home.social

#security-research — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #security-research, aggregated by home.social.

fetched live
  1. Ok, I managed to block all of those new followers with boobies. "I reply when it feels right".... "Are you looking for a new friend "... no. I'm #gay and I'm disgusted with scammers. I like #CyberSecurity #Infosec #ThreatIntelligence #SecurityResearch #BlueTeam #tech

  2. Ok, I managed to block all of those new followers with boobies. "I reply when it feels right".... "Are you looking for a new friend "... no. I'm #gay and I'm disgusted with scammers. I like #CyberSecurity #Infosec #ThreatIntelligence #SecurityResearch #BlueTeam #tech

  3. New blog post!

    The title should be self-explanatory, it's an appreciation post for Nightmare Eclipse.

    You might notice that the tone is a bit more emotional/angry than my usual style of writing.
    This one's personal.

    ti-kallisti.com/general/ms/nig

    #NightmareEclipse #Microsoft #Hackers #InfoSec #SecurityResearch #ChainsawMan #Reze

  4. New blog post!

    The title should be self-explanatory, it's an appreciation post for Nightmare Eclipse.

    You might notice that the tone is a bit more emotional/angry than my usual style of writing.
    This one's personal.

    ti-kallisti.com/general/ms/nig

    #NightmareEclipse #Microsoft #Hackers #InfoSec #SecurityResearch #ChainsawMan #Reze

  5. New blog post!

    The title should be self-explanatory, it's an appreciation post for Nightmare Eclipse.

    You might notice that the tone is a bit more emotional/angry than my usual style of writing.
    This one's personal.

    ti-kallisti.com/general/ms/nig

    #NightmareEclipse #Microsoft #Hackers #InfoSec #SecurityResearch #ChainsawMan #Reze

  6. New blog post!

    The title should be self-explanatory, it's an appreciation post for Nightmare Eclipse.

    You might notice that the tone is a bit more emotional/angry than my usual style of writing.
    This one's personal.

    ti-kallisti.com/general/ms/nig

    #NightmareEclipse #Microsoft #Hackers #InfoSec #SecurityResearch #ChainsawMan #Reze

  7. Looking forward to #OWASP Global AppSec EU and the inaugural #MAScon next week. Excited for the opportunity to learn from researchers and practitioners who are pushing mobile security forward.

    Check out some of the sessions: loom.ly/qC3L65o

    @owasp #OWASPGlobalAppSec #MobileApps #MobileSecurity #SecurityResearch

  8. Looking forward to #OWASP Global AppSec EU and the inaugural #MAScon next week. Excited for the opportunity to learn from researchers and practitioners who are pushing mobile security forward.

    Check out some of the sessions: loom.ly/qC3L65o

    @owasp #OWASPGlobalAppSec #MobileApps #MobileSecurity #SecurityResearch

  9. Looking forward to #OWASP Global AppSec EU and the inaugural #MAScon next week. Excited for the opportunity to learn from researchers and practitioners who are pushing mobile security forward.

    Check out some of the sessions: loom.ly/qC3L65o

    @owasp #OWASPGlobalAppSec #MobileApps #MobileSecurity #SecurityResearch

  10. Looking forward to #OWASP Global AppSec EU and the inaugural #MAScon next week. Excited for the opportunity to learn from researchers and practitioners who are pushing mobile security forward.

    Check out some of the sessions: loom.ly/qC3L65o

    @owasp #OWASPGlobalAppSec #MobileApps #MobileSecurity #SecurityResearch

  11. Looking forward to #OWASP Global AppSec EU and the inaugural #MAScon next week. Excited for the opportunity to learn from researchers and practitioners who are pushing mobile security forward.

    Check out some of the sessions: loom.ly/qC3L65o

    @owasp #OWASPGlobalAppSec #MobileApps #MobileSecurity #SecurityResearch

  12. You demonstrate a fileless RCE chain. Complex delivery, in-memory execution, zero detections, confirmed working on multiple devices.

    The vendor reviews it twice, involves engineering, then tells you:

    "Your research demonstrates a complex chain for delivering and executing code."

    ...and closes it as 'intended behavior. Not a platform vulnerability.'

    Question: is it a vulnerability?

    Follow-up: does your answer change if the attack surface exists *between* components — where no single owner's scope definition covers the full chain?

    Asking because I have a paper dropping soon about that.

    #VRP #responsibleDisclosure #semanticGap #infosec #securityResearch

  13. You demonstrate a fileless RCE chain. Complex delivery, in-memory execution, zero detections, confirmed working on multiple devices.

    The vendor reviews it twice, involves engineering, then tells you:

    "Your research demonstrates a complex chain for delivering and executing code."

    ...and closes it as 'intended behavior. Not a platform vulnerability.'

    Question: is it a vulnerability?

    Follow-up: does your answer change if the attack surface exists *between* components — where no single owner's scope definition covers the full chain?

    Asking because I have a paper dropping soon about that.

