Medusa 2.0.0 is here! Now with iOS support, 🍎 Mango reports on static evasion tactics. Plus, tons of module enhancements. Full list below: github.com/Ch0pin/medusa/…

🎉 Cheers hackers! 🎊 As we bid farewell to 2023, let's celebrate together! 🎁 Like, follow, and retweet for a chance to WIN a €30 coupon for swag.shielder.com! 🏆 3 winners will be selected by EOY! #giveaways #swag

Ever wondered how to binary diff router firmwares to write n-day exploits? Learn how TheZero 🍉 on BlueSky and Pit combined unblob, binexport, ghidra, Qiling, and an Asus router to write an exploit for CVE-2023-39238. The outcome was unexpected ... 1/7 shielder.com/blog/2024/01/h…

Hip, hip, hooray! It's been 10 years of AppSec Ezine! Big shoutout to all who have been supportive along the journey and to the security community that made this project possible. Cheers 🥂 520th Edition: pathonproject.com/zb/?6ba3505270… Repo: github.com/Simpsonpt/AppS… #AppSec #Security

We're announcing our second flagship "Hunting Zero-Days in Embedded Devices" training this year at Cyber Saiyan | RomHack Conference, Training, Camp, in Rome, 24-27th September!! 4 days of PWNING 💻 romhack.io/training/2024/… Contact us for limited offer discount codes, only 4 u, as our Valentine's gift ❤️❤️❤️

OMG, our "Cookie Crumbles" paper got into the Top-10 Web Hacking Techniques of 2023 by PortSwigger Research! Have a look at the paper if you haven't yet usenix.org/conference/use… and check the other outstanding finalists! Thank you ❤️

Hey hackers - attending NULLCON? Pop to say hi and talk about AppSec and VR! You can find smaury TheZero 🍉 on BlueSky Pit Francesco Enrietti around 🖖🏿

And that's a wrap! Exceptional reports from exceptional #hackers 🥳 More content from NULLCON and #bugbountytips coming up ⏭️. Cheers to the amazing exploits 🎉 and to many more like these events to come. #HackWithIntigriti Nestlé

Excellent writeup showing how to track down vulnerabilities in firmwares starting from CVEs through patch diffing Credits Pit and TheZero 🍉 on BlueSky shielder.com/blog/2024/01/h… #embedded #infosec #asus

We recently partnered with OSTIF Official to perform a security audit sponsored by Amazon Web Services on Bref. The audit resulted in 5 findings promptly addresses by Matthieu Napoli. The report is now public, check the details here: shielder.com/blog/2024/03/b…

Exciting news! We've just released a new blog post on mobile app security, where Pit and TheZero 🍉 on BlueSky used their intent-fu to discover vulnerabilities (CVE-2024-26131, CVE-2024-26132) in Element, a The Matrix.org Foundation client for Android. #writeup #CVE shielder.com/blog/2024/04/e…

Back in December 2023 our researchers TheZero 🍉 on BlueSky Pit and Mindless performed an audit sponsored by Amazon Web Services and facilitated by OSTIF Official on boost. It resulted in 7 findings and 15 new fuzzers. The report is now public, check the details here: shielder.com/blog/2024/05/b…

dojo-yeswehack.com/challenge/play… not all strings are made equal

During a recent engagement Mindless hacked his way through Vtiger CRM which led to discover a privilege escalation and a SQL injection. Learn more in the dedicated advisories: - CVE-2024-42994 #sqli shielder.com/advisories/vti… - CVE-2024-42995 #privesc shielder.com/advisories/vti…

🍎 With many #macOS security mechanisms at work, one might wonder how malware manages to bypass them. Get ready for a deep dive into macOS security architecture and novel evasion techniques during Pietro Tirenna's (Pit) talk at #TheSAS2024. 🚀 Secure your seat:

lua interpreters something something fakeobj addrof something something wasm something deda.lol/posts/2024-09-…

sudo iptables -A ESCALATION -s shielder -j ACCEPT

🛡️

Cheers -- here in beautiful Bali 🏖️ for #theSAS2024 conference! If you happen to be here, please reach out and let's have a chat 🍻

🚨 New Open Source Audit Alert! 🚨 Shielder, with OSTIF Official & CNCF, audited Karmada: 🔍 6 issues found (1 high, 1 medium, 2 low, 2 info) ✔️ Most fixed, others planned. 🗣️ to Pit and TheZero 🍉 on BlueSky Full details in the blog post! shielder.com/blog/2025/01/k…