In early 2023 we (TheZero - @[email protected] & smaury) collaborated with SecureDrop to start designing and prototyping the #E2EE messaging protocol for a future version of SecureDrop.

📄 blog post: securedrop.org/news/introduci…
💻 poc code: github.com/freedomofpress…

A couple of weeks ago I was in Paris sponsored by YesWeHack ⠵ to hack Louis Vuitton - it has been GREAT!
I scored the 5th place, even though some stuff might still change 👀
Leaderboard: event.yeswehack.com/events/hack-me… #LHE #BugBounty

📰 Featuring articles by Malcolm Stagg, Microsoft, Ozgur Alp, Shielder, Synacktiv

🧵 Trending threads by Justin Gardner, Critical Thinking - Bug Bounty Podcast, Intigriti, YesWeHack ⠵

📽️ Videos by @0xlupin, @JohnHammond, Bug Bounty Reports Explained

Our audit with Shielder, Bref, was published today! Thanks to Amazon Web Services for their sponsorship of this work, and Matthieu Napoli for his contributions to bref and this audit. Read more at ostif.org/bref-audit-com…

A huge thanks to Shielder for doing a security audit of Bref!
And thanks Amazon Web Services for sponsoring it!

We recently partnered with OSTIF Official to perform a security audit sponsored by Amazon Web Services on Bref. The audit resulted in 5 findings promptly addresses by Matthieu Napoli.
The report is now public, check the details here: shielder.com/blog/2024/03/b…

Excellent writeup showing how to track down vulnerabilities in firmwares starting from CVEs through patch diffing
Credits Pit and TheZero - @[email protected]

shielder.com/blog/2024/01/h…

#embedded #infosec #asus

This year NULLCON was a blast full of great talks!
Our team had much fun and even managed to score the 🥇 (@smaury92) and 🥈 (@suidpit) place in the Intigriti Live Hacking Event.
Thanks Antriksh (Yoda) #Nullcon Berlin, Inti De Ceukelaire, r0adrunn3r, et al!

Hey hackers - attending NULLCON? Pop to say hi and talk about AppSec and VR!
You can find smaury TheZero - @[email protected] Pit Francesco Enrietti around 🖖🏿

During a recent Red Team Assessment TheZero - @[email protected] and smaury discovered a vulnerability in PostgreSQL's #PgAdmin which in the worst case allows unauthenticated attackers to run arbitrary server-side code.

Check out the #RCE advisory and patch now!
shielder.com/advisories/pga…

Shielder Chitra A Aleandro It took some time, but here they are! Thank you :)

Hey hackers! Are you attending FOSDEM @[email protected]?
If you want to talk about open-source software and hardware security make sure to hit up smaury and TheZero - @[email protected]!