Joined May 2012
- Tweets 209
- Following 1
- Followers 1,607
- Likes 33
5 Photos and videos
17 Apr 2025
Do you use or exploit WebSockets? Check out our new blog post to see how modern browsers may (or may not) be protecting you from Cross-Site WebSocket Hijacking!
blog.includesecurity.com/202…
2
5
15
1,005
15 Apr 2025
See you all at BSidesSF later this month! @IncludeSecurity will be there with a lot of our team!
Thank you to @IncludeSecurity for sponsoring the lanyards at BSidesSF 2025!
bsidessf.org/sponsors
#bsidessf #BSidesSF2025 #infosec
2
272
1 Apr 2025
Today our team at IncludeSec is releasing a site to help with key collision concerns. We've known for a while that private keys should not be shared, use this site to ensure they are not! ismyprivatekeypublic.com/
2
3
565
13 Mar 2025
New research🤩 on old tech👴! Our team's latest blog post demonstrates many ways memory vulnerabilities can occur in your legacy Delphi code despite being described as a "memory safe" language by the NSA.
blog.includesecurity.com/202…
2
4
267
6 Feb 2025
It's winter, so hacking space heater IoT devices to completely control their firmware seems like the thing to do! In our latest blog post, you'll see some of the things we do for our IoT/HW clients!!
blog.includesecurity.com/202…
3
4
395
21 Jan 2025
Hey folks, for those who like the HTB community we've done a collab contribution of a challenge box (free, no subscription needed), give it a spin if you like to hack the hackers! 🪓 👩💻
hackthebox.com/machines/back…
Hint: It's a tough box, check our github and our blog for info.
2
199
7 Dec 2024
We're happy to sponsor great learning resources like @OpenSecTraining, the world is awash with a lot of bad training/certs, here's some courses that are solid and open/free!😀
6 Dec 2024
As the year comes to a close, we want to once again thank all of the individual and corporate donors who generously contributed to #OST2's nonprofit mission this year! You help ensure that OST2 will be around for years to come!
ost2.fyi/Partnership.html
Platinum Partners:
@TrustedComputin
ost2.fyi/Sponsorship.html
Gold Sponsors & Windows Security Track sponsor Winsider Seminars & Solutions (@yarden_shafir & @aionescu)
Gold Sponsors:
@3mdeb_com
@binarly_io
@crowdfense
@DarkMentorLLC
@NCCGroupplc
Bronze Sponsors:
@cyber5w
@IncludeSecurity
And remember that the more Partners and Sponsors we get, the more instructors and classes we can support. So if your company sponsors conferences, you should ask them to sponsor OST2!
4
350
20 Nov 2024
New blog! Join us as we explore seemingly safe but deceptively tricky ground in Elixir, Python, and the Golang standard library. Well-documented behavior is not always what it appears!
blog.includesecurity.com/202…
1
4
306
18 Sep 2024
Who hacks the hackers? We do!
Our new research on vulns in multiple common C2 frameworks used by netpen and red teams. If you use any of these take a look and patch up.
blog.includesecurity.com/
1
38
118
14,806
11 Jun 2024
It's always great to work on open source security, even better when it helps users who need secure and private access online!
11 Jun 2024
.@OpenTechFund’s Security Lab partner @IncludeSecurity’s security audit of VPN Generator (software that lets anyone provide a VPN to a small group) revealed that the tool only had 4 “low-risk” issues, 3 of which have already been fixed.
Learn more
ow.ly/XPZI50S8P7S
2
493
25 Apr 2024
Fresh blog post for ya;
We introduce coverage-guided fuzzing as a concept to hunt down bugs faster via modification of the Fuzzilli fuzzer from Google Project Zero.
blog.includesecurity.com/202…
4
8
1,971
Include Security retweeted
24 Apr 2024
Check out this @BSidesNYC 0x03 interview by @cybersnacker with Erik Cabetas where he discusses how BSidesNYC is different from the other New York conferences, how he started @IncludeSecurity, and what it's like to consult for #hacker movies.
youtube.com/watch?v=ktk8pxIT…
1
2
445
1 Apr 2024
We released our new semgrep rules today. Given the recent news about executive orders from the Whitehouse, we thought it would be important to flag all of the code that doesn't meet federal standards.
Memory Safety is serious stuff today:
github.com/IncludeSecurity/M…
1
5
10
2,420
4 Apr 2024
We're glad everybody enjoyed our April fool's joke for 2024. See you can be serious about security but also have fun!
200
18 Mar 2024
We're happy to support great open/free security training to get more folks into our industry. If you want to learn low-level RE/hacks/OS check out OST2! ost2.fyi/Home.html
18 Mar 2024
Thanks to @IncludeSecurity for Sponsoring #OST2 at the Bronze🥉 level!
More about them here: blog.includesecurity.com/
1
5
1,359
13 Mar 2024
We're still seeing a lot of Ruby code out there in the tech world. If we see it we hack it! Latest blog post on advanced Ruby deserialization gadget chains for exploitation of application is up
blog.includesecurity.com/202…
5
14
1,114
8 Feb 2024
It’s here folks, here’s an actually deeper dive into the topic of LLM prompt injection; Much more complete than all the fluff you see out there on the topic today. If you like under-the-hood AI context, this one is for you.
blog.includesecurity.com/202…
1
4
4
695
28 Jan 2024
This is why we're thinking through though AI/ML security problems for our clients and the public, thanks for the appreciation @ZanderMackie
27 Jan 2024
I want to thank you for publishing this.
Your blog helped me solidify my thinking that LLMs are like von nuemann computers.
And prompt injection is like a stack smash.
Your suggestions to keep instruction/data separate using the roles APIs is 😍
2
370
Include Security retweeted
27 Jan 2024
One of the better posts on prompt injection I’ve seen.
And this is because it gives actionable advice to developers!
Attack insights without defense is insufficient.
23 Jan 2024
Hey folks, we've been seeing a lot of blogs/linkedin/medium articles covering LLM prompt injection from the angle of the providers, but not many helping the implementers like our clients. Here's our first in a blog series covering that for ML/AI Security.
blog.includesecurity.com/202…
1
2
285