only a matter of time.

Asymmetric Research is looking for a security researcher focusing on Rust runtimes, such as Solana. Here's the job posting: asymmetric.re/careers?ashby_… Message me if you're interested. We are really looking to get a top-notch person for this role.

#1 on Immunefi's leaderboard is hiring - amazing team you should join!

This is an awesome training on glibc heap exploitation, now available to everyone! And you get Maxwell’s brilliant energy in the videos. Previously seen at defcon etc

We're actively hiring for a number of roles. Tackle complex security challenges with an integrity-driven team that values deep expertise and relentless curiosity. Details below, and please share with anyone who may be a good fit. ↓

I'm currently trying to understand how the OP Stack works. It's non-trivial... But I just found an amazing breakdown of concepts and code snippets for each part of the node software. This is exactly what I needed! Thanks Joohhnnn github.com/joohhnnn/Under…

I believe security is like a sport - a few skilled people will do better than a big average company.​​​​​​​​​​​​​​​​ thank @bytes032.xyz for your help.

Maxwell ꓘ Dulin (Strikeout) this man knows

I'll be speaking at CanSecWest in Vancouver, BC on Friday about blockchain bridge security. I'm stoked to share innovations in security from the web3 space with the rest of the world! secwest.net/presentations-…

New blog post: Navigating Vulnerabilities in Solana CPIs, by @dooflin5. It breaks down how unchecked programs, signer privileges, and account handling pitfalls can lead to exploits—and how developers can design defensively. asymmetric.re/blog/invocatio…

The best feedback one can receive ❤️ let’s talk turkey and not waste time with fluff.

Fun talk at #CSW2025 on voice cloning and deep faking! This type of attack is part of my upcoming AI for Cybersecurity training at Recon and Hexacon! (It’s on the hexacon syllabus but I need to update Recon)

Did the laser really burn a whole in the device!? That’s wild.

Sometimes you find a stinky code pattern that's not exploitable now but may be in the future with some foreseeable changes. Write these down and revisit them in the future - you'll be happy you did.

New blog post: An Intro to Differential Fuzzing in Rust, by .nl_gripto & Anthony Tsuei. It walks through building a pure-Rust JSON fuzzer from scratch, then extending it into a differential fuzzing harness capable of surfacing consensus bugs. blog.asymmetric.re/finding-fractu…

I want to break into the field of "cybersecurity". Can anybody explain to me what "Bitcoin style encryption" is, and how it applies to encrypted chat? There's so much I don't know.

PSA: Pretty much every "Solana/Anchor top vulnerabilities" checklist I've seen has numerous entries that are wrong. Either the remediations are wrong or entire bug classes are made up (perhaps hallucinated?)

You find a bug at 03:00. Two options: - Sleep and submit it tomorrow - Stay up, work hard and submit it One makes the odds of owning a Lambo in ur favor, the other ensures tomorrow will be the same mundane day. Make your choice! 😎

We have almost no public data about missed critical bugs on live code. I would say the panorama doesn’t look good for any firm auditing complex codebases. Most attacks are caught by whitehats when code is live, and we rarely have writeups about them, so we don’t know much about

The last few Critical Thinking - Bug Bounty Podcast episodes have been amazing with great topic curation and discussions. 🔥 The new alpha of the self-XSS exploit method using the new “fetch later” casually being dropped was mind boggling. 🤯