Joined October 2010
- Tweets 19,249
- Following 578
- Followers 74,002
- Likes 12,171
8,627 Photos and videos
Web applications optimize every business operation, and they are still one of the most common paths attackers use to break in. To fix a flaw, you need structure:
Recon ➡️ Map ➡️ Discovery ➡️ Exploit ➡️ Report
🏋️ Watch the course preview: go.sans.org/1wDt1I
2
12
969
📢 #RedTeamers! Our #SEC565 course received updates focusing on the practical use of large language models and many types of AI to support adversary emulation, offensive tooling, CTI analysis, and command-and-control operations.
Read the syllabus 👉 sans.org/cyber-security-cour…
1
11
43
4,007
OWASP is more than a Top 10 list.
Jul 9, see how OWASP resources become a full web app pentest workflow: recon, scanning, Burp, DefectDojo and AI-assisted reporting.
🔗 go.sans.org/MiKNnD
#OWASP #AppSec #PenTesting
4
14
851
🧐 Vulnerability spotted.
🤯️ It looks critical.
😮💨 You can’t prove it.
😒 It ends up in a report unverified… ignored.
#SEC543 teaches how to move from code analysis to confirmed exploits with reproducible evidence.
😎 Change starts with you: go.sans.org/LjSV2e
2
10
583
🚨 New course alert! #Pentest enterprise AI systems from an adversary perspective. Abuse agents, steal weights, and more.
#SEC536 Adversarial AI - Penetration Testing AI Systems makes its Beta debut at #SANSFIRE.
Join @OSTact13 in person or virtually!
👉 buff.ly/e0QRYj4
1
9
25
2,641
From entry points to memory tricks, this #SEC670 poster created by @jon__reiter gives you the foundations for Windows tool dev.
BONUS! Can you spot the bug?
🔎🐞sans.org/posters/introductio…
10
958
💜 🗞️ In this episode of #TheWeeklyPurpleTeam, @BriPwn is going deep on credential access and AV evasion. He walks through how attackers use MorphKatz to morph KsLKatz, and how defenders can spot indicators left behind when KSLKatz is used.
👉️ Watch: buff.ly/zLv1FNC
3
909
Modern defensive stacks demand mature offensive methodology.
#SEC665 equips military cyber units and advanced #RedTeams with disciplined #OPSEC, and real-world tradecraft required to operate against hardened enterprise and government environments.
🐺 sans.org/cyber-security-cour…
2
9
1,433
🖼️ In #RedTeam operations, understanding how security products communicate inside the #WindowsKernel can be intimidating.
This new #SEC665 poster walks through filesystem minifilters, and WinDbg workflows to give you methodology.
🐲🪽 go.sans.org/LpQ6s5
5
13
1,301
“Modern pentesting demands hybrid fluency, on-prem, cloud, and everything in between. This update bridges the gap, giving professionals the mindset and technical depth to emulate real adversaries and strengthen organizational defenses.” Jeff McJunkin
🏹 sans.org/sec560
3
5
713
Modern attackers use AI, automation, and stealthier techniques than ever.
#SEC504 teaches you how they operate — and how to stop them — with skills you can apply immediately.
🛠️ Learn more: go.sans.org/vQDGZo
1
4
689
🪙,🪙,🪙! Shiny metal, bragging rights! 😎💬 ❤️🔥 #CoinAPalooza is BACK! This is your chance to earn your missed #SANSOffensiveOperations coin.
Register for the renowned #CoreNetWars tournament at #SANSFIRE to score up to FIVE coins! 🔥 buff.ly/sSdMBNS
#RedTeam
1
4
1,015
💜🗞️ In this episode of #TheWeeklyPurpleTeam, @BriPwn will walk you through how attackers can abuse OpenClaw as a command-and-control mechanism.
Ready to get your claws dirty? Watch the episode!
👉youtube.com/watch?v=9eG4ToLa…
3
5
2,102
Through #35 hands-on labs, you will practice finding and exploiting vulnerabilities such as SQL injection, XSS, deserialization bugs, SSRF, and file inclusion, then communicate business impact to stakeholders.
🕸 Register here: go.sans.org/1wDt1I
4
16
1,469
Most vulnerabilities are buried in logic flaws, auth failures, and complex workflows.
The new course #SEC543, co-authored by Ed Skoudis, Joshua Wright, Chris Davis, and Evan Booth, was built to help you uncover what automated scanners don't detect.
🪄 go.sans.org/LjSV2e
3
862
Need to start understanding C for Windows? We got you.
This new #SEC670 poster by @jon__reiter breaks down core concepts from pointers to pitfalls.
But here’s the real test: spot the 🐛 and earn your place in the Hall of Fame!
May the source be with you 👊 sans.org/posters/introductio…
17
1,215
Are you noticing your #tradecraft becoming less effective? Are your techniques getting #detected more often? What used to work doesn’t anymore. #SEC665 prepares you for what lies beneath the roots.
🌳 Take your next step: sans.org/cyber-security-cour…
1
4
691
What does AI-enabled pen testing find on a codebase your team already cleared? @EdSkoudis and his team ran that experiment. Day one: 5 critical vulnerabilities. And he estimates 20-40x the current vuln volume is coming within the year.
Full methodology: go.sans.org/7TWDpY
1
2
16
1,607