jstnkndy
@jstnkndy.bsky.social
Infosec professional, beverage snob, and fantasy book consumer. Vice President @ Atredis Partners. Forever terrified of Kithicor.
Reposted by jstnkndy
VulnCheck is #hiring (senior) exploit developers in the U.S. and UK! If you love writing RCE exploits but also want to help customers detect exploitation and assess exposure, this is a fantastic place to learn and grow! Open roles here - we're also looking for UK engineers: www.vulncheck.com/careers
VulnCheck - Outpace Adversaries
Vulnerability intelligence that predicts avenues of attack with speed and accuracy.
www.vulncheck.com
December 4, 2025 at 2:52 AM
VulnCheck is #hiring (senior) exploit developers in the U.S. and UK! If you love writing RCE exploits but also want to help customers detect exploitation and assess exposure, this is a fantastic place to learn and grow! Open roles here - we're also looking for UK engineers: www.vulncheck.com/careers
Reposted by jstnkndy
TL;DR
Middle management is hard. Caring is required, but the kind of care you provide matters.
Middle management is hard. Caring is required, but the kind of care you provide matters.
Ashley Willis
The other day I texted my group chat with other leaders outside my organization. The ones I go to when the leadership stuff gets messy and I need perspective fr...
ashley.dev
December 2, 2025 at 10:01 PM
TL;DR
Middle management is hard. Caring is required, but the kind of care you provide matters.
Middle management is hard. Caring is required, but the kind of care you provide matters.
Reposted by jstnkndy
George says gobble gobble, happy thanksgiving, and fuck ICE.
November 27, 2025 at 5:40 PM
George says gobble gobble, happy thanksgiving, and fuck ICE.
Windows 11 requiring weird hacks to only use a local account. Microsoft are a bunch of cunts for forcing online account onto people.
November 26, 2025 at 6:00 PM
Windows 11 requiring weird hacks to only use a local account. Microsoft are a bunch of cunts for forcing online account onto people.
Sometimes you audit a codebase and are just absolutely blown away by how elegant and well thought-out it is. 🤌
November 26, 2025 at 4:43 PM
Sometimes you audit a codebase and are just absolutely blown away by how elegant and well thought-out it is. 🤌
Reposted by jstnkndy
Our Black Friday Sale is now active! Take 42% off everything with code BLACKFRIDAY25. Grab the books you’ve been eyeing. Sale ends 12/2.
https://nostarch.com/
https://nostarch.com/
November 25, 2025 at 6:00 PM
Our Black Friday Sale is now active! Take 42% off everything with code BLACKFRIDAY25. Grab the books you’ve been eyeing. Sale ends 12/2.
https://nostarch.com/
https://nostarch.com/
Reposted by jstnkndy
We took WPScan's one-liner #security advisory for CVE-2025-9501 affecting the W3 Total Cache plugin for #WordPress, analysed its cache parsing internals and built a pre-auth RCE exploit for it 😎
www.rcesecurity.com/2025/11/expl...
#infosec
www.rcesecurity.com/2025/11/expl...
#infosec
Exploiting A Pre-Auth RCE in W3 Total Cache For WordPress (CVE-2025-9501) | RCE Security
www.rcesecurity.com
November 19, 2025 at 5:33 PM
We took WPScan's one-liner #security advisory for CVE-2025-9501 affecting the W3 Total Cache plugin for #WordPress, analysed its cache parsing internals and built a pre-auth RCE exploit for it 😎
www.rcesecurity.com/2025/11/expl...
#infosec
www.rcesecurity.com/2025/11/expl...
#infosec
Reposted by jstnkndy
We sold out of our GA tickets in 15 seconds 🤯
For students: Thanks to our community sponsors, our DistrictCon Scholars' Program application is open!
For anyone else passionate about DisCo: Volunteer with us!
You can also join our waitlist on Eventbrite! All info here:
www.districtcon.org/tickets
For students: Thanks to our community sponsors, our DistrictCon Scholars' Program application is open!
For anyone else passionate about DisCo: Volunteer with us!
You can also join our waitlist on Eventbrite! All info here:
www.districtcon.org/tickets
DistrictCon Tickets — DistrictCon
www.districtcon.org
November 17, 2025 at 4:41 PM
We sold out of our GA tickets in 15 seconds 🤯
For students: Thanks to our community sponsors, our DistrictCon Scholars' Program application is open!
For anyone else passionate about DisCo: Volunteer with us!
You can also join our waitlist on Eventbrite! All info here:
www.districtcon.org/tickets
For students: Thanks to our community sponsors, our DistrictCon Scholars' Program application is open!
For anyone else passionate about DisCo: Volunteer with us!
You can also join our waitlist on Eventbrite! All info here:
www.districtcon.org/tickets
Got mine! That was stressful 😅
Looking forward to seeing you all there!
Looking forward to seeing you all there!
November 16, 2025 at 5:03 PM
Got mine! That was stressful 😅
Looking forward to seeing you all there!
Looking forward to seeing you all there!
Reposted by jstnkndy
Looking good a good tutorial on debugging with ghidra. I want to set breakpoints, change flow, and modify memory values.
Is that possible?
Is that possible?
November 14, 2025 at 3:04 PM
Looking good a good tutorial on debugging with ghidra. I want to set breakpoints, change flow, and modify memory values.
Is that possible?
Is that possible?
Reposted by jstnkndy
Let's Hack Something Cute! A Reverse Engineering Journey into the Drawbot with Jessie www.atredis.com/blog/2025/9/...
