d3fp4r4m

@[email protected]
372 Followers
196 Following
55 Posts
Toolshttps://def.tools/
Githubhttps://github.com/defparam
d3fp4r4mDec 3, 2023
stacksmashingDec 3, 2023
Let's go! 🥳 #37c3
d3fp4r4mNov 18, 2023
Charlie SmithNov 16, 2023
Check out CLZero, for your CL.0 Fuzzing needs https://moopinger.github.io/blog/fuzzing/clzero/tools/request/smuggling/2023/11/15/Fuzzing-With-CLZero.html Thanks to @defparam @albinowax and @deadvolvo
Fuzzing with CLZero

Place to store my thoughts on all things information-security related. Hopefully you find something of interest. Ramblings are my own. Charlton Smith

MOOPINGER
d3fp4r4mSep 16, 2023
Joo N/ASep 16, 2023

ffuf v2.1.0 released!

There's a good bunch of new features as well as some smaller fixes.

The major new features include:
- Integration with https://github.com/ffuf/pencode that allows you to encode (chain) your wordlist inputs in various ways.
- A cli flag to disable the automatic URL encoding for the wordlist inputs in URLs (ready to break some shit?)
- Extensible auto-calibration strategies
- Client certificate authentication support

Full changelog can be found at: https://github.com/ffuf/ffuf/blob/v2.1.0/CHANGELOG.md

I'm going to write a bit of documentation about the more complex new features, but in case you are eager to try them out, see the following dev docs:
- Extensible auto-calibration strategies: https://github.com/ffuf/ffuf/pull/694#issuecomment-1620163955
- Pencode integration: https://github.com/ffuf/ffuf/pull/717

GitHub - ffuf/pencode: Complex payload encoder

Complex payload encoder. Contribute to ffuf/pencode development by creating an account on GitHub.

GitHub
d3fp4r4mDec 3, 2022
my new SAST tool
d3fp4r4mDec 1, 2022
James KettleDec 1, 2022

Love research? We're hiring! Join @gaz and I to invent and share novel web hacking techniques.

https://portswigger.net/careers/web-vulnerability-researcher

Career Opportunity - Web vulnerability researcher

Vacancy Web vulnerability researcher An opportunity to join a world-class web security research team and champion the sharing of knowledge about web ...

d3fp4r4mNov 28, 2022
blastyNov 28, 2022
t00t t00t.
d3fp4r4mNov 21, 2022
Is there a centralized place for information on specialized training courses for reverse engineering, vulnerability research and exploitation or do people track trainers individually?
d3fp4r4mNov 21, 2022
shubsNov 21, 2022
so people will post 0days on here from now on right?
d3fp4r4mNov 20, 2022
I can't be bothered to build cross posters and I don't want to post content on multiple sites. I've put my twitter account private and pointed visitors here. I want to keep my twitter account parked and just use it for read only at this point. I've gone and removed all link references from here back to twitter because (why?). Anyway seems like the most sensible way for me to promote migration.
d3fp4r4mNov 19, 2022
buheratorNov 19, 2022

RT @[email protected]

A new AWS whitepaper covering Nitro -
"The Security Design of the AWS Nitro System". Super interesting deep dive into virtualization and the AWS approach to security.

HTML: https://docs.aws.amazon.com/whitepapers/latest/security-design-of-aws-nitro-system/security-design-of-aws-nitro-system.html
PDF: https://docs.aws.amazon.com/pdfs/whitepapers/latest/security-design-of-aws-nitro-system/security-design-of-aws-nitro-system.pdf

🐦🔗: https://twitter.com/colmmacc/status/1593632790738006017

The Security Design of the AWS Nitro System - The Security Design of the AWS Nitro System

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. The AWS Nitro System is the underlying platform for all modern EC2 instances. This whitepaper provides a detailed description of the security design of the Nitro System to assist you in evaluating EC2 for your sensitive workloads.