s0mm3r

All solutions for all Portswigger Web Security Academy labs in one channel. And more than 70 Write-Ups. sommercode.gitbook.io/web-security-a… @Michael10Sommer" target="_blank" rel="nofollow noopener">youtube.com/@Michael10Somm…

The FLARE team now freely distributes its quality reverse engineering and malware analysis educational content at github.com/mandiant/flare…. Launched with: - Malware Analysis Crash Course - Go Reversing Reference - Intro to TTD

@sflorimm Nothing?

USA has ChatGPT USA has Grok USA has Claude USA has Gemini USA has Llama USA has Copilot China has DeepSeek China has Qwen China has Ernie China has GLM China has Kimi China has MiniMax Europe has?

I have created and uploaded all the videos for the Server-Side Template Injection labs. There are also write-ups. Check out the links. @PortSwigger @WebSecAcademy Write-ups: sommercode.gitbook.io/web-security-a… Videos: youtube.com/playlist?list=…

I recreated all the XXE Injection labs and added them to the playlist: @Michael10Sommer/playlists" target="_blank" rel="nofollow noopener">youtube.com/@Michael10Somm… The write-ups are here: sommercode.gitbook.io/web-security-a… @PortSwigger @WebSecAcademy

@thedawgyg @payloadartist I can well imagine that these discussions are taking place right now. But what would be an alternative? I think there must be a middle ground, because valid vulnerabilities remain valid vulnerabilities, regardless of whether they’re found by an AI or a hunter.

I think AI is going to cause bounty amounts to be lowered significantly when its mostly AI finding the vulns. Companies are going to have to make up for the huge loss of time/wages they are currently experiencing from the flood of AI reports (valid and invalid), and companies aren't going to be able to afford to keep paying 5 figure bounties for every critical. Especially since vibe coding introduces so many more vulns. I already know of several companies that are having these meetings right now to figure out whether to lower the bounty amounts or not, and some are thinking about removing the bounties all together to dissuade people from flooding them with AI generated reports hoping for a bounty,.

Will the new era of #bugbounty hunters be able to manually find bugs if Claude suddenly hikes the pricing 5x?

@Burp_Suite false“} 0“} carlos“}

Finish the sentence: {"isAdmin":"

@AL_Nick_ @claudeai That would be too easy.

@claudeai If Claude Code is capable of fixing security issues in a codebase why can't he write secure code from the start

Introducing Claude Code Security, now in limited research preview. It scans codebases for vulnerabilities and suggests targeted software patches for human review, allowing teams to find and fix issues that traditional tools often miss. Learn more: anthropic.com/news/claude-co…

@claudeai Does it mean, when the AI does not found any vulnerability, then, there is no vulnerability? That feels strange. 🤔

I am pleased to announce the publication of the sixth article in the Exploiting Reversing Series (ERS). Titled "A Deep Dive Into Exploiting a Minifilter Driver (N-day)", this 251-page article provides a comprehensive look at a past vulnerability in a mini-filter driver: exploitreversing.com/2026/02/11/exp… It guides readers through the entire investigation process—beginning with binary diffing and moving through reverse engineering, deep analysis and proof-of-concept stages into full exploit development. I hope this serves as a valuable resource for your research. If you enjoy the content, please feel free to share it or reach out with feedback. Have an excellent day!

Web security isn't just for security practitioners. It's essential for everyone involved in the web ecosystem. 🌐 Explore the world of web security and learn about real-world vulnerabilities! 30+ Topics, 100+ Labs. portswigger.net/web-security/a…

I have created and uploaded all the videos for the HTTP Request Smuggling labs. There are also write-ups. Check out the links. @PortSwigger @WebSecAcademy Write-ups: sommercode.gitbook.io/web-security-a… Videos: youtube.com/watch?v=puOXwH…

I have created and uploaded the videos for the Prototype Pollution labs. There are also write-ups. Check out the links. @PortSwigger @WebSecAcademy Write-Ups: sommercode.gitbook.io/web-security-a… Playlist: youtube.com/playlist?list=…

CHINESE HACKERS USED CLAUDE FOR NEARLY-AUTONOMOUS CYBERATTACKS! AI-based espionage campaign by Chinese state-sponsored group. AI handled 80–90% of operations: reconnaissance, vulnerability discovery, exploitation, credential harvesting, lateral movement and data exfiltration. It executed tasks at superhuman speed, mapped networks, built payloads and extracted intelligence with little oversight. "AI hallucination in offensive security contexts presented challenges, remains an obstacle to fully autonomous cyberattacks" assets.anthropic.com/m/ec212e6566a0…

I have created and uploaded the videos for the Prototype Pollution labs. There are also write-ups. Check out the links. @PortSwigger @WebSecAcademy Write-ups: sommercode.gitbook.io/web-security-a… Playlist: youtube.com/watch?v=wgFPpz…

@elonmusk … and for you, I hope that you will once again focus on the things that have brought you your incredible wealth.

Only AfD can save Germany

@elonmusk No! That’s not correct. You can’t solve complex problems in one sentence, but that’s the way how the AFD tries to solve problems. And of course, Donald Trump tries that too. I really hope that the US does not suffer total damage after Donald Trump …

@0xor0ne Hi, what is the split between remote and on-site work? Can you give me any details about that?

Apple SEAR is hiring offensive security researchers! We’re looking for talented researchers across multiple areas of security. Check out the job description here: jobs.apple.com/en-us/details/… If you’re interested in low level systems like RTOS, firmware, coprocessors, embedded components, or microkernels, my team would especially like to hear from you. Feel free to reach out if you have any questions. #infosec