Tal Skverer
@taltechtreks.com
Security Researcher | Blog writer | Hacker | DEFCON speaker | Gamer | Silly stuff lover.
https://taltechtreks.com/
https://taltechtreks.com/
וואו, איזה אווירה ואיזה קהל ב-Reversim Summit היום!
שמחתי מאוד על הזכות להיות פה ולהציג בפניכם את המחקר שלי, תודה!
שמחתי מאוד על הזכות להיות פה ולהציג בפניכם את המחקר שלי, תודה!
October 28, 2025 at 1:25 PM
וואו, איזה אווירה ואיזה קהל ב-Reversim Summit היום!
שמחתי מאוד על הזכות להיות פה ולהציג בפניכם את המחקר שלי, תודה!
שמחתי מאוד על הזכות להיות פה ולהציג בפניכם את המחקר שלי, תודה!
איזה כיף שהגיע הכנס השנתי של Reversim Summit!
כנס שתמיד נהדר להיות בו עם הרצאות מעניינות ומעולות, והפעם הוא מתוק במיוחד כי יוצא לי להרצות בו בפעם הראשונה!
מוזמנים לבוא לשמוע על איך נראה האקינג למשחקי אנדרואיד, ואיך ביליתי את ימי הקיץ אי שם ב2016 כדי לפרוץ לפוקימון גו.
מחר, 27/10, ב13:20 באולם הגדול!
כנס שתמיד נהדר להיות בו עם הרצאות מעניינות ומעולות, והפעם הוא מתוק במיוחד כי יוצא לי להרצות בו בפעם הראשונה!
מוזמנים לבוא לשמוע על איך נראה האקינג למשחקי אנדרואיד, ואיך ביליתי את ימי הקיץ אי שם ב2016 כדי לפרוץ לפוקימון גו.
מחר, 27/10, ב13:20 באולם הגדול!
October 27, 2025 at 10:15 AM
איזה כיף שהגיע הכנס השנתי של Reversim Summit!
כנס שתמיד נהדר להיות בו עם הרצאות מעניינות ומעולות, והפעם הוא מתוק במיוחד כי יוצא לי להרצות בו בפעם הראשונה!
מוזמנים לבוא לשמוע על איך נראה האקינג למשחקי אנדרואיד, ואיך ביליתי את ימי הקיץ אי שם ב2016 כדי לפרוץ לפוקימון גו.
מחר, 27/10, ב13:20 באולם הגדול!
כנס שתמיד נהדר להיות בו עם הרצאות מעניינות ומעולות, והפעם הוא מתוק במיוחד כי יוצא לי להרצות בו בפעם הראשונה!
מוזמנים לבוא לשמוע על איך נראה האקינג למשחקי אנדרואיד, ואיך ביליתי את ימי הקיץ אי שם ב2016 כדי לפרוץ לפוקימון גו.
מחר, 27/10, ב13:20 באולם הגדול!
Had a great time presenting the OWASP Top 10 NHI Project today at #LASCON Austin with Tomer Yahalom!
We've had the pleasure to give the talk to a great crowd and amazing people. Looking forward to the second day filled with interesting talks!
We've had the pleasure to give the talk to a great crowd and amazing people. Looking forward to the second day filled with interesting talks!
October 24, 2025 at 1:53 PM
Had a great time presenting the OWASP Top 10 NHI Project today at #LASCON Austin with Tomer Yahalom!
We've had the pleasure to give the talk to a great crowd and amazing people. Looking forward to the second day filled with interesting talks!
We've had the pleasure to give the talk to a great crowd and amazing people. Looking forward to the second day filled with interesting talks!
The #MCP framework took the world by storm. But is it safe?
We downloaded over 5 thousand of the highest starred MCP implementations to answer that question!
astrix.security/learn/blog/s...
We downloaded over 5 thousand of the highest starred MCP implementations to answer that question!
astrix.security/learn/blog/s...
State of MCP Server Security 2025: Research Report | Astrix
5K+ MCP servers analysis: 53% use insecure hard-coded credentials. Read the full 2025 research and download the open-source MCP Secret Wrapper to mitigate risks.
astrix.security
October 16, 2025 at 6:56 PM
The #MCP framework took the world by storm. But is it safe?
