NEW: Supply chain attacks are increasing in popularity in Web3. Lavamoat has emerged as a robust defense mechanism - but it’s not perfect. This blog spills the beans on some sneaky bypasses, and show how tricky it is to lock down JavaScript ecosystems. osec.io/blog/2024-06-1…

New job research : 1) Check how Lavamoat can protect someone from supply chain attacks 2) A bypass on lavapack And some other fun stuff :)

In collaboration with Fibonhack and PWNX MOCA2024 will have its own CTF. two rounds: Qualifiers on July 20th and 21st Finals in person during MOCA Entries will be made at ➡️ ctftime.org/event/2293 More information at ➡️ moca.camp/en/capture-the…

🚩 Presentazione della CTF del Team Università di Pisa tra i migliori team della gara finale del CyberChallengeIT all'ITCILO di Torino. 🖥️ Diretta streaming youtube.com/live/O4mqHbaxU… #️⃣ #CCIT24 #CyberChallengeIT #cybersecurity

The qualifying phase of the #CTF of #MOCA2024 is over! Thank you to all participating teams! #Congratulations to the first 5️⃣ classified! Now we look forward to seeing you at #camp! 🏕⛺️ 1st - BunkyoWesterns 2nd - cheriPI 3rd - DeadSec 4th - BeautifulSSSUP 5th - okadogs

Ringraziamo tutte le community che stanno arrivando al #MOCA2024 da tutta Italia: Cyber Saiyan | RomHack Conference, Training, Camp OWASP® Foundation Guerre di Rete SecurityCert #Sikurezzaorg Berghem-in-the-Middle (BITM) Security BSides Italia #roseislandhackedembassy fibonhack #ItalianHackersEmbassy #M71A GrUSP HackInBo® Infosec Security Conference & Training A domani!!

On the right, virgin XSS enjoyer, playing a CTF, eating shitty taralli while hosting MOCA CTF Finals. On the left, chad club mate enjoyer, exploiting his zero knowledge about his surroundings. We're having a great time in Pescara, thnx Metro Olografix for the awesome event

Thanks for organizing mocactf and moca2024 Honestly for the reasons rain, I thought I want to return home in first day BUT i was blessed with kind people, nice weather, and had a great time afte second day! I would like to participate again if I have the opportunity! Thx so much

Getting this kind of feedback is so great, glad you had fun and see you all next time!

I talked about some old bugs in the Solana compiler this Solana Breakpoint 🇦🇪 Abu Dhabi Dec 11-13. as an exercise, what's the result of trying to run `outer`? and why? osec.io/breakpoint-202…

Can You Prove 2+2=5? A Jolt zkVM Challenge zksecurity.xyz/blog/posts/jol…

Forget expensive hardware simulators, Microsoft Excel is all you need! daltron.de/posts/excel-hw/

in light of the recent Bybit hack, what can Solana teams do to be more secure? Solana has a unique signature model, that is arguably safer for multisigs. I wrote a quick post exploring this model, proposing a procedure for safe signing. osec.io/blog/2025-02-2…

This just confirms what we all knew: writing insecure code makes you a bad person

How can you trust a program without understanding it? We (.Renato Marziano) upgraded our Solana reverse engineering framework for this month's [REDACTED] hackathon. We integrated an MCP client into our decompiler plugin, automating parts of the reverse engineering process like type

We are back😎 Say hello to our kernelCTF submission for CVE-2025-37752🩸 Who would have thought you could pwn a kernel with just a 0x0000 written 262636 bytes out of bounds? Read the full writeup at: syst3mfailure.io/two-bytes-of-m… 👀

How many different ways can a lamport transfer fail in Solana? We were asked to investigate a critical bug patch in the Jito tip program, which asked this deceptively simple question. If you’re feeling brave, comment your answer before you read the article :)

NEW: The hidden dangers of lamport transfers How many different ways can a lamport transfer fail on Solana? Read our new article to find out. osec.io/blog/2025-05-1…

We're hosting MaltaCTF🚩 this year! An on-site event (with online qualifiers) in Valletta, Malta happening on the 12th of September 2025

Happy to talk there :)