I hope everyone got some rest after @DownUnderCTF this weekend. My colleague @hash_kitten wrote up a blog post on a novel technique for SQL Injection in PDO's prepared statements, required to exploit the “legendary” challenge, which only got one solve: slcyber.io/assetnote-secu…
I really enjoyed the way @SinSinology taught his very hands-on 1-day .NET-exploitation yesterday. Sadly without pizza but definitely worth it nonetheless ;)
the vibe coder knows what the code is doing at all times. They know this because they know what the code isn't doing. By subtracting what the code is doing from what it isn't doing, or vice versa (depending on the energy in the room), they derive a difference, or vibe…
Ever wondered how Kurts Maultaschenfabrikle got hacked in 2023? The full story, all technical details, out now ;-) apply-if-you-can.com/walkthrough/20…
BeanBeat has been aquired by Kurts Maultaschenfabrikle! You don't know what that means? Head over to apply-if-you-can.com to find out in challenges that, without exception, stem from real-world vulns #uncompromisingRealism#finestHacking
Today, CODE WHITE turns 10 🥳 Over the past decade, we've hacked our way through 120+ large corporations' defenses, caused headaches for Blue Teams and disclosed numerous 0days to vendors. Proudly grown from a few motivated hackers in 2014 to an established team of 50+ today 💪
👉Hacking Google Bard: From Prompt Injection to Data Exfiltration
A nice example of a high impact prompt injection attack that led to chat history exfiltration (delivered via forced Google Doc sharing) 🔥🔥🔥
#bard#llm#infosec#bugbountyembracethered.com/blog/posts/202…
[RELEASE] EvtPsst a small mute tool developed by me, that abuses exposed SYNCHRONIZE and Token handles in order to get a process handle to the EventLog Process with more access.
Blogpost over the techniques will follow in the next days.
github.com/nothingspecial…#redteam
It was time to ACT! for @frycos when he discovered a custom .NET remoting implementation in the popular ACT! CRM but had no way to get a trial version. Read about his journey leading to unauthenticated #RCE at code-white.com/blog/2023-07-f…
Teardown of the Disneyland entry band, friendly donation by you know who you are❤️
FCC: Q3E-MB-R1G2
First stage disassembly is quite easy via 2 screws but comes to a sonic welded inner part
From the outside you can talk to it via NFC
🧐a battery as well?
Lets look deeper!
1/N
Finale der Hacker-Meisterschaft im Juli in Ulm - am 1. März startet die zweimonatige Online-Qualifikation ulm.de/aktuelle-meldu…
Alles Wissenswerte zum Wettbewerb: cscg.de@C_S_C_G
In 2010, WikiLeaks released a classified document.
A list of infrastructure critical to U.S national security.
The government listed a Trans-Atlantic cable.
3 years ago,
19-year-old me gained ADMIN access to that cable (and another; shared codebase).
🧵Here's how I found it
The photo of the U.S. Air Force's new stealth aircraft is on the left, taken at night, with stars in the background.
We can use them to find the exact location of the jet
(thread)
The photo of the U.S. Air Force's new stealth aircraft is on the left, taken at night, with stars in the background.
We can use them to find the exact location of the jet
(thread)
More car hacking!
Earlier this year, we were able to remotely unlock, start, locate, flash, and honk any remotely connected Honda, Nissan, Infiniti, and Acura vehicles, completely unauthorized, knowing only the VIN number of the car.
Here's how we found it, and how it works:
97 Followers 1K FollowingEntusiasta em criptomoedas.
''A maioria das pessoas associa dinheiro a prazer imediato. Para mim, ele deve ser acumulado para proporcionar liberdade''
#bitcoin
744 Followers 326 FollowingBy the power of truth, I, while living, have conquered the universe - /OS(C(P|E)|EE)/ - Tweets are my own! - Red teamer @codewhitesec | @[email protected]
6K Followers 602 FollowingCEO and founder of XBOW. Previously: Founder of GitHub Next, founder of GitHub Copilot, CEO and founder of Semmle (GitHub Advanced Security), prof at Oxford.
10K Followers 6 FollowingBringing AI to offensive security by autonomously finding and exploiting web vulnerabilities. Watch XBOW hack things: https://t.co/D5Mco1u8zM
151K Followers 489 FollowingBeliever | Bible Teacher | New York Times Best Selling Author| Conference Speaker | Middle East News Commentator | Founder and President of Behold Israel
9K Followers 305 FollowingCybersecurity & Technology, Hacker, Father.
Today: Chief Hacker at EY IL.
ex-Mercedes-Benz, ex-IBM, ex-IDF.
On LinkedIn, Mastodon and Bluesky as well.
555K Followers 132 FollowingFather of three, Creator of Ruby on Rails + Omarchy, Co-owner & CTO of 37signals, Shopify director, NYT best-selling author, and Le Mans 24h class-winner.
28K Followers 206 FollowingHacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
2.7M Followers 4 FollowingIndependent online protection company. Get our mobile & desktop browser with protections built-in, including our search engine that doesn't track you.
26K Followers 11 Followingdelicious coffee, ethically sourced, and roasted to perfection • order via your terminal • ssh https://t.co/62f84mRBoO • get help @ [email protected]
1K Followers 1 Followingjswzl helps make web application testing easier with static analysis, making it easier to audit JS code and do your recon/mapping
7K Followers 597 FollowingHacking neural networks so that we don’t get stuck in the matrix. Builder and Breaker. Opinions are my own. https://t.co/ij8buvMaXg