Bypassing airport security via SQL injection. This research focuses on the Known Crewmember (KCM), a TSA program, and the Cockpit Access Security System (CASS). MORE

Founder Mode. Brian Chesky's talk at a recent YC event left a lasting impression on the founders present, including Ron Conway, known for his meticulous note-taking, surprisingly forgetting to do so this time. MORE

The shared knowledge, values, and culture of the powerful people of Silicon Valley and the American Tech Elite. MORE

A roundup of every AI Talk from BSidesLV, Black Hat, and DEF CON 2024. MORE

The X-Correlation between Frans & RCE - Research Drop. In this episode of the Critical Thinking - Bug Bounty Podcast, Frans shares a sneak peek of his new presentation, leaving everyone, including Justin mindblown. MORE

Google has updated its Chrome VRP to incentivize deeper research, offering higher rewards for more impactful bug discoveries. MORE

Google released three new Gemini models today: improved versions of Gemini Pro and Gemini Flash plus a new model, Gemini Flash-B, which is significantly faster (and will presumably be cheaper) than the regular Flash model. MORE

Nullenc0de updates gofuzz, now featuring Nuclei integration for enhanced credential exposure detection. Find more secrets, faster. MORE

Daniel argues that the current disruption in the job market is due to a widespread misconception about the nature of work. MORE

The 3-step plan to figure out what you want to do in life. MORE

This interview with Andy Swift, a former pentester and current technical director of offensive security, delves into his experiences breaking into the cybersecurity industry. MORE

In this talk at Laracon US, Aaron Francis explores the transformative power of publishing one's work, sharing insights from his own experience as a developer and entrepreneur. MORE

Steph Smith, a creator behind projects like The Hustle's Trends newsletter, shares insights on carving one's own path in life. MORE

YTLitePlus is a tweak that improves the YouTube experience on iOS by removing ads, enabling background playback, and offering a wealth of customization options. YTUHD is a tweak that unlocks higher video resolutions in the YouTube app. MORE

Stupid but useful AI tricks: Creating calendar entries from an image using Anthropic Claude 3.5. MORE

The natural tendency is to dismiss one's desires, but obsession, the powerful drive to accomplish something, should be embraced as a source of motivation. MORE

Stephen Wolfram on Five Most Productive Years: What Happened and What’s Next. MORE

Greg maintains a diverse set of notes in their iOS device, covering startup ideas, potential acquisitions, prospective company names, interesting phrases, content ideas, weekly goals, unpopular opinions, epiphanies, unanswered questions, life hacks, and personal stories. MORE

Two and a half years ago, Roll4Combat was lost, but today they break things for a living. Thanking the amazing bug bounty community and the help of several notable figures. LFG! MORE

Joaxcar reached the number one spot on GitLab's bug bounty program. Woot! MORE

Help Joey Belans: Facing Cancer After Layoff. He is renowned for his strength, wisdom, and exemplary role as a husband, father, friend, mentor, and coworker. (He’s since been rehired due to community uproar). MORE

Justin advises that when auditing code, it is best to set up the target codebase properly in an IDE, as this will allow for quicker navigation and understanding, rather than relying solely on tools like vim and grep. MORE

Frans Rosen shares the solution to last week's XSS challenge, detailing a red herring and the expected solution. MORE

Shayan argues that the lack of built-in authentication solutions in modern web frameworks is a significant issue, leading to a focus on the wrong areas of developer experience. MORE

@Gabrielle_BGB | Gabrielle | Ethical Hacker | Top IFSEC Global 2022 | Woman Hacker 2022 | Board Member | Artemis SRT (Synack)| Speaker | Mentor.

@nytr0gen_ | nytr0gen | Bug Bounty HackerOne | CTF Player WreckTheLine

@NOBBD | Denis Werner | Interested in IT security, CTFs, penetration testing, adversarial simulation and digital forensics.

@EliFitch | phelidelifeli | Beautiful squishboy. EM at Figma, making FigJam as weird and fun as possible. Games & car writing sometimes. Black Lives Matter.

Exploiting a Remote Code Execution Vulnerability in Moodle. Developers often unwisely pass user input to dangerous functions like PHP's eval(), despite warnings, and their attempts to sanitize the input are usually not as robust as they assume. MORE

Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information, combining attack techniques such as prompt injection and ASCII smuggling. MORE

This piece explores how Anthropic, an AI research company, built its flagship product Artifacts - a language model capable of a wide range of tasks. MORE

An introduction to GitHub Actions exploitation. Explore the mechanics of GitHub Actions, and the different elements that are present in a GitHub workflow. MORE

SonarSource's vulnerability research team recently discovered a critical Cross-Site Scripting (XSS) vulnerability in the popular open-source webmail software Roundcube, putting government emails at risk. MORE

Global Grey offers a library of high-quality, public domain ebooks in PDF, epub, and Kindle formats, with no registration or sign-ups required. Simply browse the collection and click to download the book of your choice. MORE

