sshell
@sshell.co
propane and propane accessories
ai + security research
ccdc red team
ai + security research
ccdc red team
Pinned
sshell
@sshell.co
· Nov 12
hello pinned post viewers,
i am a person who occasionally does security research, ccdc red teaming, lots and lots of recon, tool development, and other random computer shenanigans.
thanks for coming to my ted talk
i am a person who occasionally does security research, ccdc red teaming, lots and lots of recon, tool development, and other random computer shenanigans.
thanks for coming to my ted talk
Reposted by sshell
The Sixth Annual Binary Golf Grand Prix #BGGP6 will start Friday 10/17!!!
@binary.golf Fall/Winter 2025
@binary.golf Fall/Winter 2025
a group of cartoon characters are dancing together in a park .
ALT: a group of cartoon characters are dancing together in a park .
media.tenor.com
October 11, 2025 at 7:10 PM
The Sixth Annual Binary Golf Grand Prix #BGGP6 will start Friday 10/17!!!
@binary.golf Fall/Winter 2025
@binary.golf Fall/Winter 2025
Reposted by sshell
Every year there’s some discourse around how safe/unsafe it is to scan QR codes at BlackHat and DefCon.
Last year, I set out to enumerate the scope, and did!
And then promptly forgot for a year.
QR codes you shouldn’t have scanned last year; this year.
remyhax.xyz/posts/no-sca...
Last year, I set out to enumerate the scope, and did!
And then promptly forgot for a year.
QR codes you shouldn’t have scanned last year; this year.
remyhax.xyz/posts/no-sca...
QR Codes You Shouldn't Scan
Number 3 may surprise you!
I’m kidding of course, blatant web-based phishing attacks are boring. This blog isn’t about those. Most of these examples will probably surprise you in some way. This blog i...
remyhax.xyz
August 7, 2025 at 3:40 AM
Every year there’s some discourse around how safe/unsafe it is to scan QR codes at BlackHat and DefCon.
Last year, I set out to enumerate the scope, and did!
And then promptly forgot for a year.
QR codes you shouldn’t have scanned last year; this year.
remyhax.xyz/posts/no-sca...
Last year, I set out to enumerate the scope, and did!
And then promptly forgot for a year.
QR codes you shouldn’t have scanned last year; this year.
remyhax.xyz/posts/no-sca...
i am very excited to see all of my friends in las vegas, nevada
August 3, 2025 at 7:45 PM
i am very excited to see all of my friends in las vegas, nevada
New blog post about all the fun I had red teaming at @NationalCCDC this year!
Covers some of the fun we had this year specifically relating to the web side of things, as well as some tips and resources for competitors & those interested in participating
www.sshell.co/red-teaming-...
Covers some of the fun we had this year specifically relating to the web side of things, as well as some tips and resources for competitors & those interested in participating
www.sshell.co/red-teaming-...
Red Teaming at National CCDC 2025
There's nothing quite like the feeling of playing Doom on someone's hypervisor and watching as they frantically try to figure out how to eject you from the system.
www.sshell.co
July 27, 2025 at 6:40 PM
New blog post about all the fun I had red teaming at @NationalCCDC this year!
Covers some of the fun we had this year specifically relating to the web side of things, as well as some tips and resources for competitors & those interested in participating
www.sshell.co/red-teaming-...
Covers some of the fun we had this year specifically relating to the web side of things, as well as some tips and resources for competitors & those interested in participating
www.sshell.co/red-teaming-...
Reposted by sshell
As of this morning I am unemployed. I am looking for work! I have a range of experience that can be valuable to the right team. A short list of relevant skills that I'd call out: reverse engineering & vuln research, DFIR, project management, infrastructure architecting, system administration.
July 1, 2025 at 7:02 PM
As of this morning I am unemployed. I am looking for work! I have a range of experience that can be valuable to the right team. A short list of relevant skills that I'd call out: reverse engineering & vuln research, DFIR, project management, infrastructure architecting, system administration.
what do you mean “stuck at 50% done saving a bookmark?”
you completed one half of one api call?
i hate it here.
you completed one half of one api call?
i hate it here.
June 1, 2025 at 6:30 PM
what do you mean “stuck at 50% done saving a bookmark?”
you completed one half of one api call?
i hate it here.
you completed one half of one api call?
i hate it here.
Reposted by sshell
We heard you needed some more time, so we wanted to let you cook.
We decided to push the Phrack 72 CFP deadline back until June 15th.
