Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...
Joined December 2011
- Tweets 12,211
- Following 601
- Followers 20,651
- Likes 22,875
1,031 Photos and videos
Pinned Tweet
2 Sep 2025
As an engineer, I ❤️ clever engineering.
Ruby on Rails relies on signed sessions (AES GCM). They are secure, but there is a catch: you cannot invalidate them early. You have to wait for expiry. Workarounds exist, like caching sessions you want to kill, but nothing universal.
2
8
53
12,856
Jun 13
If you think deep technical expertise doesn’t matter anymore thanks to AI, you’re kidding yourself.
The people getting the most out of AI are usually the ones who already understand the technology well enough to spot mistakes, ask better questions, and validate the answers.
2
8
535
Jun 10
You may not like it, but this is what peak software engineering looks like:
bellard.org/
14
28
324
24,245
Jun 10
Interesting times:
* Time from advisory to exploit keeps shrinking.
* Supply-chain attacks prevent from immediately deploying every update.
I have never been a big fan of WAFs. They always felt like expensive speed bumps.
But maybe we need expensive speed bumps more than ever.
1
4
832
Jun 10
Mythos was mostly...
56%
Marketing
44%
Marketing
9 votes • Final results
4
356
Jun 6
Astalavista
Anyone who surfed the early web between 1995-2010.
What’s the one website/app you still think about?
1
648
Louis Nyffenegger retweeted
May 28
🚨 SPEAKER ANNOUNCEMENT — BSides Porto 2026
Welcoming @snyff with the talk: 𝙄 𝘿𝙊𝙉'𝙏 𝙇𝙄𝙆𝙀 𝙏𝙃𝙄𝙎 𝘾𝙊𝘿𝙀!!! Test your "spidey sense" in a game to spot code flaws in 1 minute and build a systematic review checklist! 🕷️
#BSides #AppSec #Hacking #CyberSecurity
2
8
483
Louis Nyffenegger retweeted
May 22
The lab was awesome, glad to have the privilege to showcase it on my channel! Thank you for the shoutout @PentesterLab 🔥
May 22
If you want to check what our latest JavaScript Sandbox Escape labs cover, make sure you watch this video from @zerodaygym :
youtube.com/watch?v=P7naqW18…
5
17
6,902
Louis Nyffenegger retweeted
May 22
And we just released another 4 labs for this badge: pentesterlab.com/badges/java…
May 22
If you want to check what our latest JavaScript Sandbox Escape labs cover, make sure you watch this video from @zerodaygym :
youtube.com/watch?v=P7naqW18…
2
21
4,145
Louis Nyffenegger retweeted
May 13
🚨 NEW WORKSHOP - @bsidesporto 2026 🚨
Louis Nyffenegger @snyff (@PentesterLab) joins @bsidesporto with:
💥 Security Code Review - Workshop
Hands-on training covering:
• Secure code review and more
📍 Porto, Portugal
📅 June 26–27, 2026
#BSidesPorto #AppSec #CodeReview
1
3
8
537
Louis Nyffenegger retweeted
May 1
Coding agents made experimentation free.
That changes how appsec teams should buy tools.
New blog post from @snyff:
pentesterlab.com/blog/vibe-b…
1
9
1,589
May 1
Most teams call vendors before they understand their own problem. They get pitched, they buy, they regret.
Now, you can easily Vibe code something first.
It teaches you what to ask, what you really need and so much more...
"Vibe before you buy!"
pentesterlab.com/blog/vibe-b…
7
426
Louis Nyffenegger retweeted
Apr 28
New badge: JavaScript Sandbox Escape!
The first 4 labs are live.
If you ship anything that evaluates untrusted or model-generated JavaScript, this badge is for you:
pentesterlab.com/badges/java…
1
2
16
2,199
Louis Nyffenegger retweeted
Apr 28
Unprompted.au website is live and initial tickets are available: unprompted.au/
14
27
24,437
Apr 27
Ready for the Big4 Olympics!
Apr 26
An officially amazing outfit ✨ Boudewijn Dominicus ran the fastest marathon wearing a suit and dress shoes (male) in 3:21:42 🤩#LondonMarathon @LondonMarathon
ALT a man in a suit and dress shoes receives the guinness world records certificiate
3
738
Apr 27
"Writing an exploit in 2018 took 2.3 years. Now, thanks to LLM, it only takes 10 hours"
zerodayclock.com/
Tell me you cannot understand a graph without telling me you cannot understand a graph...
3
2
32
6,138
Louis Nyffenegger retweeted
Apr 16
Going to BSides Groningen?
Find @snyff grab some @PentesterLab swag (t-shirt, stickers, keyring) maybe a book.
First come, first served.
2
5
1,470