We downloaded over 5 thousand of the highest starred MCP implementations to answer that question!
astrix.security/learn/blog/s...
We downloaded over 5 thousand of the highest starred MCP implementations to answer that question!
astrix.security/learn/blog/s...
I am absolutely delighted to share that I'll be giving a talk at Reversim Summit 2025 on breaking Pokémon Go's anti-cheating mechanism!
On a personal note, every time I visit Reversim, it shows me just how awesome, welcoming, and genuinely interesting community-driven events can be.
On a personal note, every time I visit Reversim, it shows me just how awesome, welcoming, and genuinely interesting community-driven events can be.
August 20, 2025 at 1:29 PM
I am absolutely delighted to share that I'll be giving a talk at Reversim Summit 2025 on breaking Pokémon Go's anti-cheating mechanism!
On a personal note, every time I visit Reversim, it shows me just how awesome, welcoming, and genuinely interesting community-driven events can be.
On a personal note, every time I visit Reversim, it shows me just how awesome, welcoming, and genuinely interesting community-driven events can be.
Breaking 'Em All!
The blog posts going deeper into hacking Pokemon Go that accompany my #DEFCON talk are live on my blog!
taltechtreks.com/2024/04/06/H...
taltechtreks.com/2025/08/09/H...
Happy to get questions on the research!
The blog posts going deeper into hacking Pokemon Go that accompany my #DEFCON talk are live on my blog!
taltechtreks.com/2024/04/06/H...
taltechtreks.com/2025/08/09/H...
Happy to get questions on the research!
Breaking Pokémon Go Anti-Cheating System - Part 2
Overcoming Niantic's Anti Cheating Mechanism
taltechtreks.com
August 9, 2025 at 8:19 PM
Breaking 'Em All!
The blog posts going deeper into hacking Pokemon Go that accompany my #DEFCON talk are live on my blog!
taltechtreks.com/2024/04/06/H...
taltechtreks.com/2025/08/09/H...
Happy to get questions on the research!
The blog posts going deeper into hacking Pokemon Go that accompany my #DEFCON talk are live on my blog!
taltechtreks.com/2024/04/06/H...
taltechtreks.com/2025/08/09/H...
Happy to get questions on the research!
Talking in an hour at #DEFCON about Pokemon Go on track 3. Couldn't be more excited!
I've worked on it multiple nights in the past months, and I hope you'll enjoy it!
If you're not here in person, you can catch the talk live at www.youtube.com/live/fzbrrKP...
or www.twitch.tv/defcon_dctv_...
I've worked on it multiple nights in the past months, and I hope you'll enjoy it!
If you're not here in person, you can catch the talk live at www.youtube.com/live/fzbrrKP...
or www.twitch.tv/defcon_dctv_...
DEFCON_DCTV_Three - Twitch
DEFCON TV Channel 3: Track 3 Talks
www.twitch.tv
August 9, 2025 at 5:24 PM
Talking in an hour at #DEFCON about Pokemon Go on track 3. Couldn't be more excited!
I've worked on it multiple nights in the past months, and I hope you'll enjoy it!
If you're not here in person, you can catch the talk live at www.youtube.com/live/fzbrrKP...
or www.twitch.tv/defcon_dctv_...
I've worked on it multiple nights in the past months, and I hope you'll enjoy it!
If you're not here in person, you can catch the talk live at www.youtube.com/live/fzbrrKP...
or www.twitch.tv/defcon_dctv_...
Giving a talk on Pokemon Go, I just had to convert myself to a Pokemon trainer.
The amazing Ryan Rockenbaugh surprised me with a limited edition sticker of Trainer Tal
Sticker wall at #DEFCON got 2, and I will be giving what's left tomorrow at my talk
Breaking 'Em All! 11:30 Track 3. See you!
The amazing Ryan Rockenbaugh surprised me with a limited edition sticker of Trainer Tal
Sticker wall at #DEFCON got 2, and I will be giving what's left tomorrow at my talk
Breaking 'Em All! 11:30 Track 3. See you!
August 9, 2025 at 2:53 AM
Giving a talk on Pokemon Go, I just had to convert myself to a Pokemon trainer.
