@adrian-rt.bsky.social
Spoke at BlueHat IL and had an amazing time!
I was able to deliver my talk, and I think it went really well, super excited to speak in front of such an incredible audience!
Great seeing Alexander Georgiev again!
Some pictures from the event below📸
I was able to deliver my talk, and I think it went really well, super excited to speak in front of such an incredible audience!
Great seeing Alexander Georgiev again!
Some pictures from the event below📸
April 10, 2025 at 8:40 AM
Spoke at BlueHat IL and had an amazing time!
I was able to deliver my talk, and I think it went really well, super excited to speak in front of such an incredible audience!
Great seeing Alexander Georgiev again!
Some pictures from the event below📸
I was able to deliver my talk, and I think it went really well, super excited to speak in front of such an incredible audience!
Great seeing Alexander Georgiev again!
Some pictures from the event below📸
Reposted
Reposted
[RSS] Blasting Past Webp
googleprojectzero.blogspot.com ->
An analysis of the NSO BLASTPASS iMessage exploit
Original->
googleprojectzero.blogspot.com ->
An analysis of the NSO BLASTPASS iMessage exploit
Original->
March 26, 2025 at 7:58 PM
[RSS] Blasting Past Webp
googleprojectzero.blogspot.com ->
An analysis of the NSO BLASTPASS iMessage exploit
Original->
googleprojectzero.blogspot.com ->
An analysis of the NSO BLASTPASS iMessage exploit
Original->
Reposted
This is so cool: The LibAFL_QEMU ASan implementation was ported to rust
github.com/AFLplusplus/...
#LibAFL #QEMU #ASan #Rust
github.com/AFLplusplus/...
#LibAFL #QEMU #ASan #Rust
Librasan by WorksButNotTested · Pull Request #3023 · AFLplusplus/LibAFL
Implementation of ASAN target side components in rust.
The implementation sits alongside the existing libqasan (although that could be withdrawn in future if we are happy with it). It is selected ...
github.com
March 10, 2025 at 4:29 PM
This is so cool: The LibAFL_QEMU ASan implementation was ported to rust
github.com/AFLplusplus/...
#LibAFL #QEMU #ASan #Rust
github.com/AFLplusplus/...
#LibAFL #QEMU #ASan #Rust
Reposted
Created a #CodeQL Cheat Sheet to document what I struggled with recently:
scrapco.de ->
Will push updates as they pop to my mind. Contributions/ideas are also most welcome!
github.com ->
Original->
scrapco.de ->
Will push updates as they pop to my mind. Contributions/ideas are also most welcome!
github.com ->
Original->
March 8, 2025 at 11:32 AM
Created a #CodeQL Cheat Sheet to document what I struggled with recently:
scrapco.de ->
Will push updates as they pop to my mind. Contributions/ideas are also most welcome!
github.com ->
Original->
scrapco.de ->
Will push updates as they pop to my mind. Contributions/ideas are also most welcome!
github.com ->
Original->
Reposted
This article on Solr and its (in)security is really good 💎
And I strongly recommend to read @hacefresko.com previous article on Solr before diving in this one (I will share the link in my reply)
And I strongly recommend to read @hacefresko.com previous article on Solr before diving in this one (I will share the link in my reply)
Good news! I've uploaded a new post about the most complex and beautiful vulnerability I've ever found, involving patching and uploading deprecated .jar libraries to get RCE on a big target. It's a very technical post, but I hope you like it ! :)
www.hacefresko.com/posts/rce-on...
www.hacefresko.com/posts/rce-on...
A very fancy way to obtain RCE on a Solr server
www.hacefresko.com
March 7, 2025 at 8:32 PM
This article on Solr and its (in)security is really good 💎
And I strongly recommend to read @hacefresko.com previous article on Solr before diving in this one (I will share the link in my reply)
And I strongly recommend to read @hacefresko.com previous article on Solr before diving in this one (I will share the link in my reply)
Reposted
Quick fix for Ghidra's rust detection, if you are analyzing rust and your strings are not extracted correctly please try my patch!
github.com/NationalSecu...
#Ghidra #RustLang #Malware #ReverseEngineering
github.com/NationalSecu...
#Ghidra #RustLang #Malware #ReverseEngineering
Detect more rust binaries by cyberkaida · Pull Request #7885 · NationalSecurityAgency/ghidra
Some rust binaries do not contain the rustc or RUST_BACKTRACE strings. Also detect RUST_MIN_STACK which is in these binaries.
