∂ετϒ

We uploaded a backdoored AI model to @HuggingFace which we could use to potentially access other customers’ data✨ Here is how we did it - and collaborated with Hugging Face to fix it 🧵⬇️

With #kubernetes network policies and CNIs like @ciliumproject, its possible to do a bunch Layer7 policies. You can use net-policies to: - Restrict access to API endpoints on a Web Service - Restrict certain types of queries on Cassandra - Restrict resolution of certain DNS FQDNs

🚀 Application Security Through the Lens of Developer Experience @chanjbs on how modern AppSec should embrace a Developer Experience (DevEx)-focused approach #cybersecurity linkedin.com/pulse/applicat…

The team at @OpenAI just fixed a critical account takeover vulnerability I reported few hours ago affecting #ChatGPT. It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing it. Breakdown below 👇

I hacked into a @Bing CMS that allowed me to alter search results and take over millions of @Office365 accounts. How did I do it? Well, it all started with a simple click in @Azure… 👀 This is the story of #BingBang 🧵⬇️

@activeOtwo ❤️

Back in the days als mich die "Dokumentenverwaltung" der Uni so genervt hat dass ich eine eigene gebaut habe

ChatGPT and Bard is phenomenal AI. But try these 13 new AI websites to finish hours of your work in minutes:

@activeOtwo Kg=h

Auf wie viele Stunden verteilt sollte man eine Dose Haribo Phantasia essen frage für einen Freund

@mario_moreira @SergioRocks That's what Netflix did (based on books/stories): the management was encouraged to take as much vacation as possible and (more importantly) talk a lot about it and even show photos around.

@SergioRocks For that to work, the top management has to give the example. They should take more vacations and be able to "disconnect" when they are in vacations. That old "lead by example" thing :)

Microsoft is rolling out Unlimited Vacation for US employees. This looks like a great idea. But unfortunately it's not. I've implemented Unlimited PTO in the past, and observed that people feel guilty and end up taking fewer days off. Other CTOs experienced the same pattern.

CISO MindMap 2022. What do #infosec professionals really do? Next time someone asks this question, this is your answer! #CyberSecurity #informationsecurity #riskmanagement #CISO #MindMap rafeeqrehman.com/2022/04/24/cis…

I just published a post on Medium about the most relevant vulnerability I have found in my life so far. "Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned)": @jacopotediosi/worldwide-server-side-cache-poisoning-on-all-akamai-edge-nodes-50k-bounty-earned-f97d80f3922b" target="_blank" rel="nofollow noopener">medium.com/@jacopotediosi…

I hacked a gaming company this year. Here's how I did it:

Every org I talk to feels that they're messing up their Security Champions program. What you should do instead? - Get them continuous training - Don't blame them - Incentivize them. Remember, they're going beyond the call of duty - Get feedback from them. Its a two-way street

Found this gem today on How to start an AppSec Program with the @owasp Top 10 owasp.org/Top10/A00_2021…

@SonarSource Incredibly creative attack and excellent write-up 👌

Our security researchers discovered a technique that allows attackers to disclose sensitive information from Python applications using the popular Django framework. Learn more in our technical analysis: blog.sonarsource.com/disclosing-inf…

@abhaybhargav #Python for quick scripting and automation. #Go as it's the current standard for Kubernetes, HashiCorp, etc.

What's the best programming language to learn for a career in #infosec? Literally any language. Whatever's most comfortable for you to learn. Or none. There are enough infosec jobs that don't ever need you to code. #nogatekeeping

Open redirect vulnerability and how to use it "correctly" in bug bounty 🙃 link.medium.com/ftOSGKkZtqb