The amazing Ryan Rockenbaugh surprised me with a limited edition sticker of Trainer Tal
Sticker wall at #DEFCON got 2, and I will be giving what's left tomorrow at my talk
Breaking 'Em All! 11:30 Track 3. See you!
The amazing Ryan Rockenbaugh surprised me with a limited edition sticker of Trainer Tal
Sticker wall at #DEFCON got 2, and I will be giving what's left tomorrow at my talk
Breaking 'Em All! 11:30 Track 3. See you!
Excited and humbled to speak once again in DEF CON.
Talk is on Saturday at 11:30, track 3.
I'll be in the conf till Sunday, hit me up if you want to chat over the talk or any other project.
Talk is on Saturday at 11:30, track 3.
I'll be in the conf till Sunday, hit me up if you want to chat over the talk or any other project.
August 7, 2025 at 10:24 PM
Excited and humbled to speak once again in DEF CON.
Talk is on Saturday at 11:30, track 3.
I'll be in the conf till Sunday, hit me up if you want to chat over the talk or any other project.
Talk is on Saturday at 11:30, track 3.
I'll be in the conf till Sunday, hit me up if you want to chat over the talk or any other project.
The #DEFCON 33 schedule is live and I'm excited to announce I'll be giving a talk this year on unique research I was a part of a few years back!
"Breakin 'Em All – Overcoming Pokémon Go's Anti-Cheat Mechanism"
Join me on stage - Sat, 11:30 AM, Track 3
defcon.org/html/defcon-...
"Breakin 'Em All – Overcoming Pokémon Go's Anti-Cheat Mechanism"
Join me on stage - Sat, 11:30 AM, Track 3
defcon.org/html/defcon-...
July 22, 2025 at 3:17 PM
The #DEFCON 33 schedule is live and I'm excited to announce I'll be giving a talk this year on unique research I was a part of a few years back!
"Breakin 'Em All – Overcoming Pokémon Go's Anti-Cheat Mechanism"
Join me on stage - Sat, 11:30 AM, Track 3
defcon.org/html/defcon-...
"Breakin 'Em All – Overcoming Pokémon Go's Anti-Cheat Mechanism"
Join me on stage - Sat, 11:30 AM, Track 3
defcon.org/html/defcon-...
June 11, 2025 at 3:19 PM
Just got back from #AppSecIL2025!
Ended up 4th place in the #CTF 🎉
Solved 12/15 challenges alone - Android pwn, JS sandbox escapes, cache poisoning, XSS bypasses. The usual suspects: SQLi, LDAP injection, XXE.
Had a blast!
Looking forward to the next one.
Writeup: taltechtreks.com/2025/06/04/a...
Ended up 4th place in the #CTF 🎉
Solved 12/15 challenges alone - Android pwn, JS sandbox escapes, cache poisoning, XSS bypasses. The usual suspects: SQLi, LDAP injection, XXE.
Had a blast!
Looking forward to the next one.
Writeup: taltechtreks.com/2025/06/04/a...
AppSec IL 2025 CTF - Writeup
A writeup on all challenges I solved in the 2025 OWASP CTF
taltechtreks.com
June 6, 2025 at 11:48 AM
Just got back from #AppSecIL2025!
Ended up 4th place in the #CTF 🎉
Solved 12/15 challenges alone - Android pwn, JS sandbox escapes, cache poisoning, XSS bypasses. The usual suspects: SQLi, LDAP injection, XXE.
Had a blast!
Looking forward to the next one.
Writeup: taltechtreks.com/2025/06/04/a...
Ended up 4th place in the #CTF 🎉
Solved 12/15 challenges alone - Android pwn, JS sandbox escapes, cache poisoning, XSS bypasses. The usual suspects: SQLi, LDAP injection, XXE.
Had a blast!
Looking forward to the next one.
Writeup: taltechtreks.com/2025/06/04/a...
I'm building something cute and new, but as opposed to my normal ways, this time I'm using #Cursor heavily and the flow blows my mind.
Although I'm certain that without prior good knowledge of coding it wouldn't work that well.
Although I'm certain that without prior good knowledge of coding it wouldn't work that well.