For example: baa676b671e771bf04b245e648f49516b338e1f49cbd9b4d237cc36d57...
github.com
March 8, 2025 at 3:45 AM
Quick fix for Ghidra's rust detection, if you are analyzing rust and your strings are not extracted correctly please try my patch!
github.com/NationalSecu...
#Ghidra #RustLang #Malware #ReverseEngineering
github.com/NationalSecu...
#Ghidra #RustLang #Malware #ReverseEngineering
Reposted
We've just released Shadow Repeater, for AI-enhanced manual testing. Simply use Burp Repeater as you normally would, and behind the scenes Shadow Repeater will learn from your attacks, try payload permutations, and report any discoveries via Organizer.
portswigger.net/research/sha...
portswigger.net/research/sha...
February 20, 2025 at 1:24 PM
We've just released Shadow Repeater, for AI-enhanced manual testing. Simply use Burp Repeater as you normally would, and behind the scenes Shadow Repeater will learn from your attacks, try payload permutations, and report any discoveries via Organizer.
portswigger.net/research/sha...
portswigger.net/research/sha...
Reposted
March 7, 2025 at 1:48 PM
Reposted
Bluesky is the vaping of social media.
It got me off the really bad stuff, and definitely tastes better, but it's probably still not great for my health.
It got me off the really bad stuff, and definitely tastes better, but it's probably still not great for my health.
March 7, 2025 at 1:30 PM
Bluesky is the vaping of social media.
It got me off the really bad stuff, and definitely tastes better, but it's probably still not great for my health.
It got me off the really bad stuff, and definitely tastes better, but it's probably still not great for my health.
Reposted
It's live! Starting today, you can use @cyd.social to migrate your old tweets into Bluesky. Check it out! cyd.social/migrate-your...
March 6, 2025 at 5:38 PM
It's live! Starting today, you can use @cyd.social to migrate your old tweets into Bluesky. Check it out! cyd.social/migrate-your...
Reposted
You can find our @shmoocon.bsky.social presentation slides at the below GitHub repo. Thanks again to all that attended. Also, thank you to the conference organizers for putting on a great con and having us! #shmoocon
github.com/h4wkst3r/Con...
github.com/h4wkst3r/Con...
January 12, 2025 at 4:12 PM
You can find our @shmoocon.bsky.social presentation slides at the below GitHub repo. Thanks again to all that attended. Also, thank you to the conference organizers for putting on a great con and having us! #shmoocon
github.com/h4wkst3r/Con...
github.com/h4wkst3r/Con...
Reposted
A VM escape exploit chain, exploited in the wild as 0day ...well that's not something we see very often 👀
“The impact here is huge, an attacker who has compromised a hypervisor can go on to compromise any of the other virtual machines that share the same hypervisor.” – @stephenfewer.bsky.social, Rapid7 principal security researcher
The latest on 3 #Broadcom #VMware zero-day vulns, via @techcrunch.com ⤵️
The latest on 3 #Broadcom #VMware zero-day vulns, via @techcrunch.com ⤵️
Broadcom urges VMware customers to patch ‘emergency’ zero-day bugs under active exploitation | TechCrunch
Security experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape
r-7.co
March 7, 2025 at 9:12 AM
A VM escape exploit chain, exploited in the wild as 0day ...well that's not something we see very often 👀
Reposted
Accessing +700,000 users data and reading files on a Solr server
www.hacefresko.com
March 7, 2025 at 8:34 PM
Reposted
Good news! I've uploaded a new post about the most complex and beautiful vulnerability I've ever found, involving patching and uploading deprecated .jar libraries to get RCE on a big target. It's a very technical post, but I hope you like it ! :)
www.hacefresko.com/posts/rce-on...
www.hacefresko.com/posts/rce-on...
A very fancy way to obtain RCE on a Solr server
www.hacefresko.com
February 26, 2025 at 4:40 PM
Good news! I've uploaded a new post about the most complex and beautiful vulnerability I've ever found, involving patching and uploading deprecated .jar libraries to get RCE on a big target. It's a very technical post, but I hope you like it ! :)
www.hacefresko.com/posts/rce-on...
www.hacefresko.com/posts/rce-on...
