Why Marcus Is Wrong About AI
My friend Marcus Hutchins put out a long, well-written, and entertaining piece about all the reasons he thinks AI is hype. I think it was…
Category: Mix
HTTP Request Smuggling Explained: with seasoned bug bounty hunter NahamSec and world-class researcher James Kettle
Amelia Coen | 05 August 2025 at 11:08 UTC Ever wondered how attackers can compromise modern websites by exploiting invisible cracks in HTTP infrastructure to…
Why Platforms Like Substack Won’t Make Sense for Much Longer
I think the future of Substack is self-hosting. Or—more directly—I don’t think they have much of a future. I’m sure you’ve heard about their struggles—the…
Why We Built a Museum Instead of a Booth — API Security
Think you know what to expect from a conference booth? Think again. Forget the cliches: the swag destined for the back of your wardrobe, the…
Launching Daemon: My Personal API
Super hyped to be launching the first version of Daemon today! My daemon is my personal API that anyone—or any AI—can query to learn about…
Increased Worker Pressure from AI
My latest depressing thought about AI is that with all the pressure to adopt AI and replace employees with automation, the lived experience of many/most…
Solving the challenges of a bug bounty program manager (BBPM). Strategic execution for security leaders.
As more organizations lean on third-party platforms, cloud infrastructure, and remote development teams, the attack surface grows, often faster than internal security teams can manage.…
![[tl;dr sec] #290 - Securing MCP, AppSec Archetypes, CISO's Guide to Protecting Crown Jewels](https://image.cybernoz.com/wp-content/uploads/2025/07/tldr-sec-290-Securing-MCP-AppSec-Archetypes-CISOs-Guide.png)
[tl;dr sec] #290 – Securing MCP, AppSec Archetypes, CISO’s Guide to Protecting Crown Jewels
Tools to scan MCP servers and an MCP WAF, 4 AppSec archetypes, how to strategically protect your org with limited resources I hope you’ve been…
Debunking API Security Myths
I recently sat down with Tejpal Garwhal, Application Security and DevSecOps Leader, for a conversation debunking some of the most common API security myths. From…
How to identify the origin IP
Most of your targets often resort to using content delivery networks (CDNs) or other anti-DDoS reverse proxies to mask their origin IP, protecting the origin…
Getting a Shell on the LAU-G150-C Optical Network Terminal
Optical Network Terminals (ONTs) are devices that convert fiber optic signals to Ethernet signals that can be handled by typical routers. As the connection between…
Self-Contained TypeScript Programs Using Bun
Bun’s auto-install feature If you hate Python as much as me it’s probably because of dependencies. Roughly 23-319% of the time, when I run a…