Newsletter
Security Pills - Issue 46
50 Shades of Vulnerabilities, State of Cloud Security, Adversarial Attacks on LLMs
View Newsletter →
Security Pills - Issue 45
Everything Ill Forget About Prompting LLMs, Analysis of Obfuscations in Apple Fairplay, How Malicious Code Can Sneak Into Your GitHub Actions Workflows
View Newsletter →
Security Pills - Issue 44
Java Exploitation Restrictions in Modern JDK Times, Meterpreter vs Modern EDRs, How to Bypass Cloudflare in 2023
View Newsletter →
Security Pills - Issue 43
Effective Active Subdomain Enumeration with Patterns, Hacking Play-To-Earn Blockchain Games, Rule Writing for CodeQL and Semgrep
View Newsletter →
Security Pills - Issue 42
The case for improving crypto wallet security, How to avoid the aCropalypse, Taking over any DNSSEC name on ENS
View Newsletter →
Security Pills - Issue 41
Fuel VM Binary Analysis, The curl quirk that exposed Burp Suite & Google Chrome, Decipher EVM Puzzles game
View Newsletter →
Security Pills - Issue 40
Five myths about formally verifying smart contracts, Exploring unconfirmed transactions for effective Bitcoin address clustering
View Newsletter →
Security Pills - Issue 39
Heuristics for smart contracts, Abusing HTTP Hop-by-hop headers, Bitcoin Address Clustering
View Newsletter →
Security Pills - Issue 38
The ABCs Of Ethereum Virtual Machine, Overview Of The Inflation Attack, Practical Introduction To CodeQL
View Newsletter →
Security Pills - Issue 37
Reusable properties for Ethereum contracts, GitHub Security Lab audited DataHub, Demystifying Exploitable Bugs in Smart Contracts
View Newsletter →
Security Pills - Issue 36
How BlockSec Rescued Stolen Funds, OWASP Kubernetes Top 10, Zero Transfer Phishing
View Newsletter →
Security Pills - Issue 35
Server-side prototype pollution, Entering the Huff ecosystem, RCE in your Azure Web Service
View Newsletter →
Security Pills - Issue 34
Fearless CORS, Top 10 web hacking techniques of 2022, Cracking the Odd Case of Randomness in Java
View Newsletter →
Security Pills - Issue 33
Learning CodeQL, Bonq Protocol Got Bonked for $120M, Breaking Docker Named Pipes SYSTEMatically
View Newsletter →
Security Pills - Issue 32
Scaling Continuous Security, Setting Bear Traps in the Dark Forest, Exploiting Hardcoded Keys to Achieve RCE
View Newsletter →
Security Pills - Issue 31
An Incomplete Guide to Stealth Addresses, Bypassing Authorization in GC Workstations, Manipulating AES Traffic Using a Chain of Proxies and Hardcoded Keys
View Newsletter →
Security Pills - Issue 30
How to Analyze Bitcoin Data with SQL, Fake Token Trendy, Vulnerable Spots of Lending Protocols
View Newsletter →
Security Pills - Issue 29
Web Hackers vs The Auto Industry, Security in the Age of LLMS, Circom-Pairing: A Million-Dollar Zk Bug Caught Early.
