frycos

Thank you ⁦@msftsecresponse⁩ for the unexpected Most Valuable Researcher 2024 gift. The pink hoodie will probably end up in my wife's closet. 😉

@ReneFreingruber I’m interested in your opinion when you’re done. Got it on my watch list for some time.

Book for the weekend just arrived in time

New Post: corelan.be/index.php/2026… #corelan

Next level… Me: “Your PoC doesn’t make sense technically.” Them: “Yeah, but you know…I got a CVE anyways because my AI also wrote a comprehensive report. 🤷” Well: performance boost for experienced VRs with access to AI. For beginners and script kiddies, not so much.

I finally let Claude do my pentest this week. Full 5-day engagement, zero human input. Here's what the client got: 😏 clawd.it/posts/10-repla… #bugbounty #pentesting #AI #cybersecurity #infosec #claudeai

Fortunately, humans still learn to walk first, even though the car has been invented.

@starlabs_sg @CurseRed @bestswngs Cool article 👌 But you’re referencing lines of code without showing line numbers. 🤔

Ever wondered what happens when you pickle a mailbox? 🥒📬 (No, it’s not a recipe, it’s a vulnerability.) Our team breaks down CVE-2025-20393 in a new deep dive post covering root cause, internals & exploitation details starlabs.sg/blog/2026/01-p… Written by @CurseRed & @bestswngs

Highly recommend the writeup from our @flomb_ and congrats on this well-deserved achievement!

@matthias_kaiser „matching line numbers“ = ❤️

At my former employer I had a cool Eclipse plugin similar to JD-Eclipse which allowed me to decompile classes on the fly. Procyon, Fernflower and CFR were supported. Even debugging with matching line numbers worked. I hope to find time soon to reimplement the plugin😀

@steventseeley 💪👌🫶

It's been a while since I blogged. *checks notes* Over a year! :->

Crazy work by my colleague Fabian. High impact target: one might be amazed at how widespread this product is in industrial networks.

I was recently laid off, so I’m officially open to new opportunities. If you need a Hacker, or a teachable moment using Red Team tactics. I can also be a trainer, community builder & liaison. I want more than a job I need a company & purpose I can believe in. Please share! 💜🤗💜

@DanielMiessler I’m a LLM fan for sure (got a PhD in Neuroscience) but…“2022: AI can barely identify a cat“? en.wikipedia.org/wiki/ImageNet (history of challenges) I believe that a more scientifically sound basis for discussion would be beneficial to us at this time.

2022: AI can barely identify a cat 2023: Sure it can write a bit, but it can't think 2024: Ok it can think, but it can't do stuff 2025: Ok it can do stuff, but it can't do actual work end-to-end 2026: Oh no

Which country was the only one that ever invoked article 5 of NATO, and when? And what happened? I guess DJT was busy hanging out with Epstein during that time, so he might have missed it...

@AlizTheHax0r You’ll find several of my @codewhitesec colleagues there. Say hi. 👋

so is anyone else on here going to CCC? I'm starting to worry that I'm going to go and not know anyone and be awkward and alone the whole time, not sure if just being paranoid or realistic worry

Medical 🫣

In 2025 my colleague and me pwned several widespread medial devices. Check our vuln list for some impressions and get ready for cool blog posts and hopefully conference talks in 2026. 🤞🏻 code-white.com/public-vulnera…

There is still more to find 🤫

@SinSinology @pwntester @chudyPB @olekmirosh @steventseeley @irsdl @tiraniddo @mwulftange What a cool team!! Super sad to miss this meeting 😢

guess what? there's like 50 deserialization gadgets in this picture! you don't always get to hangout with @pwntester and @chudyPB 🔥👑 we're missing @olekmirosh @steventseeley @irsdl @tiraniddo @frycos @mwulftange

Our 2024 applicants challenge is officially #roasted: the full BeanBeat × Maultaschenfabrikle walkthrough is now online. Unwrap the write-up at apply-if-you-can.com/walkthrough/20… and revisit the hacks that escalated from cold brew to full breach.

@matthias_kaiser @ppalaga @ppalaga I would be super happy if you’d send me a DM. 🙏

@frycos If I remember correctly @ppalaga helped me in the past

Somebody in my X circle who knows security responsibles at Red Hat, WildFly or Undertow? Disclosed a thing in April this year but complete silence since September 🤨