Carl Sampson

New post: Use-After-Free vulnerabilities — what they are, how they're exploited, and how to find them with ASan, libFuzzer, and CodeQL. Includes real CVEs from Chrome and the Linux kernel. chs.us/2026/03/use-af… #appsec #security #memorysafety

New post: CVE-2026-27696 — SSRF in changedetection.io via URL validation bypass. Default installs have no auth, and the server will happily fetch your AWS metadata endpoint. Root cause, attack scenario, and the TOCTOU problem most URL validators miss. chs.us/2026/02/ssrf-c…

I met @wtm_offensi years ago and so glad to see him getting a spotlight blog post. He’s a super talented researcher and overall great person to have a convo with. I highly suggest giving the blogpost a read!

“You don’t pick the bugs. The bugs pick you.” Meet Wouter (@wtm_offensi), Microsoft MVR and Zero Day Quest 2026 qualifier, and read his security research journey: msft.it/6016QHeaC

Day FOUR of FIVE days of celebrating our 2 year ARCANUM-VERSARY! @arcanuminfosec 5th Giveaway = FOUR seats to our ONE OF A KIND course on using AI to scale you as a Red, Blue, or Purple Teamer: !! Red Blue Purple AI !! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! Syllabus link below 👇

Day TWO of FIVE days of celebrating our 2 year ARCANUM-VERSARY! @arcanuminfosec 3rd Giveaway = FOUR seats to our new course by @the_IDORminator "Zero to [BAC] Hero" ! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! Syllabus link below 👇

To help celebrate @arcanuminfosec Information Security's two-year anniversary, @Jhaddix gave me 5 codes good for any Arcanum course to give away! Winners will be announced on 1/22. 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries!

Just finished up a great first day at #AmericaFest!

Any chance of getting a picture with you at AmericaFest, @JesseBWatters? It’s my wife’s birthday this weekend and she chose for us all to go to Phoenix for her birthday! Would be a great birthday present. :)

@JesseBWatters - my wife and I are huge fans. Any chance she can get a picture at AmericaFest? She turns the big 5-0 on Sunday!

@vxunderground @mrd0x @MalDevAcademy I would love one.

Giveaway. Thank you @mrd0x for sponsoring this. We've got FIVE @MalDevAcademy vouchers. These vouchers are bundles. This vouchers give you: - Full access to malware source code database - Full access to malware development course Comment below for a chance to win.

Join me on Polymarket polymarket.us/5933

@_0b1d1 Pdf

🌐 Web Attacks — Professional Overview Web attacks exploit weaknesses in web applications, servers and APIs to gain unauthorized access , steal data, or disrupt services.

@_0b1d1 Pdd

If you find yourself near one of these they are amazing!!!! bosschicknbeer.com #Cleveland

chs.us/2025/11/writin… #ssrf #xss #sqli #python

@SendOwlHQ Book

E-books are easy to sell. Most people just don't know how. So we wrote a complete e-book to teach you how to sell e-books. And for the next 24 hrs, it's FREE of charge! To get it, simply: 1. Like this 3. Reply "BOOK" 3. Follow us (to receive DM)