Things I enjoy lately: 1. Catching up on binary exploit techniques. 2. Changing my son's diaper while he sleeps.

¿Qué charlas habrá este año en el Main Track de la #Eko2021?🚀🌕 💥1-CLICK TO INFILTRATE YOUR ORGANIZATION VIA VULNERABLE VS CODE EXTENSIONS by Raul Onitza-Klugman & Kirill Efimov Para leer la descripción y comprar tu entrada 👉 bit.ly/3b7CY59

First meetup ever - check! First sticker on my laptop - check! (Liran Tal was told yours is waiting for you in the desert) Thanks #NegevWebDevelopers and Yanai Edri for having me.

"1-Click to Infiltrate your Organization via Vulnerable VS Code Extensions" by Kirill Efimov and Raul Onitza-Klugman is now available on-demand! spr.ly/6016JgGUe

Look mom, we created a CTF 🎉

True true

🚨 A malicious actor targeting a still unknown company is using an internal #JS package "gxm-reference-web-auth-server". If your company uses this package, make sure to inform your #AppSec team. More info here. 👇 #npm #JavaScript snyk.co/uewZH

Do you have ideas how to find new classes of bugs with fuzzing? Now you can get a reward of over $11K for every detector. Great initiative by Google's OSS-Fuzz team to foster the work on exploring the potential of #fuzzing beyond memory corruption bugs. security.googleblog.com/2022/09/fuzzin…

Created a repo that shows how to find the latest #OpenSSL CVE-2022-3602 buffer overflow using libFuzzer. github.com/supriza/openss…

#FetchtheFlag 2022 is a wrap! Had loads of fun creating some of the challenges and running it. Time to do some research 🕵️

🚨 BREAKING 🚨The Snyk research team has uncovered 4 critical security vulnerabilities (#LeakyVessels) impacting core container tech including Docker, runc & related cloud infrastructure like Kubernetes. Get more details, including mitigation tips here 👉 snyk.co/ugxMU

Unveiling the mysteries of ComfyUI Custom Node Vulnerabilities with our latest blog post! 🕵️‍♂️ Dive deeper into plugin ecosystem security with our seclabs team's in-depth exploration. Don't miss it! ⚡ #AppSec #AIsecurity #ComfyUI More here: snyk.co/uhPWq

Elliot's Cookie Tossing research in the top 10! 💪

Latest research I've done on local AI security showcasing vulnerabilities in 👋 Jan's AI engine 🕵️

🚨 New twist in the tj-actions attack: A complex story unfolding — started 3 months earlier than publicly known, slipping in through SpotBugs before spreading across orgs. More details here ⬇️ unit42.paloaltonetworks.com/github-actions…

Rory at it again, privescing in NixOS! 🔥

We just dropped a deep dive on a series of vulnerabilities the Snyk Security Labs team found in NixOS! When chained together, they allow for a full privilege escalation from any user to root on a default installation. #NixOS #Linux #infosec #vulnerability

/1 🚨 mega-thread on exploiting MCP servers via prompt injection, buckle up 👇

Some food for thought around leveraging prompt injection to exploit vulns in MCP servers 🕵️

claude presents: xss as a service labs.zenity.io/p/claude-in-ch…