May 20, 2025 at 5:38 PM
I'm building something cute and new, but as opposed to my normal ways, this time I'm using #Cursor heavily and the flow blows my mind.
Although I'm certain that without prior good knowledge of coding it wouldn't work that well.
Although I'm certain that without prior good knowledge of coding it wouldn't work that well.
Ah, I wondered when this was due to come out.
Can't wait to experiment!
www.anthropic.com/news/integra...
Can't wait to experiment!
www.anthropic.com/news/integra...
Claude can now connect to your world
Today we're announcing Integrations, a new way to connect your apps and tools to Claude. We're also expanding Claude's Research capabilities with an advanced mode that searches the web, your Google Wo...
www.anthropic.com
May 2, 2025 at 2:06 AM
Ah, I wondered when this was due to come out.
Can't wait to experiment!
www.anthropic.com/news/integra...
Can't wait to experiment!
www.anthropic.com/news/integra...
Excited to present my research tomorrow at #RSAC!
Come by to hear John and me share conclusions and insights on the first publicly available report on Non-Human identity security!
See you there,
May 1, 10:50 am at Moscone West 3004!
Come by to hear John and me share conclusions and insights on the first publicly available report on Non-Human identity security!
See you there,
May 1, 10:50 am at Moscone West 3004!
May 1, 2025 at 1:03 AM
Excited to present my research tomorrow at #RSAC!
Come by to hear John and me share conclusions and insights on the first publicly available report on Non-Human identity security!
See you there,
May 1, 10:50 am at Moscone West 3004!
Come by to hear John and me share conclusions and insights on the first publicly available report on Non-Human identity security!
See you there,
May 1, 10:50 am at Moscone West 3004!
For today, a bit Friends content! Or, uhh, actually, computer science!
What’s the largest sofa you can pivot around a corner?
Heard about this problem in the past, but I thought it's one of those we will never be able to prove. (At least until quantum computers arrive to solve some NP problems)
What’s the largest sofa you can pivot around a corner?
Heard about this problem in the past, but I thought it's one of those we will never be able to prove. (At least until quantum computers arrive to solve some NP problems)
The Largest Sofa You Can Move Around a Corner | Quanta Magazine
A new proof reveals the answer to the decades-old “moving sofa” problem. It highlights how even the simplest optimization problems can have counterintuitive answers.
www.quantamagazine.org
April 23, 2025 at 8:39 AM
For today, a bit Friends content! Or, uhh, actually, computer science!
What’s the largest sofa you can pivot around a corner?
Heard about this problem in the past, but I thought it's one of those we will never be able to prove. (At least until quantum computers arrive to solve some NP problems)
What’s the largest sofa you can pivot around a corner?
Heard about this problem in the past, but I thought it's one of those we will never be able to prove. (At least until quantum computers arrive to solve some NP problems)
Took a bit of hiatus from posting here, was quite busy the past few months (CFP season amiright…)
But I do have more cool stuff ready for sharing as well as writing 2 blog posts about projects I worked on lately.
Looking forward to sharing with you all
But I do have more cool stuff ready for sharing as well as writing 2 blog posts about projects I worked on lately.
Looking forward to sharing with you all
April 17, 2025 at 6:57 AM
Took a bit of hiatus from posting here, was quite busy the past few months (CFP season amiright…)
But I do have more cool stuff ready for sharing as well as writing 2 blog posts about projects I worked on lately.
Looking forward to sharing with you all
But I do have more cool stuff ready for sharing as well as writing 2 blog posts about projects I worked on lately.
Looking forward to sharing with you all
March 14, 2025 at 8:21 PM
Well, that was an hour of my life well spent.
An amazing adaptation of minesweeper to include old-school RPG elements.
UPDATE: Had to go back and play, another 4 hours to achieve a perfect clear. Incredible game!
An amazing adaptation of minesweeper to include old-school RPG elements.
UPDATE: Had to go back and play, another 4 hours to achieve a perfect clear. Incredible game!
Dragonsweeper by Daniel Benmergui
A roguelike minesweeper adventure
danielben.itch.io
March 8, 2025 at 12:03 AM
Well, that was an hour of my life well spent.
An amazing adaptation of minesweeper to include old-school RPG elements.
UPDATE: Had to go back and play, another 4 hours to achieve a perfect clear. Incredible game!
An amazing adaptation of minesweeper to include old-school RPG elements.
UPDATE: Had to go back and play, another 4 hours to achieve a perfect clear. Incredible game!
Great thread on the emerging new details on the ByBit breach
New details on the ByBit/Safe{Wallet} breach, and uhhh wow, some really silly blunders on the DPRK side. They still succeeded which is the most upsetting part of all of this. Let's bully some threat actor tradecraft! A🧵
x.com/safe/status/...
x.com/safe/status/...
Safe.eth on X: "Investigation Updates and Community Call to Action" / X
Investigation Updates and Community Call to Action
x.com
March 6, 2025 at 11:59 PM
Great thread on the emerging new details on the ByBit breach
A cute post showcasing the basis of every website - HTML! The site goes over (almost) all HTML tags, by using them.
Seeing this, it’s unfortunate that text inputs in websites don't allow most tags but rather encapsulate how the final result is displayed for users. Give us more, please!
Seeing this, it’s unfortunate that text inputs in websites don't allow most tags but rather encapsulate how the final result is displayed for users. Give us more, please!
Every HTML Element
iamwillwang.com
February 28, 2025 at 12:31 AM
A cute post showcasing the basis of every website - HTML! The site goes over (almost) all HTML tags, by using them.
Seeing this, it’s unfortunate that text inputs in websites don't allow most tags but rather encapsulate how the final result is displayed for users. Give us more, please!
Seeing this, it’s unfortunate that text inputs in websites don't allow most tags but rather encapsulate how the final result is displayed for users. Give us more, please!
Managed to squeeze in 2 talk submissions to #fwd:cloudsec just before the first round CFP closes.
Hoping for good news, will be the perfect reason to finally attend in person!
Hoping for good news, will be the perfect reason to finally attend in person!
February 27, 2025 at 5:39 PM
Managed to squeeze in 2 talk submissions to #fwd:cloudsec just before the first round CFP closes.
Hoping for good news, will be the perfect reason to finally attend in person!
Hoping for good news, will be the perfect reason to finally attend in person!
Check out this wild project: #Steam #Brick.
The author transformed the Steam Deck to a brick that still connects to screens or VR while reducing size by a third
Projects like this (author used steam-provided data) are a great example of "right-to-own", critical to enhance electronics sustainability
The author transformed the Steam Deck to a brick that still connects to screens or VR while reducing size by a third
Projects like this (author used steam-provided data) are a great example of "right-to-own", critical to enhance electronics sustainability
No screen, no controller, and absolutely no sense, just a power button and a USB port.
Brick your Steam Deck - one way or another…
crastinator-pro.github.io
February 24, 2025 at 9:58 PM
#OAuth #phishing apps are coming to get you - now on #X!
It's annoying to see yet another case of how easy it is to fake consent screens that look identical to real companies.
Why we still lack mandatory verification processes for new OAuth apps is beyond me.
x.com/thealexbanks...
It's annoying to see yet another case of how easy it is to fake consent screens that look identical to real companies.
Why we still lack mandatory verification processes for new OAuth apps is beyond me.
x.com/thealexbanks...
February 21, 2025 at 9:27 AM
#OAuth #phishing apps are coming to get you - now on #X!
It's annoying to see yet another case of how easy it is to fake consent screens that look identical to real companies.
Why we still lack mandatory verification processes for new OAuth apps is beyond me.
x.com/thealexbanks...
It's annoying to see yet another case of how easy it is to fake consent screens that look identical to real companies.
Why we still lack mandatory verification processes for new OAuth apps is beyond me.
x.com/thealexbanks...
#OIDC identity providers in #AWS have been getting more attention lately and rightfully so: It’s unfortunately surprisingly easy (and common) to create misconfiguration within the necessary conditions on OIDC-based #IAM roles trust policy.
RogueOIDC: AWS Persistence and Evasion through attacker-controlled OIDC Identity Provider
This research shows what an attacker can achieve after creating a malicious OIDC identity provider in AWS and how they can do it. The article presents novel techniques and tools for persistence and ev...
www.offensai.com
February 20, 2025 at 8:16 PM