1/ We just published our first Bug Bulletin, the spot where we aim to share cool bugs we found in our own and external code, and how we found them engineering.fb.com/2022/07/20/sec… 🧵

Our security researchers discovered a technique that allows attackers to disclose sensitive information from Python applications using the popular Django framework. Learn more in our technical analysis: blog.sonarsource.com/disclosing-inf…

Thoughts on how to maximize success as an infosec team that needs to roll out changes people may not like - collingreene.com/communicating_…

Brandolini's law: The amount of energy needed to refute bullshit is an order of magnitude bigger than to produce it.

New blog post :) A pretty unique Android vulnerability I found, which allowed me to exploit the kernel by using the TrustZone. This helped me bypass all kernel security mitigations and create a super reliable exploit. tamirzb.com/attacking-andr…

XSS and RCE in Microsoft Edge (Chromium) = bounty 40000$ 🔥🔥🔥 --------- By Abdulrahman Alqabandi -------- leucosite.com/Edge-Chromium-… ------- #hackerone #BugBounty  #hackeronereport #writeups #Bugbountywriteupspublished #bugbountytips #bugbountytip #Microsoft #RCE #XSS #bounty

I retired at 32. Went from being CEO of 3 companies to 0 companies in a span of months. Thread: My honest experience of retirement at 32.

I just published a post on Medium about the most relevant vulnerability I have found in my life so far. "Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)": medium.com/@jacopotediosi…

How Tesla caught the employee who was leaking confidential information to the press in 2008. Really clever

Predictable GUID vulnerabilities are often critical and easily overlooked. This extremely practical writeup & tool release by Daniel Thatcher is well worth a read: intruder.io/research/in-gu…

Let’s dive into five of the principles I live by fs.blog/principles/

After I was convicted of murder and sentenced to 26 years in prison, when the earth dropped out from beneath me, and global shame rained down on top of me, I had my first ever epiphany. /thread

We’re releasing GPT-4 — a large multimodal model (image & text in, text out) which is a significant advance in both capability and alignment. Still limited in many ways, but passes many qualification benchmarks like the bar exam & AP Calculus: openai.com/research/gpt-4

I hacked into a @Bing CMS that allowed me to alter search results and take over millions of Office 365 accounts. How did I do it? Well, it all started with a simple click in Microsoft Azure… 👀 This is the story of #BingBang 🧵⬇️

Ever wondered how I choose what topic to research? I've shared my personal approach, using Smashing the State Machine as a case-study: portswigger.net/research/how-i…

Download 698-page PDF >> Everything You Always Wanted To Know About Mathematics* (*But didn’t even know to ask) A Guided Journey Into the World of Abstract Mathematics and the Writing of Proofs math.cmu.edu/~jmackey/151_1…

The recording for "Smashing the state machine: the true potential of web race conditions" is now live, courtesy of DEF CON! Watch it here - or catch the updated edition in-person at NULLCON later this week! youtube.com/watch?v=tKJzsa…

Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript buer.haus/2024/01/16/rev… Thanks to HackingHub for putting together a lab to learn more about it: app.hackinghub.io/surl

This is a talk I gave to 14 and 15 year olds about what to do now if you might want to start a startup later. How to Start Google: paulgraham.com/google.html

New Anthropic research paper: Many-shot jailbreaking. We study a long-context jailbreaking technique that is effective on most large language models, including those developed by Anthropic and many of our peers. Read our blog post and the paper here: anthropic.com/research/many-…