Security researcher at Crosspoint Labs. AppSec. Tweets are my own and do not express the opinion of my employer. OWASP. retire.js
Joined January 2008
- Tweets 11,205
- Following 2,288
- Followers 3,717
- Likes 11,148
444 Photos and videos
Erlend Oftedal retweeted
Feb 12
New year, new me! There's a 2026 now, BSides Oslo 2026 that is. October 29th at Vulkan Arena. Information on tickets, CFP and all the rest to come.
3
4
455
6 Dec 2025
The call for papers for NDC Security ends tomorrow. Come do your talk in Oslo: ndcsecurity.com/call-for-pap…
291
25 Nov 2025
What do you call unexpected vibe code written by accidentally clicking the link above a TODO in VSCode? (asking for a friend 😬)
Wild code? Shadow vibes? Schrödinger's code because you don't know it's there until you look? Spanish inquisition code because it wasn't expected?
50%
Wild code
0%
Shadow vibes
0%
Schrödinger’s code
50%
Spanish inquisition code
2 votes • Final results
254
Erlend Oftedal retweeted
12 Sep 2011
A DBA walks into a NOSQL bar, but turns and leaves because he couldn't find a table
15
766
89
Erlend Oftedal retweeted
5 May 2025
It's 2025!
🗓️ We have a date: October 30th.
📢 We have a CFP: forms.gle/M5BfbGpqhdmZL29N6
🌐 We have a website: bsidesoslo.no
4
5
1,071
10 Feb 2025
Reminder that the Call for Presentations for Sikkerhetsfestivalen (The Security Festival) is open. OWASP Oslo is hosting an AppSec track. Scroll down the page for English version:
sikkerhetsfestivalen.no/alle…
373
Erlend Oftedal retweeted
24 Jan 2025
I've made a new Azure DevOps extension that runs Retire.js as part of a build pipeline. Retire.js will detect vulnerable JavaScript libraries in your code. All credits go to @webtonull for building this amazing scanner. Get the extension here: marketplace.visualstudio.com…
1
1
2
270
Erlend Oftedal retweeted
18 Jan 2025
⚠️ Developers, please be careful when installing Homebrew.
Google is serving sponsored links to a Homebrew site clone that has a cURL command to malware. The URL for this site is one letter different than the official site.
242
2,426
10,943
1,355,354
6 Jan 2025
The CFP for the developer conference NDC Oslo closes today. Security talks of course also very welcome.
ndcoslo.com/call-for-papers
2
6
633
28 Oct 2024
#BallonDor
Caroline Graham Hansen: 32 goals, 28 assists, average score 8.4
Aitana Bonmati: 19 goals, 18 assists, average score 8.0
Ok…
1
3
949
19 Oct 2024
Back when I found an XSS in the Wifi Pineapple admin GUI by creating a wifi called "</textarea>" XSS vector 😅
7
663
Erlend Oftedal retweeted
19 Sep 2024
new blogpost time!!
this one's a fun writeup on a vulnerability chain i found across multiple google services that earned me a $4133.70 bounty
lots of fun css as usual! i had to recreate a bunch of drive/docs/gmail/youtube UIs c:
have fun!
lyra.horse/blog/2024/09/usin…
19
166
745
70,701
13 Sep 2024
The CFP for NDC Security in Oslo, Norway is about to run out! Submit your talk today!
ndc-security.com/call-for-pa…
1
246
Erlend Oftedal retweeted
13 Aug 2024
Ticket sales for BSides Oslo 2024 just opened at letsreg.com/no/event/bsideso….
3
2
818
Erlend Oftedal retweeted
7 Aug 2024
Not to mention the staff like Kelly and Dawn and some of the old school folks like Laura Grau and Kate Hartmann. They were amazing and held so much together for what was basically a community of misfits trying to do good work!
1
1
3
242
7 Aug 2024
Great research from Gareth! You should be really restrictive in which characters you allow in email adresses. Ignore the RFC and restrict to what you actually need (allow as few special chars as possible)
7 Aug 2024
Everyone knows that the RFCs for email addresses are crazy. This post will show without doubt that you should not be following the RFC.
portswigger.net/research/spl…
2
383
Erlend Oftedal retweeted
26 Jul 2024
How's your summer? Come up with any swell ideas? Our CFP is still open, and you have until August 11 to submit it docs.google.com/forms/d/1K3H…
5
3
1,473
10 Jul 2024
You’re welcome, Southgate
6 Jul 2024
1
3
426