TIL that the like button on YouTube actually glows when one says "smash that like button." MORE

Secure coding training and security code review training are two distinct approaches in application security, each focusing on different aspects of the development process and intended for different audiences. MORE

Apparently ASU offers a student discount for just $20, allowing access to discounts across America, including a $1200 Samsung fridge. MORE

Use the "save all" feature in the Cursor's composer to write to a file and easily test ideas, while still having the option to reject the changes. MORE

How to say Hello. Sounds simple, but so important. It is hard to warm up to someone if their first impression was poor. MORE

Lelouch on believing they were "too dumb" to understand math, but this belief was unfounded - the difficulty stemmed from a lack of prerequisites. MORE

Luke on jumping into what's next and keep on chasing your hero. Inspired by Matthew McConaughey's acceptance speec when he won the Academy Award for Best Actor. MORE

Join Sahil as he coaches a 27-year-old for 5.5 hours. Sahil is an entrepreneur and investor, has faced numerous failures over the past 10 years, but now runs a eight-figure holding company, manages a $10 million venture capital fund, and creates content that reaches millions weekly. MORE

How to live a good life according to Aristotle, happiness is achieved through a lifetime of virtuous activity of the soul, involving both intellect and character. MORE

A comprehensive set of reverse engineering tutorials covers x86, x64 as well as 32-bit ARM and 64-bit architectures. MORE

Your guide to tokens: How to design, launch, structure rights, and more. Tokens are a new technology defining the web, but best practices are rapidly evolving, so approach them with caution and care. MORE

Practical tips for crafting a compelling CFP, emphasizing the importance of a clear and concise proposal that showcases one's expertise and the value of their talk. MORE

Syncing a Mac laptop and a Linux/BSD desktop can be a challenge due to differences in the file systems. Sivers outlines methods for keeping the /home directory synchronized between the two machines. MORE

This curated list of resources covers software, hardware, books, and research on embedded and IoT security, a growing need due to botnets like Mirai. MORE

Bitcrook is an open-source intelligence tool that aims to centralize the necessary tools for carrying out investigations. MORE

xxh brings your favorite shell wherever you go through ssh without root access or system installations, allowing you to use Xonsh, Fish, Zsh, Osquery, and more. MORE

sol is a tool that helps inspect and understand chained shell commands before sharing or receiving one-liners. It acts as a de-minifier, formatter, exploder, and beautifier for these compact command lines, making their purpose more transparent. MORE

Mullvad VPN, a privacy-focused company, avoids storing any user data, including IP addresses and logs, even opting out of recurring subscriptions to prevent data retention. MORE

The Browser Company is building a powerful brand that drives viral growth, leveraging AI to craft stories that capture the cultural zeitgeist and connect with audiences. MORE

Four web developers raced against the clock to create an app that could help with a monster invasion. The challenge required careful planning and efficient execution within a tight timeframe. MORE

An adventure to explore the giants of Georgia: Svaneti Bell, a cultural icon in Georgia, with the assistance of Georgian Bull. MORE

SQL Injection explained by Ben and Adam, including free labs for learning. MORE

Another episode in this AI series on Coding with Cursor. This time Sahil is joined by Shaoru, a developer at Cursor. MORE

Peter Attia, a medical surgeon, Stanford graduate, and longevity expert, shares how to turn your knowledge into a bestseller. MORE

Why you should write your own LLM benchmarks — with Nicholas Carlini, Google DeepMind. Stealing OpenAI models, why LLM benchmarks are useless for you, how to find value in using AI, and how they poisoned LAION with expired domains. MORE

Jack Smith On Biohacking, 2 Easy Business Ideas, PLUS Why Procrastination Is Good. MORE

Dive into the remarkable engineering behind the Game Boy. Learn how its designers achieved remarkable performance and functionality within severe hardware constraints. MORE

Building LLMs from the Ground Up: A 3-hour Coding Workshop. This tutorial is aimed at coders interested in understanding the building blocks of large language models (LLMs), how LLMs work, and how to code them from the ground up in PyTorch. MORE

Anthropic offers an interactive tutorial on prompt engineering, teaching techniques for crafting effective prompts for AI language models. MORE

What books to read if you want to improve as a software engineer? The number one result is "A Philosophy of Software Design" by Stanford's John Ousterhout. MORE

To bypass the "serverless tax" and gain full control over a server, one can set up a virtual machine on Hetzner for just $4 per month. MORE

How Costco Hacked the American Shopping Psyche. More than 100 million people visit the retailer for their groceries — and gas and TVs and gold bars and pet coffins — but saving money may not be the only motive MORE

Fatih, SWE at Planetscale, spent several weeks in Munich, taking hundreds of photos with their family. MORE

Emoji.gg is a platform that makes it easy to discover and download custom emojis for Discord, Slack, and more, with categories like Pepe, Anime, Meme, and Animated. MORE

The Things Organized Neatly Tumblr, created by Austin Radcliffe, showcases as the title describes, things organized neatly. MORE