🚨 BLACK FRIDAY MEGA SALE 🚨 All Cyfinoid security tools are 100% OFF! Get our security tools for the low price of $0.00! SBOM analyzer? FREE 3PTracer? FREE Act fast! This deal expires in... *checks notes* ...never. Because they've always been free cyfinoid.github.io

With cloudflare being down, and as a result, most things I use being down, I came here to say hi 🤭 I guess I will use other AIs than chatgpt today!

New version of #SBoMPlay is available cyfinoid.github.io/sbomplay/ Source code : github.com/cyfinoid/sbo... Bunch of New Features in experimental mode - Aggregate List of authors - Identify version sprawl amongst projects - common dependencies across projects - License changes in package versions

#DEFCON34 Call for #CTF Organizers is OPEN! After four excellent years, Nautilus Institute is retiring from running the official #DEFCON CTF. The search is on for the next team. Is it your turn? Is your crew the future of live hacking competitions? defcon.org/html/links/d...

Final hours for Black Hat EU Early Bird! 🚨 Save £300 today and join my 0wning the Cloud training this December in London. We’ll cover AWS, Azure, GCP, DigitalOcean & Aliyun with hands-on attack + defense labs. 🔗 Register before midnight: www.blackhat.com/eu-25/traini...

We just dropped GH Navigator 🎉 Paired with KeyChecker, it gives full GitHub coverage: Data plane: what can be read Control plane: what can be changed Check out the release post 👉 cyfinoid.com/gh-navigator...

“OpenAI admits AI hallucinations are mathematically inevitable, not just engineering flaws” https://www.computerworld.com/article/4059383/openai-admits-ai-hallucinations-are-mathematically-inevitable-not-just-engineering-flaws.html

Everyone talking about npm hacks. But is it really more attacks or just more visibility? Maybe attackers are piling on npm Maybe the ecosystem is just easier to monitor Maybe sloppy practices make it an easy catch What nags me more: silence in PyPI, RubyGems, Maven. No attacks, or no one looking?

#BSidesLDN205 Call for Workshops is still open! Want to pass on the knowledge you have? Here's your chance: cfp.bsides.london/bsides-londo... Any topic. 2-4hrs long Not a commercial presentation 30 people minimum audience (mixed experienced levels) #Security #BSIdes #London

To all of the people pushing hard to coin the term “vibe security,” the joke is on you. Security has always been about vibes. 😆

Determinism builds trust, non-determinism builds discovery. The art lies in knowing when the world needs certainty - and when it needs the unexpected gift of surprise.

Most say ‘think like a hacker,’ but infosec fights adversaries with goals, not curiosity. Real defense means blending hacker creativity with adversary realism.

My thoughts on how LLM behaviour makes me rethink my own brain’s inner workings. A prediction engine as a mirror for a mind.

🔑 Introducing KeyChecker – a CLI to fingerprint SSH private keys & map them to Git hosting accounts. 📖 Blog: cyfinoid.com/automating-a... 🐍 PyPI: pypi.org/project/keyc... #bugbountytips #ssh #git #github #infosec

Its funny how current ai tooling plays out and a few years ago self help courses use to use this same tactic. We are giving you tool if you dont use it properly it will not give you result. So user pays you for stuff and if it doesnt work its their problem not yours.

Making Security Tools Accessible: Why I Chose the Browser Tired of tools that need Docker to read a JSON file? I built browser-native, client-side tools like SBOMPlay and 3ptracer to prove you don’t need servers, tracking, or setup. Just open index.html and go. Minimalist, secure, and surprisingly…

Updates and plan for HackerSummerCamp USA 2025

Vibe coding with AI feels magical until your project spirals into chaos. This guide explores how to stay grounded while building with AI tools; covering minimalism, context limits, testing, & code hygiene. A practical read for developers navigating the fine line between productivity & hallucination.

If anyone here is already on @peerlist.bsky.social connect with me and if you are not signup here peerlist.io/anantshri/si... seems like a fun place especially if you want to be connected to builders.

