🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Perhaps one of the most badass CVE's I've ever seen from neils 💪😤 cisa.gov/news-events/ic…

Turns out you can just hack any train in the USA and take control over the brakes. This is CVE-2025-1727 and it took me 12 years to get this published. This vulnerability is still not patched. Here's the story:

A white unmarked van pulled up to my house yesterday and dropped off a mysterious package. (I was out of town) My security team x-rayed it and it had a battery, wires, and cylinder inside. The Bomb Squad was called in to investigate. In the end they discovered it was a gift

you really start finding the limits of LLMs once you go beyond the training data react todo apps are easy, but as soon as you start working on more complex stuff, they don't really "know" what they are doing (even when giving docs, mcp, etc.) which is very normal, because if

Sigh

People keep posting this for other reasons and all I can think of is ransomware targets

This is actually amazing

Back on the hunt for 3d scanner I never pulled trigger before. Looks like a Raptor or Einstar. The plan is printing a bunch of aftermarket car electronics for mockup on friends cars or ones I wire.

This especially if you’re planning to use things for offense. The 5 year old blogs it’s pulling from might not cut it.

Go, James 🏴󠁧󠁢󠁷󠁬󠁳󠁿, go! 🔥🔥

iOS apps need a way to filter voice message replies to texts

Our research on open tunneling servers got nominated for the Most Innovative Research award :) The work will be presented by Angelos Beitis at Black Hat and also at USENIX Security Brief summary and code: github.com/vanhoefm/tunne… Paper: papers.mathyvanhoef.com/usenix2025-tun…

Wow. Spain is putting salt typhoon out of business. They are just going to hand it all to them: Huawei contracted to manage their wiretaps…. therecord.media/spain-awards-c…

The one tip I will give to anyone starting out in any pentest / red team role is the one thing after 20 years of it I still never manage to do properly…. Report as you go ✅✅✅ That way you don’t end up spending your Sundays writing reports. Writing a report on a 3.5 month

Tool release form my SteelCon talk. Nothing ground breaking but free tools are free tools github.com/two06/LinkedIn…

why did every web3 guy pivot to selling prompts

So this was a very well intentioned blog but it’s also pretty neat if you need a persistence feature to send out phishing emails via graph API blog.icewolf.ch/archive/2025/0…

New in the Defender XDR advanced hunting platform, GraphApiAuditEvents - any blue team, threat hunter or those working on detections should make sure they get familiar with this data, it can be key for detecting malicious activity in your environment. It shows information about

I love this talk