We're excited to welcome @Pentesterlab as an In-Kind Sponsor of the Bug Bounty Village at DEF CON 33. Their support helps us create a space for hackers to connect, learn, and push boundaries. #BugBounty #DEFCON #BBV #BugBountyVillage

Louis Nyffenegger perhaps you should!

This book has a lot of typos, a few sections that have definitely been written using AI but this takes the cake...

Worth reading just for the sentence: "This is written in Python and released under the viral-but-in-the-itchy-pants-way GPL v3 license"

Let's create a certification... The exam: you find (and fix or get fixed) 12 issues in different open source projects with more than 10k stars on GitHub.

𝐉𝐚𝐯𝐚𝐒𝐜𝐫𝐢𝐩𝐭: 𝐛𝐞𝐜𝐚𝐮𝐬𝐞 𝐜𝐨𝐦𝐦𝐨𝐧 𝐬𝐞𝐧𝐬𝐞 𝐢𝐬 𝐨𝐯𝐞𝐫𝐫𝐚𝐭𝐞𝐝…

You can be sure I'll never hype something I don't actually use! My integrity can't be compromised like <INSERT VPN BRAND>'s security. Unrelated: you can get 20% off their UNHACKABLE plan using the promo code HACKTHEPLANET.

💥🐹 4 new Go Code Review Labs just dropped! 🐹💥 Read the code, peek at the diff, find the bug. Sharpen your skills: pentesterlab.com/badges/golang-…

Another incomplete fix: github.com/MobSF/Mobile-S… But the developers (and CodeQL) found it before me. if not purl.netloc.endswith('firebaseio.com'): instead of: if not purl.netloc.endswith('.firebaseio.com'):

If you’re on twitch you can now follow me there, username is nastystereo The channel will be focused on hacking, link in the next tweet

Another CVE we came across this week as part of our CVE-analysis routine. The impact is probably limited, but the vulnerability is a classic example of parser differential. To give you a bit of background, the file .netrc is used to store credentials. It's mostly used by FTP

The biggest shift in AppSec with AI? Dev work looks more like code review. They’re reviewing AI output, not writing every line. Old “write secure code” training isn’t enough. You need to teach them to spot bugs like a reviewer. 👉 pentesterlab.com/live-training/

thankYouChatGPT redd.it/1lt8b79

PentesterLab best platform to learn Appsec 💯💯💯💯💯

When the CTF team enters the arena...

Their only weakness...

"The training left me feeling in need of doing my own security research..." Great! :)