Stay tuned for upcoming Phrack events.
Print this flyer out and give it to someone IRL!!
We decided to push the Phrack 72 CFP deadline back until June 15th.
Stay tuned for upcoming Phrack events.
Print this flyer out and give it to someone IRL!!
March 17, 2025 at 1:58 PM
We heard you needed some more time, so we wanted to let you cook.
We decided to push the Phrack 72 CFP deadline back until June 15th.
Stay tuned for upcoming Phrack events.
Print this flyer out and give it to someone IRL!!
We decided to push the Phrack 72 CFP deadline back until June 15th.
Stay tuned for upcoming Phrack events.
Print this flyer out and give it to someone IRL!!
Report government waste to DOGE:
- Every Electron app wastes hundreds of MB of disk space (and RAM) by bundling it's own Chrome browser. Make native UI great again!
- Every Go binary is too large. What are they hiding in there?
- Windows installs 500+ language packs. In the US we only use en-US!
- Every Electron app wastes hundreds of MB of disk space (and RAM) by bundling it's own Chrome browser. Make native UI great again!
- Every Go binary is too large. What are they hiding in there?
- Windows installs 500+ language packs. In the US we only use en-US!
February 18, 2025 at 4:57 PM
Report government waste to DOGE:
- Every Electron app wastes hundreds of MB of disk space (and RAM) by bundling it's own Chrome browser. Make native UI great again!
- Every Go binary is too large. What are they hiding in there?
- Windows installs 500+ language packs. In the US we only use en-US!
- Every Electron app wastes hundreds of MB of disk space (and RAM) by bundling it's own Chrome browser. Make native UI great again!
- Every Go binary is too large. What are they hiding in there?
- Windows installs 500+ language packs. In the US we only use en-US!
i wish there was a very serious medical drama where everything was normal EXCEPT every patient was played by the same actor, and it was never brought up or addressed in any way.
February 9, 2025 at 12:35 AM
i wish there was a very serious medical drama where everything was normal EXCEPT every patient was played by the same actor, and it was never brought up or addressed in any way.
Reposted by sshell
Got an MRI recently and @sshell.co immediately turned it into a banger
February 7, 2025 at 11:12 PM
Got an MRI recently and @sshell.co immediately turned it into a banger
i tried openai operator and got jumpscared because i forgot how terrible it was to rawdog the internet without an ad-blocker.
January 24, 2025 at 1:03 AM
i tried openai operator and got jumpscared because i forgot how terrible it was to rawdog the internet without an ad-blocker.
Reposted by sshell
Many YouTube videos lately are clickbait and stretch out a Wikipedia page into 30 minutes. Many videos are just questions with simple answers.
So I built tldw.tube: put in the URL and save your time!
(No hate on Veritasium, it just happened to work well for the screenshot)
So I built tldw.tube: put in the URL and save your time!
(No hate on Veritasium, it just happened to work well for the screenshot)
January 11, 2025 at 5:24 AM
Many YouTube videos lately are clickbait and stretch out a Wikipedia page into 30 minutes. Many videos are just questions with simple answers.
So I built tldw.tube: put in the URL and save your time!
(No hate on Veritasium, it just happened to work well for the screenshot)
So I built tldw.tube: put in the URL and save your time!
(No hate on Veritasium, it just happened to work well for the screenshot)
i am attendee at the local shmoo conference today. i can’t wait to talk about the latest developments in shmoo technology.
January 10, 2025 at 8:12 PM
i am attendee at the local shmoo conference today. i can’t wait to talk about the latest developments in shmoo technology.
Took an existing open-source tool that 105 seconds to run on default settings out of the box.
Had Cursor rewrite it in a more performant language with only functionality I needed, and tuned for performance on my specific setup. Kept prompting it to further optimize and...
Had Cursor rewrite it in a more performant language with only functionality I needed, and tuned for performance on my specific setup. Kept prompting it to further optimize and...
December 19, 2024 at 6:51 PM
Took an existing open-source tool that 105 seconds to run on default settings out of the box.
Had Cursor rewrite it in a more performant language with only functionality I needed, and tuned for performance on my specific setup. Kept prompting it to further optimize and...
Had Cursor rewrite it in a more performant language with only functionality I needed, and tuned for performance on my specific setup. Kept prompting it to further optimize and...
