Moritz Sanft

@es3n1n same pls ping if you find one

i need to find a new obsession now that ctfs are deadge

@carste1n That one indeed is a gem. You’ve got good taste;)

@stdoutput Thank you, much appreciated. Your talk reminded me about another gem in Postgres security space - phrack.org/issues/71/8

Speaking about OffensiveCon - many good talks but one I really wanted to sink my teeth into (because I'm not looking for vulns in phones) was this one: offensivecon.org/speakers/2026/… by @stdoutput and Paul Gerste. Guys - any chance for the slides?

@ifsecure Any chance you could share the slides? Thanks for the great talk!

In my OffensiveCon talk on Site Isolation yesterday, a question was asked that I didn't quite get at the moment so my answer was probably irrelevant. My apologies, especially since the question, as I understand it now, totally makes sense. Answering it here:

SELECT shell FROM postgres: Digging up a 20-year-old bug for ZeroDay.Cloud by @pspaul95 and @stdoutput

We @wiz_io just launched zeroday.cloud - a community for vuln researchers, by vuln researchers. Feat. writeups for PostgreSQL and MariaDB RCEs (@xint_official, @pspaul95 & @stdoutput) Stay tuned for the bug tracker and upcoming events. Big things coming soon 👀

Our writeup of our ZeroDay.Cloud Postgres exploit is live. We think it's a pretty neat bug and the exploitation was really fun, so check it out!

Trying to get some new folks onto the AI for security research Discord server: discord.gg/sVy9ahuEv Feel free to share with your peers in the field!🤖🐛

@0xrudrapratap @pspaul95 @garethheyes No

@pspaul95 @garethheyes @stdoutput Was it AI driven?

Pwning PostgreSQL was quite fun, excited to share our research at OffensiveCon! offensivecon.org/speakers/2026/…

My colleague Paul (@katexochen) has done a great write-up of how a malicious host (e.g. cloud provider) can trivially compromise confidential VMs, and how we mitigated the attack at @EdgelessSystems. Read his blog post: lobste.rs/domains/katexo…

I‘m at @1ns0mn1h4ck today and tomorrow. Feel free to drop me a DM if anyone wants to meet :)

@thorstenball I curl -s a lot

It's always like: how much do you squat? Never: how much do you curl? "wow you have strong legs" buddy, my bis are up here

@mycoliza Yeah, could just be a {}

hey, it just says it was “impacted by objects”…it could be any kind of objects!

@cramforce Ah, thanks! I guess this mostly holds for cut-off JSON objects then. I think that /{"[a-zA-Z].*/ should pretty much always(?) map to "eyJ...". Some also map to "eyI", though, e.g. /{"\d+.*/

@stdoutput Don't think so. This is {". Of course, there are other possible beginnings for JSON

Nobody? Beginning of a JSON payload encoded as base64

This stunt feels irresponsible to me. If we don't want regular people developing toxic relationships with their chatbots it really doesn't help for leading labs to start giving them "retirement interviews" and encouraging them to blog their "musings and reflections"

@pilvar222 🥱http://č.㎺/

also whoops now everyone can see my cool 5 chars domain 👀

My team and I have been working on this for quite a while. I'm proud to announce it's finally released (and with a killer video!) 😁 Teams ship daily, but pentests are annual. It's time to fix this :)

@zeeg Generally, academic research on this part of applied AI / agents doesn't make a lot of sense imo, even when well-done. The current AI frontier is just moving way faster than the publishing cycles of traditional academia.

Alright internet lets be clear on two things: Auto generating skills does not mean worse performance for a harness. Nor does having AGENTS files. The papers don’t even support this. Never did I ever think mainstream internet would be reference half baked papers.

Video is live! youtube.com/watch?v=YQEq5s…