Reposted
We’re proud to announce that @adrian-rt.bsky.social will speak at BlueHat IL 2025 by @microsoft.com on April 8 in Tel Aviv!
Our participation reinforces our position as a leader in pentesting and reflects our mission to enhance cybersecurity through cutting-edge research and real-world insights.
Our participation reinforces our position as a leader in pentesting and reflects our mission to enhance cybersecurity through cutting-edge research and real-world insights.
March 7, 2025 at 9:24 AM
We’re proud to announce that @adrian-rt.bsky.social will speak at BlueHat IL 2025 by @microsoft.com on April 8 in Tel Aviv!
Our participation reinforces our position as a leader in pentesting and reflects our mission to enhance cybersecurity through cutting-edge research and real-world insights.
Our participation reinforces our position as a leader in pentesting and reflects our mission to enhance cybersecurity through cutting-edge research and real-world insights.
Reposted
We've updated our URL validation bypass cheat sheet with this shiny Domain allow list bypass payload contributed by dyak0xdb!
February 6, 2025 at 9:17 AM
We've updated our URL validation bypass cheat sheet with this shiny Domain allow list bypass payload contributed by dyak0xdb!
Reposted
Qualys Security Advisory
CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled
client
CVE-2025-26466: DoS attack against OpenSSH's client and server
www.openwall.com ->
Original->
CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled
client
CVE-2025-26466: DoS attack against OpenSSH's client and server
www.openwall.com ->
Original->
February 18, 2025 at 9:22 AM
Qualys Security Advisory
CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled
client
CVE-2025-26466: DoS attack against OpenSSH's client and server
www.openwall.com ->
Original->
CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled
client
CVE-2025-26466: DoS attack against OpenSSH's client and server
www.openwall.com ->
Original->
Reposted
Catch the inside story on the Top Ten Web Hacking Techniques in my interview with the Application Security Weekly podcast
youtu.be/8XEK3NkbKOA
youtu.be/8XEK3NkbKOA
Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318
YouTube video by Security Weekly - A CRA Resource
youtu.be
February 18, 2025 at 2:46 PM
Catch the inside story on the Top Ten Web Hacking Techniques in my interview with the Application Security Weekly podcast
youtu.be/8XEK3NkbKOA
youtu.be/8XEK3NkbKOA
Reposted
My bad, I forgot to post a link to last week's edition of AppSec Ezine 🤦
pathonproject.com/zb/?e8f4f080...
pathonproject.com/zb/?e8f4f080...
AppSec Ezine
pathonproject.com
February 18, 2025 at 11:10 AM
My bad, I forgot to post a link to last week's edition of AppSec Ezine 🤦
pathonproject.com/zb/?e8f4f080...
pathonproject.com/zb/?e8f4f080...
Reposted
Reposted
Networking in InfoSec isn’t just about IP addresses and ports—it’s also about people!
Discover how meetups, conferences, and volunteering can open big career doors in InfoSec.
Read more: pentesterlab.com/blog/infosec...
Discover how meetups, conferences, and volunteering can open big career doors in InfoSec.
Read more: pentesterlab.com/blog/infosec...
Networking but not TCP/IP - PentesterLab's Blog
Discover how building real-world connections in the InfoSec community can accelerate your journey into pentesting and cybersecurity. From local meetups and conferences to online communities, this guid...
pentesterlab.com
January 11, 2025 at 11:59 PM
Networking in InfoSec isn’t just about IP addresses and ports—it’s also about people!
Discover how meetups, conferences, and volunteering can open big career doors in InfoSec.
Read more: pentesterlab.com/blog/infosec...
Discover how meetups, conferences, and volunteering can open big career doors in InfoSec.
Read more: pentesterlab.com/blog/infosec...
Reposted
Reposted
No polyglots or tricks, just the basics for now.
This will be recorded and available publicly later.
m.youtube.com/@corkami-alb...
This will be recorded and available publicly later.
m.youtube.com/@corkami-alb...
Ange Albertini
Reverse engineering & visual documentations/presentations
Free, technical, useful
m.youtube.com
January 2, 2025 at 7:13 PM
No polyglots or tricks, just the basics for now.
This will be recorded and available publicly later.
m.youtube.com/@corkami-alb...
This will be recorded and available publicly later.
m.youtube.com/@corkami-alb...