And our Vulnerability Management team is growing in CZ as well, HERE Technologies: linkedin.com/jobs/view/2909…

📝New research by Impact: "Fork Bomb for Flutter" There are more and more Flutter applications, and security analysis of these apps is in high demand. Our member Phil shares his knowledge and presents his reFlutter tool. Read the article: swarm.ptsecurity.com/fork-bomb-for-…

How to do a $50k social engineering pentest in a couple minutes via OpenAI playground. 1/2: Create a EC2 instance with EvilGenX 3. Limit your firewall via iptables to only accept target IP addresses 4. Purchase a domain 🧵 1/2

Future of hacking... ha ha, It is really fun, thx!

My dear humans and non-humans, I present to you the speakers for #OffensiveCon23 offensivecon.org/speakers/

A Dark Side of UEFI: Cross-Silicon Exploitation by Alex Matrosov and Alexander Ermolov now #OffensiveCon23

Also found interesting, that ChatGPT works much better if you ask to use LangSec approach: translate logic into grammar, and input as a language and try to find a Weird Machine, works more efficient at my example than just "check the pseudocode/logic for security issues"

Our lovely Red Team at 🦊 GitLab is looking for a Senior Red Teamer boards.greenhouse.io/gitlab/jobs/67…

"... detected several remotely exploitable bugs in AMI MegaRAC BMC" "... whole attack sequence: from having zero knowledge about a remote AMI BMC with enabled IPMI (yeah, right) to flashing a persistent firmware implant to the server SPI flash" Looking forward to this talk!

Application Security and Vulnerability Assessment getting a significant advantage from GenAI (context-driven knowledgebase). That helps security teams understand the root cause of the problem faster and significantly reduces the latency in producing security fixes at scale.

Let me say that again... You store pointers at the _destination_ address of a memcpy. You glitch during memcpy (). You get that pointer into PC. No, it's not sci-fi. It's the "instruction corruption" fault model. And we pioneered that. See thread below 1/N.

How can we measure the Return on Security Investment (RoSI) of Bug Bounty programs? Yuri Goltsev and I have explored various numbers to find answers, and we'd like to share our ideas with you - linkedin.com/pulse/how-meas…! #ROI #bugbounty #metrics #okr

Hey, we are looking for an Incident Response Engineer in Mexico! #job social.icims.com/viewjob/pt1723…

"we would look at xrefs to strcpy() and write a highly reliable exploit by the end of the day"