We found two 0-day vulnerabilities in @Ubuntu kernel and it all started by reading descriptions of old CVEs 📖 Thread about the discovery of #GameOverlay 🧵👇🏼

Get Ready with Your AWS Accounts because Arif abhishekbv and me will be delivering training Seasides on 21 September. "Fundamentals of attacking and defending AWS" Attached is a clip of what you can expect at our training. seasides.net #cloudsecurity

These resources are all you need to become at least an intermediate level Smart Contract Security Researcher🧐 When I started learning I wasn't lucky enough to have these resources. But now you have it and should take advantage. Let's take a look at them👇🏼

When bug bounty hunting, assume you are blocked by a WAF. What are the common ways you can evade WAF and continue hunting? Curious to know? Checkout this thread 👇🧵

Nithin 🦹‍♂️ Bypasses for the following WAFs: Amazon Web Services WAF Cisco Secure WAF Cloudflare Web Application Firewall Citrix Netscaler F5 BIG-IP Advanced WAF Fortinet's Fortiweb WAF Akamai Web Application Firewall Sophos Firewall Broadcom Radware nzt-48.org/bypasses-for-t…

|￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣| | Don't Push To Production On Friday | |＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿| \ (•◡•) / \ / —— | | |_ |_

Ok Mullvad VPN is the example of security *by design*: The company does not store any form of data (no IPs, no logs.) They don’t even offer recurring subscriptions (!!) because doing so would force them to store data that can identify people. No affiliation: just awesome

Spent two full days troubleshooting with ChatGPT but didn’t get anywhere. Took half a day to dig into the docs and troubleshoot it myself—just like the old days—and I’m happy to say my Pi-hole DNS on k8s is finally reachable on my Tailnet 😄

I enjoy debugging problems and decided to document them — zerodaywolf.sh/debugs/

Today, Linus Torvalds told a Google engineer that his code (updating RISC-V support in the Linux kernel) is “garbage” which “makes the world actively a worse place to live”. Adding that the Google engineer’s code needs to “get bent”. As you might have guessed, Torvalds has

All the blogs I want to read are finally organized on my reader. Glad I stumbled upon kill-the-newsletter.com. This is a neat solution to not give out your email to newsletters. Plus I no more have to scroll through my email to look for any latest tech news I missed out on.

Reading chromium bug reports gives me peace. I don't know why and I don't know how.

I've been having a blast solving the Wiz Ultimate Cloud Security Championship challenges! I haven’t touched CTFs in quite a while, but jumping back in has been such a breath of fresh air. Thank you Wiz for the cool challenges! zerodaywolf.sh/writeups/

Block ads & trackers on Android 11+ natively using Private DNS. I've been experimenting with public DNS providers which block annoying ads & trackers and I think the best one is dns.adguard-dns.com . Haven't seen any app crashes for a while. LMK if you know a better one.

Recently ran an experiment and found out how alarmingly easy it was to compromise users via npm lifeycycle hooks. Read about it here - zerodaywolf.sh/blog/npm-lifec… #supplychain #security #opensource #npm #hacking

I admitted my son to a hospital today. I have a ₹1.2 crore Acko Platinum Health Plan the one with no room rent limit. ACKO Varun Dua Guess what? The hospital flat out denied me a suite room. 👇🏻