👁️👃👁️ 👄

Final scoreboard of the #BSidesNairobi2024 CTF with p3rf3ctr00t taking the lead in the last minutes. CTFRoom Strathmore University

Alexa, play addicted to success

🧵Verifiable AI: The Case for Trustworthy AI Agents While #AI technology advances, so do ‘AI agents.’ These aren’t just text generators; they can actively complete tasks for us, like researching online, executing trades, or writing code. Think of AutoGPT as an early example.

Scenes😂😂 #perfectctf #perfectroot

Thank you for playing our CTF! We hope it was both fun and educational. Keep exploring , learning.See you in the next one. Big thank you to our guest challenge creators🙏: Oste Winter Tahaa Farooq Joel. they call me jjjohn And p3rf3ctr00t team members

Come one, come all, the future of P2P Trading awaits. #NoOnes #NoOnesAtMUST

app.binance.com/uni-qr/cpos/17…

ethereum is the SINGLE MOST DECENTRALIZED CHAIN. THERE IS NO SECOND BEST. ethereum has the best decentralization and security of ANY chain from economics to social layer. and we can illustrate this through a series of comparisons with bitcoin. bitcoin has security budget issues

🌙Happy Ramadhan 🌙

Hi guys, I am working on a DID-based Insurance Verification System. I would appreciate if y'all spared some few mins to fill it in. forms.gle/19T62nKnyczFhX…

Apple once ran this software. Multiple security firms poked at it. No one spotted the bug. Here's a thread of how we found CVE-2025-5086 in Delmia Apriso... 👇🧵

Enter Hacktron — our AI security engineer. We gave it the decompiled .NET code and said: "Find pre-auth deserialization flaws". It tore through thousands of files in minutes. First stop: every .Deserialize() call it could see. Most were boring JSON converters with safe defaults.

⚠️Then it landed on one weird serializer: NetDataContractSerializer. It turns out that this serializer embeds .NET metadata. Translation? It lets attackers sneak in full .NET objects if you’re not careful! The serializer lived inside a WCF service called FlexNetOperationsService.

Plot twist: the FlexNetOperationsService was commented out in the config. Was this another dead end?🤔Well... the .svc file was still deployed. In IIS, that means the service was still live! Hacktron built a quick SOAP payload, fired it, and got a Windows directory listing back.

💣Pre-auth RCE in under 10 minutes. This vuln survived years of audits because it looked innocuous: forgotten service, commented code, and an obscure serializer. Humans skim past that, but AI doesn’t blink. 🤖

Takeaway: Legacy enterprise apps + modern AI auditing = good security. Your "quiet" endpoints aren’t safe just because they’re dusty. Full write-up, PoC, and lessons learned👉hacktron.ai/blog/posts/das… Retweet if you think AI bug hunting is about to change red teaming forever.

do you agree?

🚀 Kicking Off My Web3 Learning Journey Series! I've received many questions about how I transitioned into Web3 Security. So, I’ve decided to share my exact learning journey, step by step. This isn’t meant to be the ultimate guide. There are plenty of great resources out there

LINUX USERS ARE NOT HACKERS! LINUX USERS ARE NOT HACKERS! LINUX USERS ARE NOT HACKERS! LINUX USERS ARE NOT HACKERS! LINUX USERS ARE NOT HACKERS! LINUX USERS ARE NOT HACKERS! LINUX USERS ARE NOT HACKERS! LINUX USERS ARE NOT HACKERS!