Reposted by sshell
We updated our CFP for Phrack 72! The deadline is now April 1st 2025. Check the site for specifics on how to contribute, as well as some inspiration! We also posted a link to purchase physical copies of Phrack 71, and a donation link too. Enjoy!
phrack.org
phrack.org
December 16, 2024 at 10:56 PM
We updated our CFP for Phrack 72! The deadline is now April 1st 2025. Check the site for specifics on how to contribute, as well as some inspiration! We also posted a link to purchase physical copies of Phrack 71, and a donation link too. Enjoy!
phrack.org
phrack.org
the best part about december is watching “jingle all the way” at least 7 times
a man talking on a phone with the words put that cookie down on the bottom
Alt: a man talking on a phone with the words put that cookie down on the bottom
media.tenor.com
December 14, 2024 at 10:33 PM
the best part about december is watching “jingle all the way” at least 7 times
Reposted by sshell
Yo, new big thing: Shift.
AI seamlessly integrated into your HTTP proxy.
Use cases:
"Take this JS and build the JSON request body"
"Fill in these IDs from my notes - UserA"
"Create a match and replace rule to turn on this feature flag"
"Generate a wordlist with all HTTP Verbs"
AI seamlessly integrated into your HTTP proxy.
Use cases:
"Take this JS and build the JSON request body"
"Fill in these IDs from my notes - UserA"
"Create a match and replace rule to turn on this feature flag"
"Generate a wordlist with all HTTP Verbs"
December 6, 2024 at 3:39 PM
Yo, new big thing: Shift.
AI seamlessly integrated into your HTTP proxy.
Use cases:
"Take this JS and build the JSON request body"
"Fill in these IDs from my notes - UserA"
"Create a match and replace rule to turn on this feature flag"
"Generate a wordlist with all HTTP Verbs"
AI seamlessly integrated into your HTTP proxy.
Use cases:
"Take this JS and build the JSON request body"
"Fill in these IDs from my notes - UserA"
"Create a match and replace rule to turn on this feature flag"
"Generate a wordlist with all HTTP Verbs"
who are some of your favorite hackers and companies working with AI for offensive security right now?
November 30, 2024 at 8:51 PM
who are some of your favorite hackers and companies working with AI for offensive security right now?
Reposted by sshell
I've released 'brainstorm': an alternative way to do web fuzzing combining my fav fuzzing tool 'ffuf' (from @joohoi.bsky.social )with local LLMs (via Ollama API) to generate smarter filename tests. It usually finds more endpoints with fewer requests. Added a IIS shortname support @irsdl.bsky.social
November 26, 2024 at 8:57 AM
I've released 'brainstorm': an alternative way to do web fuzzing combining my fav fuzzing tool 'ffuf' (from @joohoi.bsky.social )with local LLMs (via Ollama API) to generate smarter filename tests. It usually finds more endpoints with fewer requests. Added a IIS shortname support @irsdl.bsky.social
bro, i’m sitting down to watch jonbenet docuseries and the music was done by THE SYSTEM OF A DOWN GUY?!
November 26, 2024 at 11:53 PM
bro, i’m sitting down to watch jonbenet docuseries and the music was done by THE SYSTEM OF A DOWN GUY?!
went outside today and we’re off to a bad start already
November 26, 2024 at 6:36 PM
went outside today and we’re off to a bad start already
Reposted by sshell
I’ve to say that I’m impressed by how @xbow.com managed to identify this SSRF vulnerability (and bypass a MIME filter on its way) 🤖
XBOW – SSRF & URI validation bypass in 2FAuth
XBOW discovered a Server-Side Request Forgery (SSRF) vulnerability in the OTP preview feature of the open-source project, 2FAuth.
xbow.com
November 24, 2024 at 2:38 PM
I’ve to say that I’m impressed by how @xbow.com managed to identify this SSRF vulnerability (and bypass a MIME filter on its way) 🤖
Reposted by sshell
I took this training last year, after using burp for as many years as I can remember, and I still learned a lot. I still use some of the tips I learned daily and it's made me faster. Highly recommend.
In case you're a professional Burp Suite user, there's a few seats left for the Q1 2025 training sessions
hackademy.agarri.fr/2025
hackademy.agarri.fr/2025
I'm using burp for like 15 years now, but @agarri.fr's training was absolutely mind blowing and really super charged my burp skills!
November 25, 2024 at 11:08 AM
I took this training last year, after using burp for as many years as I can remember, and I still learned a lot. I still use some of the tips I learned daily and it's made me faster. Highly recommend.