The Havoc Framework github.com/HavocFramework…

SQLI on Google (: Flow: I found an old subdomain. I discovered the parameter "q" and injected the classic payload '. After obtaining the injected result, I initiated the exploitation. #bugbounty #bugbountytips

Should I be shorting the market too?

Nice when the cameras show up without notice. I thought I owned this farm.

That moment when the three disparate APIs are finally authenticating and communicating to each other live... One step closer #buildinpublic #appsec

This is the first time I've ever shared anything about what I'm doing and how I make money. It covers: * Why I got out of the corporate game * What I'm doing for income streams * How much I make on each * Why I think YOU should consider jumping as well danielmiessler.com/p/what-im-doin…

No-code tools are cool. But if they are/will be vulnerable to a class of webapp bug it is most definitely going be "misconfiguration. #buildinpublic #nocode

Awesome thread.

linikatz is a tool to attack AD on UNIX github.com/CiscoCXSecurit…

Vulnerability Dashboard V1.0 Almost there. #buildinpublic #appsec #Security #saas

We are excited to announce the launch and our sponsorship of the Bedford High School, Ohio #Cybersecurity Program! This program will have a major impact on the lives of students and will help build a strong technology workforce in the region. Read more on our website. hubs.la/Q0275XT00

Here we go... I just made available the Nuclei templates for honeypots detection that I presented last week at Ekoparty | Hacking everything (and also at swisscyberstorm) 😊 -> github.com/UnaPibaGeek/ho…

If your C2 interface doesn't look like this reevaluate

These are the top #AI #Security startups selected. (to secure AI usage I believe). Not sure how these were all picked out. Will be interesting to let the dust clear and see what opportunities are most important. #appsec #hacktheplanet menlovc.com/perspective/se…

Show me you're #AI without telling me...

This. This is awesome. neodyme.io/en/blog/github…

Microsoft still not knowing today how China (Storm-0558) gained access to signing keys and over 22 sensitive organizations… “The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in

Use CVE-2024-27198 to freely access internal TeamCity instances, create admin access tokens, and steal secrets and configurations - even if the server is not exposed to the internet. How? 🧵 #1/10

The appsec platform you wanted is here. A lot of late nights went into this one. Application Security shouldn't be as hard as we make it. So we built this platform. Secure your code at the source. Secure Untamed. #AppSec #infosecurity #devsecops