🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

One of the better posts on prompt injection I’ve seen. And this is because it gives actionable advice to developers! Attack insights without defense is insufficient.

This is why we're thinking through though AI/ML security problems for our clients and the public, thanks for the appreciation Alexander Mackie

We're still seeing a lot of Ruby code out there in the tech world. If we see it we hack it! Latest blog post on advanced Ruby deserialization gadget chains for exploitation of application is up blog.includesecurity.com/2024/03/discov…

We're happy to support great open/free security training to get more folks into our industry. If you want to learn low-level RE/hacks/OS check out OST2! ost2.fyi/Home.html

Check out this #BSidesNYC 0x03 interview by Preeti Ravindra with Erik Cabetas where he discusses how BSidesNYC is different from the other New York conferences, how he started Include Security, and what it's like to consult for #hacker movies. youtube.com/watch?v=ktk8px…

Fresh blog post for ya; We introduce coverage-guided fuzzing as a concept to hunt down bugs faster via modification of the Fuzzilli fuzzer from Google Project Zero. blog.includesecurity.com/2024/04/covera…

It's always great to work on open source security, even better when it helps users who need secure and private access online!

Who hacks the hackers? We do! Our new research on vulns in multiple common C2 frameworks used by netpen and red teams. If you use any of these take a look and patch up. blog.includesecurity.com

New blog! Join us as we explore seemingly safe but deceptively tricky ground in Elixir, Python, and the Golang standard library. Well-documented behavior is not always what it appears! blog.includesecurity.com/2024/11/spelun…

We're happy to sponsor great learning resources like OpenSecurityTraining2, the world is awash with a lot of bad training/certs, here's some courses that are solid and open/free!😀

Hey folks, for those who like the HTB community we've done a collab contribution of a challenge box (free, no subscription needed), give it a spin if you like to hack the hackers! 🪓 👩‍💻 hackthebox.com/machines/backf… Hint: It's a tough box, check our github and our blog for info.

It's winter, so hacking space heater IoT devices to completely control their firmware seems like the thing to do! In our latest blog post, you'll see some of the things we do for our IoT/HW clients!! blog.includesecurity.com/2025/02/replac…

New research🤩 on old tech👴! Our team's latest blog post demonstrates many ways memory vulnerabilities can occur in your legacy Delphi code despite being described as a "memory safe" language by the NSA. blog.includesecurity.com/2025/03/memory…

Today our team at IncludeSec is releasing a site to help with key collision concerns. We've known for a while that private keys should not be shared, use this site to ensure they are not! ismyprivatekeypublic.com

See you all at BSidesSF later this month! Include Security will be there with a lot of our team!

Do you use or exploit WebSockets? Check out our new blog post to see how modern browsers may (or may not) be protecting you from Cross-Site WebSocket Hijacking! blog.includesecurity.com/2025/04/cross-…