that our entire theme for the time being.

The Apple Lisa source code is here! Check it out. https://t.co/pKgaGP1iiV #AppleLisa #ArtOfCode

tl;dr Threat Actors don't need malicious documents, they just need Google ads and a stolen credit card https://t.co/zQHQhJRm4c

"deepce: Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)" #infosec #pentest #redteam https://t.co/0paauFtOQF

The Mailchimp Security team identified an unauthorized actor accessing one of the tools used by Mailchimp customer-facing teams for customer support and account administration. #hacking #infosec #Mailchimp More: https://t.co/kKahsZTnQh

I'm happy to announce the first keynote speaker at CanSecWest in Vancouver on March 22-24 will be Dino Dai Zovi (@dinodaizovi) who is always amazingly insightful.

The Department of Justice has announced the arrest of Anatoly Legkodymov. Legkodymov, the Founder and Majority Owner of Bitzlato Ltd, is accused of laundering more than $700,000,000 in illicit funds from ransomware groups and Hydra Marketplace More info:

The Billion Dollar Vulnerability Forcing a Major Fork On The Ethereum Chain https://t.co/LfsZMpWQmX

Pleased to share that I'll be delivering the keynote at the 10th Information Security Conference in Greece on Feb 22, 2023. My talk: "The Future of Cyber Security: Preparing for the Unforeseen" #cybersecurity #infosec #futureofsecurity

https://t.co/MV8r9Kxlk5 => „BugChecker is a SoftICE-like kernel and user mode debugger, supporting Windows versions from XP to 11, both x86 and x64)“ #SoftIce #Debugging #Oldschool

I hacked a large company (70k+ employees) through social engineering. Legally of course. • I set up the infrastructure • Scraped names & emails with LinkedIn • Sent 200 phishing emails. I had access to their AWS console within 2 minutes. And much more:

What are your hacking goals for 2023? #hacking #BugBounty #bugbountytips #hacker