That was fun. I bypassed a @OpenAI ChatGPT /mnt/data restriction via a symlink, downloaded envs, Jupyter kernels' keys, and some source code from there. Reported via @Bugcrowd and got not applicable! Now this issue is fixed (in like an hours after my report).. Is it how it should be? Asking for the community here. Screenshots attached.

TurkuSec September Meetup! Date: 14.9.2023 Time: 17:45 – Onwards Venue: SparkUp Turku (Tykistökatu 4B) “Securing 5G networks with Federated learning and GANs” by Rayyan Hassan “What is CTI?” by Lauri Vakkala Join us! More info: turkusec.fi/turkusec-septemb…

How do you fuzz code that cannot be instrumented, e.g. on an embedded system? It turns out you can use GDB for that! 👉 Check out our upcoming “GDBFuzz” @issta_conf paper at publications.cispa.saarland/… 👉 GDBFuzz is available as open source at github.com/boschresearch/gdb…

Also applies after replacing "trivial things" with "security backlog"

Need to bypass the JWT signature? Kid param injection directory traversal = signature bypass Vulnerable apps using 'kid' for key retrieval might allow attackers to force a predictable key file (e.g. static file or /dev/null)🔓 Crafted malicious tokens signed w/ known key

It's only penetration testing if it's from the Pénaux region of France. Otherwise, it's just sparkling security testing.

chatgpt-4 has reach human level! I asked it to create a C 20 example using modules with a makefile and it didn't work. I also can't get it to work. Amazing!

Wanna receive a notification when a talk or a workshop you're interested in starts? How about a map covering the whole event venue? Scroll through all the speakers infos? This year, we've added all event info to hackertracker.app so you won't miss a thing! #disobey2023

HELLO, ^HEL0LO, HMML7O>, H{H*GfLO, ?HELLQFO! If you were lucky enough to get a ticket to @Disobey_fi 2023, why not join my fuzzing workshop? We are going to have some "fun" with grammar-based fuzzing using code snippets from the amazing @FuzzingBook disobey.fi/2023/profile/fuzz…

It's out; the official program for #disobey2023 Go check it out⤵️ disobey.fi/2023/program

This was now the first sticker on my new laptop..

What is the mental model of a hacker? Timothy C. Summers, Ph.D., studied "the structure and content of the mental models used by hackers and to what extent different factors are instrumental in shaping the acquisition, maintenance, and use of mental models critical for hacking."

The new cs.github.com search allows for regex, which means brand **new** regex GitHub Dorks are possible! Eg, find SSH and FTP passwords via connection strings with: /ssh:\/\/.*:.*@.*target\.com/ /ftp:\/\/.*:.*@.*target\.com/ I couldn't find the author #bugbounty

Ukraine is risking WW3 by shooting down an innocent Russian cruise missile on its way to denazify a childrens playground.

1995: PHP is dead, learn ColdFusion 2002: PHP is dead, learn ASP​.net 2003: PHP is dead, learn Django 2004: PHP is dead, learn Ruby on Rails 2010: PHP is dead, learn Flask 2011: PHP is dead, learn AngularJS 2016: PHP is dead, learn Next.js 2022: okay this is awkward

Life Magazine, April 1910

The hardest problem in computer science is knowing if it's <command> --help <command> -h <command> help or man <command>

No plans after work on October 13th? 🗓🤔 Come join us for an After Work Special with @SilverskinSec on Thursday 13.10.✨ Check out the full agenda & enroll here⬇️ meetup.com/women4cyber-finla…