I just discovered that there's a 14-page "auxiliary materials" paper that goes with the (in)famous Cousot & Cousot POPL'14 paper... it's not significantly less dense cs.nyu.edu/~pcousot/publi…

📢 ASPIRING HACKERS! Want to learn to hack? Since it's virtual anyways, we're opening our Fall 2020 ASU Computer Systems Security / CTF course to the WHOLE WORLD! More info, including lecture times, youtube/twitch/presentation links, and practice problems: pwn.college

I'll just leave this here. net user $ LetMeIn123! /add /active:yes

GrapheneOS 2020.09.10.05 release: grapheneos.org/releases#2020.….

Today we're[+Mark Ermolov and Dmitry Sklyarov]disclosing the technique allowing to modify #Intel #Microcode on the fly! For the first time you have the ability to intercept control flow at such a low level. We've developed the microcode patch that changes the processor model string as PoC

academia vs industry

TetCTF2021: I have a Web⚔️Crypto: Next-Gen Proxy challenge. It's get inspired by great research of Joshua Maddux was presentation in BlackHat USA 2020. It's about TLS + SSRF = RCE. Also, here is my slide included in the flag of this: shorturl.at/cquJ7 Happy hacking new year.

I just published a video: Hacking the ████████® ████ & █████™ youtube.com/watch?v=sVkFGa…

New blog post from TAG with details of a North Korean campaign targeting security researchers working on vulnerability research and development. blog.google/threat-analysi… Stay safe out there everyone!

Security researchers messaging each other after today

I am bit surprised about the low response to the #Codecov hack - do I miss something or do you? Their statement about.codecov.io/security-updat… Article by Catalin Cimpanu therecord.media/codecov-disclo… Affected projects Felix Wilhelm x.com/_fel1x/status/… My IOC & YARA rule x.com/cyb3rops/statu…

Best part of playing ALLES is I found a way to bypass patch for a vulnerability while auditing challenge's source code. Hopefully it won't be another many years ago duplicate, again 🥲

My writeup for ALLES 2021 🔥 Counter Strike: Squirrel Offensive. hackemall.live/index.php/2021… (blogpost) gist.github.com/kungfulon/c503… (markdown version and script)

Our Pre-Auth RCE exploit for Atlassian Confluence (CVE-2021–26084) was leaked after reporting it to VMware. They have refused to admit the leak and ignored our emails. tradahacking.vn/atlassian-conf…

An attack vector in xmlsec and exploiting it on PingFederate. blog.tint0.com/2021/09/pingin…

The 1.07 version of MDSec #BurpSuite #Sharpener extension is out. In addition to some bug fixes, this version comes with the Halloween theme! Just what we need to harvest more bugz!!! 🎃🎃🎃 github.com/mdsecresearch/… 🎃🎃🎃 Thanks to @CoreyD97 for a swift library update! 👻

A fun collaboration between me and jvoisin about playing with weggli 😁 dustri.org/b/playing-with…

CVE-2023-49105 WebDAV Api Authentication Bypass using Pre-Signed URLs POC Lazy coder + ChatGPT => nocode cc Nguyen Anh Tien github.com/0xfed/ownedclo…

🍫 Flatt Security Developers' Quiz #7 開催！ 🍫 解答は2/18(日) 19:59まで！チョコ獲得を目指して頑張ってください！ デモ環境: …olarbear-g42t0hqf.quiz.flatt.training ソースコード: github.com/flatt-security… 解答提出フォーム: forms.gle/Y1cHeeBSt4FwGZ…