On prem is back! x.com/rucam365/statu…

0.1x engineer [FULL]

How do we turn bad SSRF (blind) into good SSRF (full response)? The Assetnote Security Research team at Searchlight Cyber used a novel technique involving HTTP redirect loops and incremental status codes that leaked the full HTTP resp. It may work elsewhere! slcyber.io/assetnote-secu…

Our team recently used a novel technique to increase the impact of what seemed to be only a blind SSRF. This novel technique involving HTTP redirect loops and incremental status codes led to full HTTP response leakage. Read more on Searchlight Cyber blog here: slcyber.io/assetnote-secu…

Did you know that Antisyphon Training is part of the BHIS Family of Companies? Check out all of the Pay-Forward-What-You-Can offerings they have coming up next month! Which one are you most looking forward to? antisyphontraining.com/live-training-…

Join BHIS Analyst John Malone, eJPT, M.A. Malone for a free one-hour webcast exploring how social engineering calls are planned and executed. Thursday, June 26th - 1:00 PM EDT Register: events.zoom.us/ev/Ag_3DAnO5Eq… P.S. Read John's new blog on this topic blackhillsinfosec.com/how-to-design-…

Google CTF is over! One of the challenges was about CVE-2025-5263 I recently discovered in Firefox (and Chrome). See the writeup at gist.github.com/terjanq/4cb406…

Join Jennifer Shannon from Secure Ideas for this 2-day training course and by the end, you will be able to conduct a basic API pen test using a systematic approach & industry best practices! Grab your spot here: antisyphontraining.com/course/profess…

This Thursday, Derek Banks and Joff Thyer will be teaching practical ways AI technology can be used as a daily workflow and task optimization tool for Cyber Security Professionals: antisyphontraining.com/course/worksho…

New writeup: Early last month, Sam Curry, sshell, and I found a Django ORM injection in an online shooter game that let us steal cryptocurrency from the game's wallet. Read the blog post here: blog.p1.gs/writeup/2025/0…

Join Jason Haddix for a free hour Antisyphon Anti-cast, "Attacking AI." You'll learn practical techniques for assessing AI-enabled systems, including a 7-point methodology, prompt injection taxonomy, & useful tools. Wed, July 9th - 12:00 PM ET Register: events.zoom.us/ev/Ap_oRmO3xIC…

DMARC can reveal more domains associated with a target. dmarc.live/info/<target-domain> allows you to find domains using the same DMARC record. Check it out 👇 There's also a python tool: github.com/Tedixx/dmarc-s…

Join us this Friday, July 18th, 11 AM–4 PM ET for the SOC Detection Engineering Crash Course with Hayden Covington from BlackHills Info Security! No experience needed, just bring your curiosity! Register now: antisyphontraining.com/course/worksho…

I hope everyone got some rest after DownUnderCTF this weekend. My colleague hashkitten wrote up a blog post on a novel technique for SQL Injection in PDO's prepared statements, required to exploit the “legendary” challenge, which only got one solve: slcyber.io/assetnote-secu…

Something to look forward to this Friday: Foundations of Network Forensics & Analysis with Troy Wojewoda! This workshop is 4 hours long and includes hands-on labs. It's the perfect way to fit a bit of training into your workweek. Registration & details: antisyphontraining.com/course/worksho…

Workshop happening THIS THURSDAY: ✔️ Pay What You Can ✔️ Collaborative interaction with instructor & fellow students ✔️ Access to course slides for future reference ✔️ Tips, tools, & techniques that can be applied immediately antisyphontraining.com/product/worksh…

Try this out on your next target! Some more gold from the guys at Critical Thinking - Bug Bounty Podcast! 🔥

At long last - Phrack 72 has been released online for your reading pleasure! Check it out: phrack.org

👋 I need your help to break a personal record! Last year we had about 500 registrations for my free Hardening Active Directory Webinar. We are currently at 234 for my free Windows Misconfigs webinar. That's a difference of 266. More people = more questions More people = more

What’s harder: building a new detection or maintaining an old one? Join us on August 22nd with Hal Denton as he takes you through the detection engineering lifecycle. antisyphontraining.com/product/worksh…