My Ruxmon slides can be found here: docs.google.com/presentation/d…

How to start reviewing code? blog.pentesterlab.com/how-to-start-r…

How to start reviewing code? blog.pentesterlab.com/how-to-start-r…

I just published a blog post for the people that want to get into bug bounties. I hope it helps people that are thinking about doing bug bounties, but haven't started yet. It explains what to expect and how to deal with common problems / situations: shubs.io/so-you-want-to…

Final Giveaway! This time for #Cyber Monday Make sure you check our deals: pentesterlab.com/pro We are going to send a t-shirt and a few goodies to one person who retweets this tweet!! And we are going to give a 12-month voucher to someone who likes this tweet!!

The Full Stack Web Attack (Java Edition) 2-day class syllabus is up! srcincite.io/training/sylla…. Nowhere in the world can you take an online class on hacking Java applications at this level for < $1k USD. Grab your tickets here: srcincite.io/training/sched… #FSWA #PopThyShell

research.nccgroup.com/2023/02/09/sec…

Time for another giveaway! We are going to send a t-shirt and a few goodies to one person who follows PentesterLab and retweets this tweet!! And we are going to give a 12-month voucher to someone who follows PentesterLab and likes this tweet!!

How to start reviewing code? blog.pentesterlab.com/how-to-start-r…

To celebrate our new channel youtube.com/@AppSecSchool! We are going to send a t-shirt and a few goodies to one person who follows PentesterLab and retweets this tweet!! And we are going to give a 12-month voucher to someone who follows PentesterLab and likes this tweet!!

Excellent research work by Moshe Kol on exploiting a spinlock use-after-free. Android Binder (CVE-2022-20421) Paper: 0xkol.github.io/assets/files/R… OffensiveCon 23 slides: 0xkol.github.io/assets/files/O… #android #Linux #kernel #exploit

🧐 Dive into the world of exploit development on Linux with: "Cueing up a Calculator: An Introduction to Exploit Development on Linux" by Kev Check it out now 👉 github.blog/2023-12-06-cue…

If you are looking for an AMAZING course for zero day hunting, I highly recommend Flashback Team , Pedro Ribeiro ,and Rado RC1 's course! Super technical, detailed, and amazing delivery! Hunting zero-days in embedded devices!! One of a kind course!!

I can confirm that this is the correct analysis of the Apache struts bug I reported (CVE-2023-50164) xz.aliyun.com/t/13172 well done! 👏🏻

The first public Full Stack Web Attack class for 2024 will be held in Berlin offensivecon that covers Java & C# web attacks! Grab tickets at: offensivecon.org/trainings/2024…

Bluesky doesn't require invites anymore bsky.social/about/blog/02-…

Half of the success in source code auditing is just having the confidence and faith that you will find something. It doesn't matter what language it is or how many times it's been audited. This has proven true throughout my career. Just. Don't. Give. Up.

I'm thinking of running PentesterLab Security Code Review Training (in English) as an in-person training in late September and October in the following cities: Porto, Madrid, Paris, Ghent and Budapest...

We just added the dates for our next two online cohorts: pentesterlab.gumroad.com/l/securitycode… pentesterlab.gumroad.com/l/securitycode…

Physics professor discloses in 1 minute the full insight of Quantum Mechanics.