Don't put your DVWA instance on the internet! www.darkreading.com/application-... I've done scans like this many times and it does worry me what is out there!

Can anyone recommend a tool that lists all the privileges a MySQL user has? I want to give it a user and full db access and get a list of what that user can do.

🔥 CVE-2026-23993: HarbourJwt JWT auth bypass via unknown alg. Not just alg=none: unsupported alg => empty signature, so forged token header.payload. passes. Write-up + fix: pentesterlab.com/blog/cve-202...

I've just created my first NPM package as as a cool way to bypass a CSP. I also found a second way using a GitHub proxy. github.com/digininja/cs... Both of these are now in the CSP Bypass section of DVWA.

Has anyone else noticed the knob drawn on the tennis court in Night Manager?

Just ticked over 2000km of running this year. It wasn't a goal at the start of the year but I noticed it was close last Sunday so decided to put the effort in and complete it.

Vodafone/Openreach network connectivity outage in my area. No broadband till engineer comes out on Monday. Great Christmas present! @vodafonegroup.bsky.social @vodafoneuk.bsky.social

Happy Christmas, happy holidays, happy anything. Have a great day everyone

Report submitted, invoice emailed, shutting the machine down and not planning to come back for two weeks. Have a good holiday everyone.

On an external test you find an abandoned web app that throws an error that includes its database connection string. The app is completely dead and only web ports are open on the box. Is this a high finding as there are leaked creds, or low because you found something but can't do anything with it?

I wanted to give a shoutout to the best events I attended in 2025 - and hopefully give you some ideas of what to look out for next year. @bsideslondon.bsky.social @bsidesbirmingham.bsky.social @steelcon.info #bheu2025 @csidesummit.bsky.social wp.me/p2Xih2-8F

Good luck to @bsideslondon.bsky.social , wish I could be there rather than ferrying kids around the country

Just found a new but annoying auto enabled Google maps feature on pixel 10. It's now always showing the map while navigating, even if the screen is locked and off, it's shown in black and white. Can be disabled in Settings > Navigation > Driving options > Power saving mode

@infosecbattlebots.bsky.social how big a fight cage can you build?

Delivery by robot coming to Sheffield. I really hope these are in place (and survive long enough) to be there next July. www.sheffieldforum.co.uk/topic/499843...

Garmin is down so bad that even their status page is down!

@jaysonstreet.bsky.social Happy Birthday mate. Hope you are doing well wherever you are in the world. Try to take it easy on yourself and make sure you get at least three treats in.

We'd like you to cancel your ticket to #BSidesLDN2025 Seriously, we do! But only if you can't come, someone else can actually use the ticket & it will not be wasted. Much effort goes into the event, and many opportunities created for all to benefit from, so don't be that person!

You can now scan for #react2shell in Burp Suite! To enable, install the Extensibility Helper bapp, go to the bambda tab and search for react2shell. Shout-out to Assetnote for sharing a quality detection technique!

It is interesting to see what you get at the lower price points. They obviously don't think much of testing Azure apps and forensic imaging. Sorry to whoever wrote those

This Humble Bundle has a lot of really good hacking books from No Starch Press, and it supports EFF! Get it!

Here's your constantly updated Black Friday deals list with some 150 sports tech deals, including a boatload of new ones today. Watches, bike tech, action cams, drones, and plenty more: www.dcrainmaker.com/deals

I know face blindness is a thing, but is icon blindness a thing as well? I can stare at a set of icons I use every day and any that are vaguely similar kinda merge. Chromium, Shutter, Signal are all round blue things and I have to really think to work out which is which.

is Obsidian still the recommended free note taking app? I'm finally going to remember to cancel Evernote before it renews again next month.

Does anyone else like minty biscuits? youtu.be/MDzVnkh_-EY?... @christruncer.bsky.social does this call make any sense to you?

So today is new series day on Story Time With Finux channel, and we're starting "The Evolution of Privacy". Part 1 Premiers at 18:00 CET today #HistoryOfPrivacy #SocialHistory #HenryVIII #ArchitectureHistory www.youtube.com/watch?v=WdFI...

As @patrick.risky.biz often says, it isn't dumb if it works. If all it takes by bypass secret detection tools is a bit of base64 then the fault is in the tool, not the thing doing the evasion.

A beautiful morning for a junior parkrun

I think I finally understand string interpolation in jq. Took me a long time to work it out, but it is actually quite simple now I understand it.

Just got a notification about a Pixel 10 security upgrade. This upgrade will give me the ability to customise it with a theme based on Wicked. I wonder if there is any evidence that a Wicked theme keeps the bad guys out. If so, I've got a new business idea! Even without proof, I still may do it!

I want to spend some time in the Troll timezone, both where it really is, and where it should be based on my imagination.

Have you ever wanted to sign up for a conference and turn up, just to go to a booth of a company who ignore customer service requests so you can take the request to an actual human who can't easily run away? ParentPay have abysmal customer service and I'd love to talk to an actual human about it.

I've just checked and with Jet2 I can take a bike box up to 32kg for £35 per flight or I can take a 22kg hold bag for £31.75 per flight. I'm going to ditch my suitcase and start flying everywhere with a bike box!

Bits of GitHub are down again. share.google/FsgmxEiCdmsl...

Time to drop a couple of hints for my @hackinghub.bsky.social challenge! 1️⃣ First flag is on the website (you need to find it before flag 3/4/5) 2️⃣ The chall is inspired by some cool research I read (go find it) Writeups will be published once we hit 10 solves ➡ app.hackinghub.io/hubs/mother-...

I've just read that the cycle to work scheme may be axed or limited to £1000 next week. If anyone is thinking of signing up for it, do it now, just in case.

I'm sorry coach, I know I wasn't supposed to be doing any full distance triathlons next year, but I was doing the hoovering and slipped and my finger accidentally landed on the enter key. It was an accident, honest!

Looking good a good tutorial on debugging with ghidra. I want to set breakpoints, change flow, and modify memory values. Is that possible?

I don't need heating in my office when I'm running Burp!

So, who's gonna blood my new @hackinghub.bsky.social challenge? 😼 Challenge 🔗 app.hackinghub.io/hubs/mother-... First 3 solves will earn the "Hacker Cat" role in my discord server ➡️ discord.cryptocat.me #ctf #capturetheflag #ethicalhacking #cybersecurity #infosec #offsec

Anyone else seeing SSH connection issues to GitHub?

A lot of people slate HMRC, but I messed up paying something and one of their call centre people just spent 15 minutes on a call helping sort it all out. All nice and easy, all fixed, really good support. Got to give credit where it is due.

A brilliant write up of the Gladinet Triofox vulnerability by @rapid7.com attackerkb.com/topics/5C4wR...?

Pippa's theatre group just won the Culture and Heritage award at the Sheffield Youth Awards for their play about George Stephenson and the start of the railways. Very proud.

And parade two complete. All went smoothly apart from Pippa not being able to see as she put her helmet on wrong.

First day of Rememberence Day parades done. Bigger one coming up tomorrow.

Spent the morning giving a talk about the cyber security industry to y13 students at a local college. Seemed to go down really well and looks like a few are now considering it as a career option which is good.

Happy birthday to Neil, one of our co-flounders and top bet welsher. May the hendos and dripping run free for you this weekend.

@doublepulsar.com Great CyberSlop article. Small typo towards the end: "I intent to use"