With AI, technical interviews are becoming harder and harder to trust. Candidates now have access to automated tools designed to help ...
SAML bypasses & LLM-assisted crash triage. 🔒 The Fragile Lock: Novel Bypasses for SAML Authentication Ruby SAML falls again. An extraordinary ...
WAF bypasses, CVE research & constant-time crypto. ⏰ Introducing constant-time support for LLVM to protect cryptographic code Trail of Bits explains ...
Articles worth reading discovered last week. This week feels like a giant "how to find your own CVE"... 🤖 An Evening ...
Android, Request Smuggling and Markdown Sanitizer! 📸 Pixnapping Attack It has been a while since the last vulnerability with its own ...
Busy week: Android, Django and MCP! 🤖 Runtime Android Object Instrumentation A great write-up on runtime instrumentation for Android using SQLite ...
Passports, WIFI and AI-SAST! 🛂 The cryptography behind electronic passports A great write-up on the security of electronic passports using a ...
Another great week! 🧠 CSP Bypass Search What if there was a place you could copy/paste a CSP policy and instantly ...
Security code review doesn't have to be intimidating. In Go codebases, certain patterns appear repeatedly. These mistakes are easy to spot ...
AI, AI, SSRF-XSLT! 🤖 Building the Leading Open-Source Pentesting Agent: Architecture Lessons from XBOW Benchmark The latest write-up on how to ...
ADB and JWT, a quiet but interesting week! 🚙 Technical Advisory: Tesla Telematics Control Unit - ADB Auth Bypass Learn how ...
Content worth checking discovered last week: 🤖 Hacking with AI SASTs A great write-up evaluating the current state of AI-augmented SAST: ...
Tabletop exercises are the secret weapon for building resilient AppSec teams. They're not just training; they're relationship builders, blind spot finders, ...