🧐 Recently, we found a GitHub vulnerability exposing private data. 😱 Now, a similar issue in Microsoft Azure DevOps (ADO) might be even worse. 🔓 Commits in Private Forks are actually Public! More details 👉 trufflesecurity.com/blog/you-can-a…

2020 Me every time an American asks where I lived

If you copy someone's research, post it and get caught it is 100% their right to put you on full blast always. No notice. No warning. And the community should look at every single one of their previous posts and ensure they didn't do it before.

Listen here you little shit. Send me 1 irrelevant notification and you’ll be on the app naughty list and have your notification ability revoked. Do I make myself clear

Fun fact: "auth" is short for "it's either authentication or authorization but I don't remember the difference right now"

Now I've got the hang of it, Burp Suite's Organizer is super useful for research. My workflow is: - Work in repeater, using notes but making no attempt to label/group tabs - If I see anything interesting, ctl+o to send to Organizer - If I realize something was notable

I may have been ambitious in my choice of project here… the black specs are the resistors I need to solder

“Mass layoffs, workforce reduction of 30%” sad, economically we’re not doing well, we can’t give shareholder value, might lose money “Return to office mandate after pandemic recovery” bold leadership, new ideas, things returning to normal, happy

I'm going to go one step farther: I don't think jailbreaking / prompt injection in the LLM space is a fixable problem with LLMs as they currently exist. We have design secure applications that account for the way that LLMs *actually* work, not the way we *wish* they did.

Does that mean that it's harder and more complicated to design those applications? Yes. Does that mean that there's a lot of cool stuff we just can't do securely? Also yes. Does that change if we just beg the LLM to "Do what I mean, dammit"? No. Alas.

If a threat hunter is a thrunter, that means threat actors are actually tractors. 🚜

Ohio has so many roundabouts I feel at home

Exploiting APIs from start to finish 👌 #bugbountytips #apisecurity

Honestly this is peak content creation, put it out there, no matter how bad you think it might be 💪💪💪

Let’s go BSides Columbus 👌 looking forward to chatting API hacking 😂