Drawbot: Let’s Hack Something Cute! — Atredis Partners
The Target A few months ago I realized I was overdue for a fun, quirky hardware project. Every so often I like to see what new and interesting electronic children's toys are out there. When looking,…
www.atredis.com
November 13, 2025 at 8:40 PM
Let's Hack Something Cute! A Reverse Engineering Journey into the Drawbot with Jessie www.atredis.com/blog/2025/9/...
I've been following the @xbow.com stuff for a while now and have been really impressed by their blog posts and findings, so I'm extremely surprised/disappointed by the poor quality of their sample report on their new on-demand pentest offering at xbow.com/pentest for a lot of reasons.
Web Application Penetration Testing at AI Speed | XBOW
XBOW delivers web application penetration testing at AI speed; autonomous and validated with real exploit evidence in days.
xbow.com
November 13, 2025 at 6:25 PM
I've been following the @xbow.com stuff for a while now and have been really impressed by their blog posts and findings, so I'm extremely surprised/disappointed by the poor quality of their sample report on their new on-demand pentest offering at xbow.com/pentest for a lot of reasons.
This whole system is fucked.
November 10, 2025 at 2:39 PM
This whole system is fucked.
Reposted by jstnkndy
every AI ad is like
“hey gemini, what would i have for lunch?”
and then the phone is like
“sandwich”
and the guy is like
“wow”
“hey gemini, what would i have for lunch?”
and then the phone is like
“sandwich”
and the guy is like
“wow”
September 25, 2025 at 4:59 PM
every AI ad is like
“hey gemini, what would i have for lunch?”
and then the phone is like
“sandwich”
and the guy is like
“wow”
“hey gemini, what would i have for lunch?”
and then the phone is like
“sandwich”
and the guy is like
“wow”
Reposted by jstnkndy
I have a close friend who spent the last 15 years as an ETL developer and whose department was recently laid off (jobs were outsourced). If anyone has or knows of any openings, this guy is intelligent, personable, and overall a great person, and I'd love to put you in touch.
Reposts appreciated!
Reposts appreciated!
August 12, 2025 at 1:55 AM
I have a close friend who spent the last 15 years as an ETL developer and whose department was recently laid off (jobs were outsourced). If anyone has or knows of any openings, this guy is intelligent, personable, and overall a great person, and I'd love to put you in touch.
Reposts appreciated!
Reposts appreciated!
Reposted by jstnkndy
Y'all fantastic news! Save the date, @blackhoodie.bsky.social will be at @districtcon.bsky.social this year 😱 the fantastic crew has offered to host us for a day of Malware Reverse Engineering! @synapticrewrite.bsky.social and myself will be hosting a training for women by women on January 23rd!!
October 26, 2025 at 7:37 PM
Y'all fantastic news! Save the date, @blackhoodie.bsky.social will be at @districtcon.bsky.social this year 😱 the fantastic crew has offered to host us for a day of Malware Reverse Engineering! @synapticrewrite.bsky.social and myself will be hosting a training for women by women on January 23rd!!
Reposted by jstnkndy
Reposted by jstnkndy
October 25, 2025 at 1:08 PM
Reposted by jstnkndy
Day 2 of #Pwn2Own Ireland is in the books. So far, we've awarded $792,750 or 56 unique 0-days. Tomorrow could be even better with more Samsung, a Meta Quest entry and that big WhatsApp entry still lingering. Here's the current Master of Pwn leader board. See you tomorrow!
October 22, 2025 at 6:31 PM
Day 2 of #Pwn2Own Ireland is in the books. So far, we've awarded $792,750 or 56 unique 0-days. Tomorrow could be even better with more Samsung, a Meta Quest entry and that big WhatsApp entry still lingering. Here's the current Master of Pwn leader board. See you tomorrow!
Reposted by jstnkndy
HTTP is supposed to be stateless, but sometimes... it isn't! Some servers create invisible vulnerabilities by only validating the first request on each TCP/TLS connection. I've just published a Custom Action to help you detect & exploit this - here's a narrated demo:
youtu.be/BAZ-z2fA8E4
youtu.be/BAZ-z2fA8E4
HTTP is supposed to be stateless...
YouTube video by PortSwigger
youtu.be
October 22, 2025 at 2:06 PM
HTTP is supposed to be stateless, but sometimes... it isn't! Some servers create invisible vulnerabilities by only validating the first request on each TCP/TLS connection. I've just published a Custom Action to help you detect & exploit this - here's a narrated demo:
youtu.be/BAZ-z2fA8E4
youtu.be/BAZ-z2fA8E4
Pop a vendor website, replace their /.well-known/security.txt with your own rogue contact info, and wait for the bugs to roll in.
October 20, 2025 at 7:41 PM
Pop a vendor website, replace their /.well-known/security.txt with your own rogue contact info, and wait for the bugs to roll in.
Reposted by jstnkndy
Junkyard closes on Friday, Oct 24 at Midnight!!!
Submit here: www.districtcon.org/junkyard
Submit here: www.districtcon.org/junkyard
October 20, 2025 at 2:26 PM
Junkyard closes on Friday, Oct 24 at Midnight!!!
Submit here: www.districtcon.org/junkyard
Submit here: www.districtcon.org/junkyard
Wow the Nexpose user interface is horrible these days, eh? Absolutely fucking terrible.
October 14, 2025 at 7:48 PM
Wow the Nexpose user interface is horrible these days, eh? Absolutely fucking terrible.
Reposted by jstnkndy
y2038 progress retr0.id/stuff/2038/
October 13, 2025 at 11:12 PM
y2038 progress retr0.id/stuff/2038/