professional hacking tip: be nice to people.

RT @slyd0g: This is so cool :). "Santa also supports file access authorization (FAA), restricting access to specif….

RT @_MG_: This piece of plastic added $10k to a custom USB cable build. 🧵

RT @samwcyo: When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We (@iangcarroll and I) dis….

RT @jackhcable: Update: @cluely filed a DMCA takedown for my tweet about their system prompt, alleging that it contained "proprietary sourc….

RT @xEHLE_: New writeup:. Early last month, @samwcyo, @sshell_, and I found a Django ORM injection in an online shooter game that let us st….

And remember, even though they announce a “winner” every year, we all know @CCDCRedTeam is the real winner 😂. Huge shouts out to @1njection @alexlevinson @egyp7 @Hultoko and everyone else who I had the privilege of playing with this year!.

New blog post about all the fun I had red teaming at @NationalCCDC this year!.Covers some of the fun we had this year specifically relating to the web side of things, as well as some tips and resources for competitors & those interested in participating.

Used this trick go find a bug in a big AI app where I could read everyone’s private conversations!. TLDR: You can do greater/less-than queries against UUIDs because in Supabase they’re stored like 128-bit integers. Thanks to @rez0__ and @Rhynorater for the shoutout on the pod!.

RT @rez0__: Uhhh yeah you can do lt.UUIDHERE.

RT @infosec_au: To kick off our Christmas and July research posts, we explain how we achieved persistent XSS on every Adobe Experience Mana….

RT @greglesnewich: Fun crossover blog about TA829 (RomCom) & TransferLoader with my ecrime pals it’s got everything:. 🛰️ Popped routers for….

RT @infosec_au: We’re celebrating Christmas in July this year, starting July 1st. We’ll release a security research post on Searchlight Cyb….

RT @nullpt_rs: Reverse Engineering Vercel's BotID by @blastbots .

RT @noperator: a lil tool that I've needed for a long time

RT @infosec_au: How do we turn bad SSRF (blind) into good SSRF (full response)? The @assetnote Security Research team at @SLCyberSec used a….

RT @jackhcable: I reverse engineered @cluely – and their desktop source code exposes their entire system prompts and models used. What's i….

RT @binarygolf: BGGP6 will happen fall/winter 2025 instead of our usual summer event! Stay tuned for more details.

RT @nullpt_rs: Breaking WebAuthn, FIDO2, and Forging Passkeys by @vmfunc .

i'm so hired of seeing these 16 BILLION CREDENTIALS LEAKED!!! stories. it was like 15 billion of the SAME CREDENTIALS last time the news ran this tired clickbait story. It will be 17 billion next time.

RT @birchb0y: excited bc today @HuntressLabs is releasing our analysis of a gnarly intrusion into a web3 company by the DPRK's BlueNoroff!!….