    #VRP #responsibleDisclosure #semanticGap #infosec #securityResearch

  14. You demonstrate a fileless RCE chain. Complex delivery, in-memory execution, zero detections, confirmed working on multiple devices.

    The vendor reviews it twice, involves engineering, then tells you:

    "Your research demonstrates a complex chain for delivering and executing code."

    ...and closes it as 'intended behavior. Not a platform vulnerability.'

    Question: is it a vulnerability?

    Follow-up: does your answer change if the attack surface exists *between* components — where no single owner's scope definition covers the full chain?

    Asking because I have a paper dropping soon about that.

    #VRP #responsibleDisclosure #semanticGap #infosec #securityResearch

  15. I was tired of digging through endless random cybersecurity lists, so naturally I built another random cybersecurity list - just cleaner, prettier and actually organized.

    Hack Hub is a curated directory of useful security resources.

    hackhub.fyi

    #CyberSecurity #InfoSec #Hacking #EthicalHacking #Pentesting #RedTeam #BlueTeam #DFIR #OSINT #ThreatIntel #MalwareAnalysis #BugBounty #CloudSecurity #MobileSecurity #OpenSource #SecurityTools #SecurityResearch #Linux #Hackers #Tech

  16. I was tired of digging through endless random cybersecurity lists, so naturally I built another random cybersecurity list - just cleaner, prettier and actually organized.

    Hack Hub is a curated directory of useful security resources.

    hackhub.fyi

    #CyberSecurity #InfoSec #Hacking #EthicalHacking #Pentesting #RedTeam #BlueTeam #DFIR #OSINT #ThreatIntel #MalwareAnalysis #BugBounty #CloudSecurity #MobileSecurity #OpenSource #SecurityTools #SecurityResearch #Linux #Hackers #Tech

  17. I was tired of digging through endless random cybersecurity lists, so naturally I built another random cybersecurity list - just cleaner, prettier and actually organized.

    Hack Hub is a curated directory of useful security resources.

    hackhub.fyi

    #CyberSecurity #InfoSec #Hacking #EthicalHacking #Pentesting #RedTeam #BlueTeam #DFIR #OSINT #ThreatIntel #MalwareAnalysis #BugBounty #CloudSecurity #MobileSecurity #OpenSource #SecurityTools #SecurityResearch #Linux #Hackers #Tech

  18. I was tired of digging through endless random cybersecurity lists, so naturally I built another random cybersecurity list - just cleaner, prettier and actually organized.

    Hack Hub is a curated directory of useful security resources.

    hackhub.fyi

    #CyberSecurity #InfoSec #Hacking #EthicalHacking #Pentesting #RedTeam #BlueTeam #DFIR #OSINT #ThreatIntel #MalwareAnalysis #BugBounty #CloudSecurity #MobileSecurity #OpenSource #SecurityTools #SecurityResearch #Linux #Hackers #Tech

  19. I was tired of digging through endless random cybersecurity lists, so naturally I built another random cybersecurity list - just cleaner, prettier and actually organized.

    Hack Hub is a curated directory of useful security resources.

    hackhub.fyi

    #CyberSecurity #InfoSec #Hacking #EthicalHacking #Pentesting #RedTeam #BlueTeam #DFIR #OSINT #ThreatIntel #MalwareAnalysis #BugBounty #CloudSecurity #MobileSecurity #OpenSource #SecurityTools #SecurityResearch #Linux #Hackers #Tech

  20. Bug Bounty situation = Netflix & Piracy situation?

    *Boosts welcome

    I want to hear your opinion on an idea I had recently:

    So, movies/TV piracy is rising recently. And much of it is due to the overwhelming amount of providers, and the fact that each one has a small portion of the pie.
    Unlike Music, where providers have mostly the same, allowing for a good customer experience, lowering the need to pirate music, in the movies/TV industry the situation is just getting worse each day, making the rise of piracy (discussed in DarknetDiaries' episode about the magic box) bigger each day.

    I was wondering if the same thing would/is happening in the bug bounty world.
    As more and more companies close their bug bounty programs, or lower the rewards, could researchers turn to selling their findings on the dark net/other forums alike?

    After all, many researchers do this to make a living, and not be a knight on a white horse.
    And if someone invested months researching and testing to find a critical vulnerability, they won't be able to go shopping with a Thank You letter.

    what do you think?

    I'm not a bug bounter so I don't really live this world, but some of you are. what do you think?
    is it already happening?

    #BugBounty #SecurityResearch #Piracy #Darknet

  21. Bug Bounty situation = Netflix & Piracy situation?

    *Boosts welcome

    I want to hear your opinion on an idea I had recently:

    So, movies/TV piracy is rising recently. And much of it is due to the overwhelming amount of providers, and the fact that each one has a small portion of the pie.
    Unlike Music, where providers have mostly the same, allowing for a good customer experience, lowering the need to pirate music, in the movies/TV industry the situation is just getting worse each day, making the rise of piracy (discussed in DarknetDiaries' episode about the magic box) bigger each day.

