Ever wanted to build your own JTAGulator? here's what it takes by IoTSRG Team iotsrg.org/blog/can%60t-b…

First time I've glitched u-boot by grounding out the flash chip during boot! Ending up getting a root shell on a TP-Link security camera 😄 youtu.be/F-G-7-qo7Xg #iot #hacking

We’re finally live! You can now watch “Listen to the whispers: web timing attacks that actually work” on YouTube: youtube.com/watch?v=zOPjz-…

🎉 Announcing ⇧Shift - The Cursor of Hacking Justin Gardner and I have been cooking up an awesome AI hacking tool and releasing it to beta testers starting today. ⇧ Shift is a Caido plugin that makes hacking faster and easier so you can make more money in less time. Read on 👇

It’s not, but it absolutely could be.

meanwhile, European power sockets

Well big news, Friday was my last day at Eclypsium, and I'm officially going all in on being fully independent and running my own companies. Some of you may have seen it coming as I registered my second LLC last month. I just got off a call and locked in a private fuzzing

How to detect backdoors efficiently? ▶️ Backdoors were found in firmware & open-source code ▶️ Detection requires much manual reverse-engineering ▶️ Fuzzers cannot see backdoors Our ICSE preprint on finding backdoors with fuzzing is at binsec.github.io/nutshells/icse… A thread ⬇️

wtf

Same for thought leaders

Remember to AFL_PIZZA_MODE=-1 to know wth your fuzzer is doing today ;)

Can I please pay OpenAI whatever monthly they want to get them to disable "Which response do you prefer?"

i’m hiring elite hardware security nerds for planet hacking if you’re in to that sort of thing, email cv to [email protected]

Woot, thank you ahpaleus (& everybody else Trail of Bits that contributed) for publishing a great walk-through about snapshot fuzzing & how to use github.com/0vercl0k/wtf in their Testing Handbook 🙏 Go check it out: appsec.guide/docs/fuzzing/s…!

I found a few more cl0 (malformed content-length) gadgets from fuzzing. I used Claude Desktop with Desktop Commander, Burp MCP and my own python tools to help narrow down possible mutations of templates that I know work. New gadget == New CVE affecting major company. (May 21) 😈

I am ecstatic to announce that I will be presenting @ #BHUSA alongside my daughter (Angel Hacker)! "Lost in Translation: Exploiting Unicode Normalizations" We created this talk based on response & feedback from our Bug Bounty Village workshop last year. blackhat.com/us-25/briefing…

Even mature products hide critical flaws – and @XBOW just found another one. CVE-2025-49493: XXE in Akamai CloudTest discovered during our climb to #1 on HackerOne. A complete technical breakdown from an error-based detection to a full exfiltration by djurado

Oege de Moor XBOW If you are gonna use H1 as a marketing platform and hint about ”use use instead of humans! just look at out stats” I would please ask of you to start releasing the cost of running this tool. It starts to feel like you are eroding the trust of researchers on these platforms