You can catch me co-hosting the DoE Cyberforce competition on Nov 3rd. For my friends still competing, hope to see you at ANL.

I'm looking to hire someone that will work closely our Deputy Paranoid (Security Champion) lead on taking our Deputy program to the next level, will be a PenTesting SME resource for the rest of Product Security, and will be the Technical Lead for our great Bug Bounty program!

"Good girl" conditioning is messaging we receive beginning in childhood to be: agreeable, polite, and nice. HERE'S WHAT IT IS:

How to heal: 1. Learn to set boundaries 2. Learn what your needs are and practicing voicing them: "I need some space" 3. Honor any emotions you feel

We've got something exciting for you all next week, but in the meantime, why not brush up on your knowledge of prototype pollution - How to use browser APIs for prototype pollution - via PortSwigger Research's recent post. portswigger.net/research/wides…

Mystified by HTTP/3 connection contamination? I've recorded a 5-minute, ultra simple explanation also covering the entire history of HTTP connection-reuse! youtube.com/watch?v=-mHjTE…

[email protected]

open.spotify.com/track/0PUWmPna…

New cloud security research! We found a vulnerability in AWS AppSync that allowed us to trick the AppSync service to assume roles in other accounts, allowing us to access their resources. securitylabs.datadoghq.com/articles/appsy…

More!

👀 Tanner Barnes and HackerOne are up to something. We can detect CWE and vulnerable asset straight from Burp, preparing most of the H1 report for you, enabling you to focus on what you do best: hacking. Should this experiment see the light of day? Let me know! h/t Burp Suite

fwiw I got $0 when I reported something similar to Google during my initial research in 2020 - and I totally get it. It's nearly impossible to control what devs will do on their own machines.

Today @bugcrowd, we're expanding our product line to offer VDP's for free bugcrowd.com/blog/introduci…, marking the next evolution of our VDP product, following our removal of incentives some time back. This marks a change in the industry, providing a no cost entry point for

Okay real talk: if your only motivation to get into #BugBounty is money, you’re not going to make it as a bug bounty hunter. It’s not enough to get through the time it takes to learn, the hours on a single website to find a single bug. Money AND is okay but money alone is just

I’m SO stoked to finally announce DistrictCon - a new DC hacker conference, bringing together hackers across industries to do cool sh*t 🎉🪩 (Feb 21-22,2025) DistrictCon.org/get-notified

I had so much fun recording this ep. My requirement was for Justin Gardner not to see the slides prior so what you see in the video are his genuine reactions as they happen live, from WTF to FOMO to "why did I not think of this before". Enjoy!

You know you're in West Virginia when even the fries have brown sugar.

Just had to explain this to some folks. What timing.

i live and breathe amazon, literally everyday i am hacking on amazon. and i'll never stop :)