rezaduty

Stop Googling cybersecurity skills. +499 infosec skills, structured paths, career mapping; all in one place. This is how you actually learn. career.hadess.io #infosec #job #career

Continuous Delivery Security Labs 2026 open.substack.com/pub/devsecopsg… 🔥 Start engineering your career → career.hadess.io #githubactions #argocd #devsecops #devops #cd #github

Cybersecurity Career Coach that Turns Rookies into Pros. After 7+ years creating content and collaborating with top security engineers & researchers, we've seen the same gaps over and over: How to actually start and How to keep growing we built: career.hadess.io #job

CVE-2025-9959: smolagents Python Sandbox Escape hazardlab.substack.com/publish/post/1… Python sandbox implementations often focus on blocking dangerous attribute access patterns like `obj.__class__` but forget that the same introspection is achievable through method invocation. #python #cve

Last Friday at @BlackAlpsConf 2025, @noraj_rawsec explored the hidden security challenges of #Unicode 🎤 With 1,000+ pages of specs, even small mistakes can become attack vectors. Dive into the details 👉 synacktiv.com/ressources%253…

I’ve been hunting on H1 for almost 3 years, ranked #18 in 2025, have always tried to contribute positively to the hacker community. I’ve earned around $500k in bounties and was on the road to $1M. Yet I don’t even have HSM, and I feel I haven’t been recognized as I should 1/4

𝗦𝗲𝗰𝘂𝗿𝗲 𝗯𝘆 𝗗𝗲𝘀𝗶𝗴𝗻 𝗥𝗲𝗮𝗹‐𝗧𝗶𝗺𝗲 𝗖𝗼𝗺𝗺𝘂𝗻𝗶𝗰𝗮𝘁𝗶𝗼𝗻 — 𝗔𝘁𝘁𝗮𝗰𝗸 & 𝗗𝗲𝗳𝗲𝗻𝘀𝗲 𝗣𝗹𝗮𝘆𝗯𝗼𝗼𝗸 open.substack.com/pub/devsecopsg… Donald 👱‍♂️, a developer and chaos wrangler, watched PacketPete, our mischievous red-teamer, go wild on his real-time stack 👇

NEED YOUR HELP! My Friend/Teacher Soroush (@irsdl) Is looking for a new company to join, you know him as the .NET-God, the guy who has popped exchange, sharepoint, has maintained ysoserial_.net for years, contributed to the exploitation scene numerous times, taught all of you about what .net ghost webshells are, taught you about what viewstate exploitation is, how .net remoting exploitation issues can be solved, iis cookieless, web_config exploitation, countless of blogs, talks, techniques,... but companies keep saying: "we aren't hiring right now!" if i was in position of hiring, woudln't wanna miss out on having one of THE BEST in my team you're retweet is Extremely appreciated ❤️‍🔥 soroush, if you see this, don't hate me, had to do it without telling you

𝗦𝗲𝗰𝘂𝗿𝗲 𝗯𝘆 𝗗𝗲𝘀𝗶𝗴𝗻 - 𝗘𝘅𝗲𝗰𝘂𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝗙𝗶𝗹𝗲 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 open.substack.com/pub/devsecopsg… Syd, a senior Spring developer, trusted her file upload service with basic extension validation. "Only .pdf and .jpg files allowed," she thought. #appsec #devsecops

Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) willsroot.io/2025/09/ksmbd-… Cheers to @u1f383 for finding these CVEs + the OffensiveCon talk from gteissier & @laomaiweng for inspiration!

Secure by Design Frontend Security open.substack.com/pub/devsecopsg… Imagine Frontend used dangerouslySetInnerHTML to render user comments without sanitization. An attacker crafted malicious JavaScript that stole authentication tokens from other users' browsers. Learn more 👇

𝗔𝗰𝗰𝗲𝘀𝘀 𝗖𝗼𝗻𝘁𝗿𝗼𝗹 𝗠𝗶𝗱𝗱𝗹𝗲𝘄𝗮𝗿𝗲 𝗣𝗹𝗮𝘆𝗯𝗼𝗼𝗸 open.substack.com/pub/devsecopsg… Imagine zero trust applied only to north-south traffic. East-west service calls trusted cluster networks implicitly. Learn more 👇

𝗦𝗲𝗰𝘂𝗿𝗲 𝗯𝘆 𝗗𝗲𝘀𝗶𝗴𝗻 - 𝗪𝗲𝗯 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 & 𝗔𝗣𝗜 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆  open.substack.com/pub/devsecopsg… The panic began. It wasn't the new API. Learn more 👇

𝗦𝗲𝗰𝘂𝗿𝗲 𝗯𝘆 𝗗𝗲𝘀𝗶𝗴𝗻 - 𝗔𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 open.substack.com/pub/devsecopsg… #appsec #authentication #identity #security #devsecops #bugbountytips #oauth #oidc

Behavioral Intelligence - BEHINT Ever heard of stealing conversations from a lightbulb? turning desk lamp vibrations into crystal-clear audio. Pure side-channel magic from Ben-Gurion's mad scientists. full analysis: open.substack.com/pub/redteamgui… #osint #redteam #ai #behint

Java Spring Bug Hunter's Secure Coding Playbook open.substack.com/pub/devsecopsg… #appsec #java #productsecurity #spring #springsecurity #devops #devsecops #bugbountytips

𝗔𝗪𝗦 𝗣𝗿𝗼𝗮𝗰𝘁𝗶𝘃𝗲 𝗗𝗲𝗳𝗲𝗻𝗰𝗲: 𝗧𝗵𝗲 𝗔𝗿𝘁 𝗼𝗳 𝗪𝗮𝗿 𝗶𝗻 𝗖𝗹𝗼𝘂𝗱 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 open.substack.com/pub/devsecopsg… #aws #cloud #redteam #devops #devsecops

AI For OSINT - Texture Intelligence Read the full analysis: lnkd.in/dYakXZSf The Pentagon leaks weren't solved by cyber forensics—they were cracked by GRANITE PATTERNS. #ai #osint #redteam #pytorch #generativeai

𝗖𝗼𝗻𝘁𝗮𝗶𝗻𝗲𝗿 𝗢𝗦 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗣𝗹𝗮𝘆𝗯𝗼𝗼𝗸 open.substack.com/pub/devsecopsg… Maya 👩‍💻 was about to docker pull redis:latest when her security scanner screamed - the image contained 47 critical vulnerabilities and suspicious network activity! #devops #devsecops #containers

Container Attack & Defend open.substack.com/pub/devsecopsg… #container #devops #devsecops #redteam #eks #kubernetes #docker