Just had a call with someone on Forbes 30 under 30 list and came away really impressed. He shared with me how he made VP at a top tech company before age 30: 1. 4:30 AM wakeup 2. Cold showers 3. Gratitude journal 4. Meditate 5. Dad owns tech company

Ever wanted to make your sketchy sys calls look squeaky clean? I wrote a blog demonstrating a PoC which calls NtOpenProcess to grab a handle to lsass with an arbitrary/spoofed call stack: labs.withsecure.com/blog/spoofing-… PoC: github.com/countercept/Ca…

Please share Java web app interesting and complex vulnerabilities identify via source code review

The problem with loving what you do is that you end up overworking while you get lost in the details with an insufferable need to make it perfect.

The security research team at Assetnote discovered a high risk SSRF vulnerability in Jira Server and Datacenter - CVE-2022-26135. This SSRF allows attackers to make requests with any HTTP method, headers and body. You can read about it here: blog.assetnote.io/2022/06/26/exp…

The Center for Internet Security released the Supply Chain Security Benchmark! It is SO awesome to see more industry attention on locking down CICD pipelines. Table of contents attached. PDF link: github.com/aquasecurity/c…

I decided to make a homage-post to Egor Homakov and Nir Goldshlager about different OAuth-token leakage methods I've been researching – ten years after their blog posts that inspired me to start hunt for bugs ♥️ thank you. labs.detectify.com/2022/07/06/acc…

What an amazing idea it is to disable copy/paste on a "Re-enter New Password" field. I actually did want to type out my 1password generated 30 character password.🤦‍♂️

There's a subtle bug in this code that I learned about today. Do you know what it is?

A “razor” is a rule of thumb that simplifies decision making. The most powerful razors I’ve found:

This post talks about : · How to use curl command to exploit mounted socket? · How to use mounted socket to do an escape to host? · How to secure Docker socket via SSH? · How to use secure Docker socket via Docker context? medium.com/@codingkarma/k… #infosec #security #cyber

An informal review of CTF abuse (or how folks try to win CTFs in a not purely ethical way): gynvael.coldwind.pl/?lang=en&id=750 Know more stories like this which I've missed? Please share!

I wanted to give a huge shout out to all the amazing contributors, and a lot of other folks who provided great feedback, suggestions and just spreading the word about the Kubernetes Goat project 🙏 👉 github.com/madhuakula/kub… #Kubernetes #Security #CloudNative #CNCF #InfoSec

Mike Tyson had a coach. Michael Jordan had a coach. Yet, you’re too prideful to ask for help…

90% of my Twitter DMs are asking me about how to start getting into Malware development. Well, I love answering them but it's easier to write a small thread about it so here we go. 1/12

Kubernetes Goats 🐐 are ready for Black Hat and DEF CON. Say hi 👋 to grab your goat 🐐 before the limited edition are over 😅 #Kubernetes #CNCF #blackhat2022 #DEFCON30 #infosec #security #CloudNative #DevSecOps #conference

As promised - part 2 of my WMI blog series. jsecurity101.medium.com/wmi-internals-… In this portion I walk through how to analyze a WMI provider binary and identify the invocation of COM methods.

"don't read reviews or graphs, just listen to the headphones yourself" 99% of the population:

Average day with AMEX chat support 🤦‍♂️ Is that list still valid? Ask Amex Amex India

we have boarded UK818! From BLR to DEL today & found that the Airconditioner wasn’t working. It’s reported to Crew Members twice but no respite through out the delayed flight for 3 hrs. It an horrible experience. @airvistara