Shazzer will now highlight the differences in behaviour between browsers. If one does something different it will be highlighted in red.

shazzer.co.uk/vectors/661643…

Cybersecurity Startup Idea:

A firewall that increases security!

I've built a brand new version of my fuzzing tool Shazzer🚀

shazzer.co.uk

- Easy fuzz browser behaviour
- Find bugs
- Share the results with the world

We have some nice #CTF challenges in store for you. Mark the calendar, gather the team, get ready!

Also remember that the best teams qualify for Hackceler8!

This. The problem with cybersecurity is that almost everything that is taught about it is based on high level abstractions generated by people who never found a single software vulnerability in their lives.

This is a problem because cyber offense works on a concrete level, and…

How To Found a Company In Germany: 14 “Easy” Steps And Lots Of Pain 👍

eidel.io/how-to-found-a…

A lot of tradecraft being burned here. Generally, good backdoor OpSec means shipping the least code possible. Later on, deploy additional stages to the desired targets.

Not only bc you risk burning less, but because more code samples means more “DNA” left behind for attribution

Hey folks, if you're looking for an amazing security engineer, check out jvoisin whom I had the pleasure to work with on a lot of cool projects at Google :)

> I don't have anything lined-up job-wise, so feel free to reach out if you're hiring.

Looks like an opportunity!

whoever designed this stuff had to take a deep dive into openSSH(d) internals (and so did I for the past couple of days, oof) .. hats off, once again :)

Im really annoyed by shitty cooking 🧑‍🍳 recipes with unnecessary text. Can anybody recommend a good iOS app? I am so annoyed I would pay.

Too many people fall into the traps of gamification or certification, focusing on the wrong objectives.

Your goal should be to learn, not to be at the top of the leaderboard or merely to pass an exam.

[1/2]

'I wasn't going to report it, I thought it was your laboratory but after my first analysis this seems real'

We've just disclosed a surprisingly simple directory traversal that 0xd0m7 found in our website for $5,000!
hackerone.com/reports/2424815

Shoutout to Tim Perry and HTTP Toolkit. Incredible convenient to quickly configure a proxy for various programs - including browsers, shells and Android.

Also great writeup about the technical details of the android interception changes in Android 14 🙇‍♀️
httptoolkit.com/blog/android-1…

I just learned that a vulnerability I found made it into the list of 'Notable magic numbers' in the Hexspeak Wikipedia article 😂

xz bd engineer 1: bro, we need a way to probe the address space to make sure we never SEGV sshd
xz bd engineer 2: we'll just do a pselect syscall with empty fd sets, a timeout of 1 nanosecond and the addr we want to probe is passed as the sigmask pointer, EFAULT means unmapped

🙃