A-a-ron Guzman

⚒️ Tune in to Hardware Vulnerabilities: Lessons from the Vendor Frontlines, where vendors spill the truth and the hardware spills…well, vulnerabilities. #hw_ioNL2025 is wide awake now! On Panel: Adam Laurie, Aaron Guzmann and Sebastian Paul Avarvarei. 👉hardwear.io/netherlands-20…

When hardware sneezes, the whole system catches a cold🤧 Join Aaron Guzmann, Adam Laurie & Sebastian Avarvarei at #hw_ioNL2025 as they share frontline vendor stories—and reveal what never to do when your chips start behaving strangely 👉hardwear.io/netherlands-20… #Panel #hardware

Here’s the second half of our Friday lineup at @DEFCON – and it’s just as stacked. 🔥 @DaneSherrets, @Shlibness, @mgianarakis, Jordan Macey, @CryptoGangsta, @scriptingxss, @nytr0gen_, @erbbysam, and @BrunoModificato. See you there. 👀 #BugBounty

Excited to share the bounty & VDP evolution story with a sneak peek into the massive opportunities we're cooking up for our researcher community 🧑‍🍳 Real program data, real researcher, & business impacting outcomes🚀 we’re running a WiFi 7 program now🛜 #DEFCON #bugbountyvillage

Don't miss "To Pay or Not to Pay? The Battle Between Bug Bounty & Vulnerability Disclosure Programs" by Aaron Guzman (@scriptingxss) on Friday, August 8 at 04:00 PM inside the Village. Read more at bugbountydefcon.com/agenda #BugBounty #DEFCON33

We’re excited to announce that Aaron Guzman (@scriptingxss) will be speaking at the Bug Bounty Village at DEF CON 33! Stay tuned for more details on their talk, you won’t want to miss it. #BugBounty #DEFCON #BBV #BugBountyVillage

Presented at @owasp Global SF this week on the IoT security testing guide (ISTG) project released earlier this year 👏 it was awesome to connect with old friends and learn of their perspectives for the future. Amazing event! 🤩

Come learn about OWASP ISTG from Luca and I 😎

Strengthen Enterprise Security Through Collaboration at Planet Cyber Sec AppSec SoCal! Join Omar Minawi, @scriptingxss, Shelby Pace and Natalya Krecker for "How to Win Friends and Influence Trust: Reducing API AuthZ Risks Through Collaborative Defenses." Discover: - Power of security and API team collaboration - Leveraging security research community - Overcoming API testing challenges - Collaborative defense strategies Gain insights to mitigate API AuthZ risks and promote a security-centric culture. planetcybersec.com/061224-confere… #PlanetCyberSec #AppSecSoCal #AppSec #CyberSecurity #APIAuthZRisks #CollaborativeDefenses

Introductions are happening for the State of {Absolute} AppSec panel at @LASCONATX. Joining @cktricky and @sethlaw are @ejcx_ , @wickett, and @scriptingxss. Hop in to the discussion here: youtube.com/watch?v=g5JJ07…

Aaron Guzman's insightful talk helps us discover OWASP's IoT Security Testing Guide for effective penetration tests and dive into robust methodologies and tools. #PlanetCyberSec #AppSecSoCal #AppSec #infosec #IoTSecurity @scriptingxss

Thank you for your support and dedication to IoT security. Together, we can make a difference. 💪🌐

Whether you are an experienced IoT security tester or someone passionate about ensuring the security of connected devices, your contributions are highly welcome. Join us in this collaborative effort to strengthen IoT security testing practices and make a positive impact!

We are excited to announce that the “IoT Security Testing Guide” project is ready for peer review! 🎉🔬Your expertise and insights play a crucial role in improving the guide’s quality and relevance. owasp.org/www-project-io…

📖 Penetration Testing Findings Repository A collection of Active Directory, phishing, mobile technology, system, service, web application, and wireless technology weaknesses that may be discovered during a penetration test By @CISAgov #cybersecurity github.com/cisagov/pen-te…

🗒️ @OWASP Kubernetes Top 10 Broken down into 3 categories in order of likelihood: 1️⃣ Misconfigurations 2️⃣ Lack of visibility 3️⃣ Vulnerability management Risks, mitigations, and lots of relevant tools By @sysdig sysdig.com/blog/top-owasp…

30 cybersecurity search engines for researchers: 1. Dehashed—View leaked credentials. 2. SecurityTrails—Extensive DNS data. 3. DorkSearch—Really fast Google dorking. 4. ExploitDB—Archive of various exploits. 5. ZoomEye—Gather information about targets.