Implementing Zero Trust Security With a VDP
I understand the importance of Zero Trust but, personally, I’ve had a hard time bridging the gap between how the world of vulnerability disclosure and…
Category: Mix
Celebrating the Inaugural Glass Firewall Conference
This event’s focus was getting more women to participate in bug bounty programs, as we noticed the community is relatively small. When our industry friends…
DOM Handling with MutationObserver
최근 ZAP은 SPA 기반의 앱을 쉽게 식별하기 위해 Client Side Integration 이란 기능을 추가했습니다. 이 이 때 DOM의 변화를 식별하기 위한 장치로 MutationObserver가 사용되었는데요. 오늘은…
Before you close that laptop…
Wanted to catch you before you shut down for the Holiday weekend. As I mentioned in the newsletter, I’m running a sale on a Unsupervised…
Bug Bytes #217 – How to Submit Vulnerabilities, Writing a Great WriteUp and 2 years of Bug Bounty
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps…
Unpacking the Zimbra Cross-Site Scripting Vulnerability (CVE-2023-37580)
Insights and Protections On November 16, 2023, a significant security concern was published by Google’s Threat Analysis Group (TAG). They revealed an alarming vulnerability in…
OpenAI Coup Theory, SEC vs. SolarWinds Analysis, Deepfake D&D Summaries
Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original…
Sam Altman Wants AGI as Fast as Possible, and He Has Powerful Opposition
A lot of people are asking for my thoughts on what happened at OpenAI this weekend. As I’ll explain below, I believe what happened ultimately…
SEC vs. SolarWinds is Cybersecurity’s ENRON Moment
Then the industry grows up and processes start to take over. And within a few decades it’s more the process doing the work than the…
How to Permanently Remove Your Fear of Public Speaking
After a number of requests, here’s the follow-up to my recent post about lowering your heart rate before giving a talk. In that piece, I…
How to Fortify Your Assets & Maintain Compliance
Stepped-up SEC Enforcement Makes Proactive Security a Must The SEC’s finalized cybersecurity rules, effective starting mid-December 2023, place a spotlight on requirements for transparency regarding…
[tl;dr sec] #208 – Cybersecurity GPT Agents, Supply Chain Security, Kubernetes Pentest Image
I hope you’ve been doing well! (Expect more details about my travel jaunts next week, this week I miscalculated timezones 😅 ) I first came…