    I was wondering if the same thing would/is happening in the bug bounty world.
    As more and more companies close their bug bounty programs, or lower the rewards, could researchers turn to selling their findings on the dark net/other forums alike?

    After all, many researchers do this to make a living, and not be a knight on a white horse.
    And if someone invested months researching and testing to find a critical vulnerability, they won't be able to go shopping with a Thank You letter.

    what do you think?

    I'm not a bug bounter so I don't really live this world, but some of you are. what do you think?
    is it already happening?

    #BugBounty #SecurityResearch #Piracy #Darknet

  22. Bug Bounty situation = Netflix & Piracy situation?

    *Boosts welcome

    I want to hear your opinion on an idea I had recently:

    So, movies/TV piracy is rising recently. And much of it is due to the overwhelming amount of providers, and the fact that each one has a small portion of the pie.
    Unlike Music, where providers have mostly the same, allowing for a good customer experience, lowering the need to pirate music, in the movies/TV industry the situation is just getting worse each day, making the rise of piracy (discussed in DarknetDiaries' episode about the magic box) bigger each day.

    I was wondering if the same thing would/is happening in the bug bounty world.
    As more and more companies close their bug bounty programs, or lower the rewards, could researchers turn to selling their findings on the dark net/other forums alike?

    After all, many researchers do this to make a living, and not be a knight on a white horse.
    And if someone invested months researching and testing to find a critical vulnerability, they won't be able to go shopping with a Thank You letter.

    what do you think?

    I'm not a bug bounter so I don't really live this world, but some of you are. what do you think?
    is it already happening?

    #BugBounty #SecurityResearch #Piracy #Darknet

  23. Bug Bounty situation = Netflix & Piracy situation?

    *Boosts welcome

    I want to hear your opinion on an idea I had recently:

    So, movies/TV piracy is rising recently. And much of it is due to the overwhelming amount of providers, and the fact that each one has a small portion of the pie.
    Unlike Music, where providers have mostly the same, allowing for a good customer experience, lowering the need to pirate music, in the movies/TV industry the situation is just getting worse each day, making the rise of piracy (discussed in DarknetDiaries' episode about the magic box) bigger each day.

    I was wondering if the same thing would/is happening in the bug bounty world.
    As more and more companies close their bug bounty programs, or lower the rewards, could researchers turn to selling their findings on the dark net/other forums alike?

    After all, many researchers do this to make a living, and not be a knight on a white horse.
    And if someone invested months researching and testing to find a critical vulnerability, they won't be able to go shopping with a Thank You letter.

    what do you think?

    I'm not a bug bounter so I don't really live this world, but some of you are. what do you think?
    is it already happening?

    #BugBounty #SecurityResearch #Piracy #Darknet

  24. Bug Bounty situation = Netflix & Piracy situation?

    *Boosts welcome

    I want to hear your opinion on an idea I had recently:

    So, movies/TV piracy is rising recently. And much of it is due to the overwhelming amount of providers, and the fact that each one has a small portion of the pie.
    Unlike Music, where providers have mostly the same, allowing for a good customer experience, lowering the need to pirate music, in the movies/TV industry the situation is just getting worse each day, making the rise of piracy (discussed in DarknetDiaries' episode about the magic box) bigger each day.

    I was wondering if the same thing would/is happening in the bug bounty world.
    As more and more companies close their bug bounty programs, or lower the rewards, could researchers turn to selling their findings on the dark net/other forums alike?

    After all, many researchers do this to make a living, and not be a knight on a white horse.
    And if someone invested months researching and testing to find a critical vulnerability, they won't be able to go shopping with a Thank You letter.

    what do you think?

    I'm not a bug bounter so I don't really live this world, but some of you are. what do you think?
    is it already happening?

    #BugBounty #SecurityResearch #Piracy #Darknet

  25. New #CloudSecTidbits explores how misconfigured AWS ELBs can silently break security boundaries through rule shadowing, CloudFront/WAF bypasses, and alternate routing paths.

    We’re also releasing ELBaph — a new read-only tool to map ELB routing graphs, detect exposed paths, and surface real-world attack chains across ALBs/NLBs.

    blog.doyensec.com/2026/05/25/c

    #AppSec #Doyensec #AWS #CloudSecurity #AppSec #SecurityResearch

  26. New #CloudSecTidbits explores how misconfigured AWS ELBs can silently break security boundaries through rule shadowing, CloudFront/WAF bypasses, and alternate routing paths.

    We’re also releasing ELBaph — a new read-only tool to map ELB routing graphs, detect exposed paths, and surface real-world attack chains across ALBs/NLBs.

    blog.doyensec.com/2026/05/25/c

    #AppSec #Doyensec #AWS #CloudSecurity #AppSec #SecurityResearch

  27. Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.

    At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.

    🔗 oxidizeconf.com/sessions/await

    #Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust

  28. Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.

    At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.

    🔗 oxidizeconf.com/sessions/await

    #Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust