In the conclusion: "this research provides strong evidence that early disclosure of exploit code gives attackers a leg up." Nice graphic on how vuln events unfold. "Only 16% of the CVEs studied followed the most common sequence of Reserved-Patched-Scanned-Published-Exploited."

Update Your iOS Devices Now — 3 Actively Exploited 0-Days Discovered m.cje.io/3fnfWsA

If you ever have an admin panel like /admin/endpoint that returns a 401 try and see if you can do /admin/bruteforce/samevalidendpoint I’ve seen several php applications where an attacker can enumerate administrative routes. 1/2

Remember never to `curl` a URL and pipe it to your shell: instead, download the installer, and keep clicking yes.

The more time I spend internal at an organization the more I realize being “good” at security is far easier than actually designing something securely.

Anyone I know can connect me with the security team at Sky or BT in the UK?

#realtalk

I’m giving out 40 PentesterLab PRO licenses. I hope you all have a great Christmas. Just comment why you think you should have one and I’ll pick some people. Stay frosty.

The password spraying and credentials stuffing season is about to begin...

#ff Adam Mein collin haroon meer Chris Evans Sergicles Parisa Tabriz Dmitry Kulshitsky Dino A. Dai Zovi Jeff Treuhaft @kym_possible Michael Baker @jhaddix Katie🌻Moussouris (she/her/she-ra/she-hulk) 🪷

woot! CrikeyCon VII presenters are live... my first irl keynote in over a year - psyched to catch my home country up on what all has shifted in our industry over the past 8 years, and where it's going next... m.cje.io/3uxB6LN

Steve Christey Coley, BS 🐀

what’s the word for when you’re very smart but can’t remember anything and know literally nothing

real brainiac release from the Assetnote team - blog.assetnote.io/2021/04/05/con…

Stop uploading your address book to social media sites. It’s not your data!

Two years of work, freely open sourced to the community. These people are just legends.

Rocking it 80s style: + pcap file + analyzed using tcptrace + graphed with xplot + displayed via X11 over TCP/IP This was the ultimate tech stack. It has all been downhill since this.

We're currently hiring for Red Team - if you are a strong contender looking for a change please reach out to me via DM and we can chat further.

jobs.lever.co/canva?lever-vi… Canva is hiring for a variety of roles - if you are good at computer please apply!!

Are you dreading going back to your current job? Come work at Canva! We've got a heap of security roles open and are looking for smart driven people that want to be a part of Canva's journey! Australia Remote - Happy to discuss remote international. jobs.lever.co/canva?lever-vi…