View Newsletter →
Security Pills - Issue 28
Entering The Dark Forest, EVM Contract Construction, Turning Google Smart Speakers into Wiretaps for $100k
View Newsletter →
Security Pills - Issue 27
Statistical Attacks on Proof of Solvency, Rediscovering Smart Contracts Honeypots, Reversing the EVM: Raw CALLDATA
View Newsletter →
Security Pills - Issue 26
Ethereum Smart Contract Auditors 2022 Rewind, Decentralized Identity Attack Surface, SushiSwap Kashi Vulnerability Disclosed
View Newsletter →
Security Pills - Issue 25
Abusing JSON-Based SQL to Bypass WAF, Some Ways To Use ZK-SNARKs for Privacy, Alternatives to Tornado Cash
View Newsletter →
Security Pills - Issue 24
Subdomain Enumeration with DNSSEC, Visual Studio Code: RCE, Specialized Zero-Knowledge Proof Failures
View Newsletter →
Security Pills - Issue 23
Scaling Security Automation with Docker, So You Want to Get Into Bug Bounties?, How I Could Drain an Entire Blockchain
View Newsletter →
Security Pills - Issue 22
From Self-Hosted GitHub Runner to Self-Hosted Backdoor, You Could Have Found the Nomad Hack, Stealing Passwords from Infosec Mastodon
View Newsletter →
Security Pills - Issue 21
Earn $200k by Fuzzing for a Weekend, Decoding brahTOPG Smart Contract Vulnerability, Deribits $28 Million Hot Wallet Hack
View Newsletter →
Security Pills - Issue 20
The OpenSSL Punycode Vulnerability, Analyzing an MEV Bots Arbitrage on Ethereum, DAO Voting Vulnerabilities
View Newsletter →
Security Pills - Issue 19
The 0 to 1 MEV Guide, Optimizers Guide to Solidity, iOS Bug Allow Apps to Eavesdrop on Your Conversations with Siri
View Newsletter →
Security Pills - Issue 18
The State of Crypto Security, The Story Behind the Alternative Genesis Block of Bitcoin, PHP Filters Chain
View Newsletter →
Security Pills - Issue 17
Bridge Security In Blockchain, Curve LP Oracle Manipulation, Persistent PHP Payloads In PNGs
View Newsletter →
Security Pills - Issue 16
BSC attack for near $566M Dollars, Comparing Semgrep and CodeQl, Spoof Tokens on Ethereum
View Newsletter →
Security Pills - Issue 15
Prototype Pollution Primer, Ethereum PoS and PoW Security, How to Hack Crypto Exchange Wallets
View Newsletter →
Security Pills - Issue 14
The Profanity Tool Vulnerability, Breaking Bitbucket, A Sneak Peek into Smart Contracts Reversing & Emulation
View Newsletter →
Security Pills - Issue 13
How does Tornado.cash work?, Reversing Solana with Binary Ninja, Jetty Features for Hacking Web Apps
View Newsletter →
Security Pills - Issue 12
How Bridges Compare, Fork Bomb for Flutter, Hacking Helium Crypto Miner
View Newsletter →
Security Pills - Issue 11
Incident Response in AWS, Vulnerability in TikTok, Analysis of a Python malware
View Newsletter →
Security Pills - Issue 10
Command Injection in GitHub Pages, Decoding a $830,000 exploit, RCE in GameBoy Color
View Newsletter →
Security Pills - Issue 9
Worldwide Cryptocurrency Heists Tracker, Fault Injection Attack on the Trezor One, Attacking Firefox Renderer
View Newsletter →
Security Pills - Issue 8
Tracking users via Instagram in-app browser, OFAC sanctions Tornado Cash, Cisco Talos shares insights on recent cyberattack
View Newsletter →
Security Pills - Issue 7
Determining Malicious Probabilities Through ASNs, Nomad Bridge Exploit, From XSS to RCE
View Newsletter →
Security Pills - Issue 6
The Great Tech Salary Crash, Untangling KNOTWEED, Hunting for Mass Assignment Vulnerabilities
View Newsletter →
Security Pills - Issue 5
5 Considerations when choosing BB platform, Investigating a hacked Linode Server, Dependency Confusion vulnerabilities
View Newsletter →
Security Pills - Issue 4
Mixers reaches an all-time high, How to Steal $100M, How did MetaMask come to life?
View Newsletter →
Security Pills - Issue 3
Apples lockdown mode, How hackers got into Axie Infinity, Following the trail of $100 millions
View Newsletter →
Security Pills - Issue 2
Do you need a blockchain?, Apple Safari sandbox escape, $76m stolen in scams
View Newsletter →
Security Pills - Issue 1
Cryptocurrency crimes, Lazarus Group and private keys on Docker Hub
View Newsletter →