I recently developed and posted about a technique called "First sequence sync", expanding James Kettle's single packet attack. This technique allowed me to send 10,000 requests in 166ms, which breaks the packet size limitation of the single packet attack. flatt.tech/research/posts…

Digging through a fun n-day: github.com/wdahlenburg/CV…

Just earned the OSCE3! I've got tons of respect to those who have earned this.

CVE-2024-20492 is out. Probably one of my favorite privilege escalations to date! sec.cloudapps.cisco.com/security/cente…

Found out from my family that my cousin won. Huge W

Had an absolute blast exploring Iceland last week Waterproof jacket ✅ Waterproof boots 🙃

CVE-2024–20492 — A Privilege Escalation in Cisco Expressway Proof of Concept and Writeup: engineering.statefarm.com/cve-2024-20492…

Need to hack thousands of AWS customers? What about on internal AWS systems? Datadog Security Research found that a number of tools, including one published by AWS, are susceptible to name confusion attacks, leading to RCE in vulnerable environments! securitylabs.datadoghq.com/articles/whoam…

#IngressNightmare: Wiz Research uncovers a critical vulnerability in Ingress-NGINX 🚨 Wiz Research found a novel attack vector in one of Kubernetes's most fundamental projects, Ingress-NGINX, which is rated CVSS 9.8.

Skipping Defcon this year to travel around the world! Excited to work on all of my unfinished blog posts, tools, and research. I'm taking the leap to do bug bounty for a year and living the nomadic lifestyle.

Made a writeup on a critical CVSS 10.0 vulnerability I've recently found. Check it out, maybe you'll manage to make into a full config independent RCE. blog.z3r.ru/posts/spring-c…

My thoughts on whether or not prompt injection is a vulnerability or a delivery mechanism. Pros and cons for both sides of the debate... danielmiessler.com/blog/is-prompt…

Happy Thanksgiving from Down Under! Can’t believe we’ve traveled to 20 countries this year!

Congrats! Skyvern is one of the cooler tools I’ve played around with in the past few months. Tons of opportunities with web automation and it works really well.

Merry Christmas! Celebrated my 30th birthday with an incredible visit to the Great Barrier Reef

Happy New Year! Incredible night watching the fireworks from the Sydney Opera House

Exploits != vulnerabilities. That’s okay. Let’s end the war on vulnerabilities 💪🏻 wya.pl/2026/01/26/the…