Introducing SBOM Play: A Privacy-First SBOM Explorer with Vulnerability & License Insights cyfinoid.com/introducing-... A fully client side browser based SBoM Explorer. more details on the link. #SBoM

As i finalize my "Attack and Defend Software Supply Chain" Training. I am sprinkling newer content and one of the thing would be AI supply chain attacks. Join me @ Defcon 2025 : training.defcon.org/collections/... for a deep dive into the amazing world of software supply chain security.

The Contribute page is now live at hackingarchivesofindia.com/contribute/ 🚨 Submit your talks, tools, or fix missing data. This archive is built by the Indian hacker community : now it can grow with it. And yeah, you can now ☕ or 💖 support it too. #infosec #india #hackingarchives #cybersecurity

Why i love chiptunes. Short story My first computer had lots of limitations like mp3 files could be played but limited ram and buffer meant it will stop after few seconds for buffering. Wav was too big file size to store on tiny disks Speakers were not great; Midi came as life saver & left a mark

It has happened multiple times now. Every single time i use ai based coding assistents i am reminded that they are lowest cost typing assistents thst are coding lingo aware which means most proper logics are to be defined by me and left alone their own coding has very convaluted logic

Teammate Leonid discovered a leaked credential that allowed anyone unauthorized access to all Microsoft tenants of orgs that use Synology's "Active Backup for Microsoft 365" (ABM), including sensitive data like Teams channel messages. 🤓 #synology #disclosure #modzero modzero.com/en/blog/when...

I tell people to build their website and put it on a domain. I think i need to add another line. Buy a domain that you can safely renew top tlds com/net/org/info rule here and remember to bloody damn renew it yearly.

Many thanks to @anantshri.info for presenting his talk:"You Secured Your Code Dependencies, Is That Enough?" at the #OWASPLondon Chapter meetup last week. The video recording of the talk is now available to watch 📺 on our YouTube channel (please subscribe!): 👇 youtu.be/b4hghhSYqqM?...

Presented at @owasplondon.bsky.social Chapter "You secured your code dependencies, is that enough?" Focus is on things other then SBOM / code imports that will and have in past result in compromises and you should have awareness about. slides.anantshri.info/dzKZn9/you-s...

🤖 Council of Bots – Get feedback on your ideas from multiple AI personas. Boardrooms. Hackers. Friends. Or build your own mix. 👉 aibotcouncil.anantshri.info Playing around with LLM Models, Do give your feedback if you like the idea.

The next OWASP London Chapter in-person Meetup will take place on Thursday 26th June 2025 kindly hosted by ThoughtMachine and kindly sponsored by Phoenix Security. Talks from @anantshri.info and Francesco Cipollone - Register to attend here: 👇 www.meetup.com/owasp-london...

My short impulse presentation from Cycon is online: youtu.be/qllU_B_Rmis?...

A strange usage of this new ai llm world. I as an individual can dabble quickly into a new domain and am suddenly faced with issues that people face deep in domain as basic grunt work is automated and i can then make a judgement call if i want to keep exploring this domain or not. #failfast

enuf said #promptengineering P.S. Image made by chatgpt

Dev? CI/CD? Cloud? Everything’s fine… Until that one tiny dependency takes it all down. 🔥 Learn to attack & defend your software supply chain. 📍 @defcon.bsky.social Trainings, Vegas 📅 Aug 11–12 💸 Early bird ($1600) ends May 30! 🔗 training.defcon.org/collections/... #DEFCON #SupplyChainSecurity

This is interesting. I can see how a lot of actions of infosec communities can be deemed immoral. It would also be funny if a apt group is vibe coding and authorities of that country get a message with clear ip and other details of possible future activities (minority report future prediction).

I think we are very near a scenario where we would prefer running these agentic systems inside vms as there is a value in exposing them to whole system but not enough that i would want them to steal my stuff or do stuff that i dont explicitly allow

Had a great discussion with a friend about AI/LLMs yesterday. I think AI will be to mental fitness as sugar has been to physical. We evolved in an environment in which sugar is much more rare. When it was suddenly easily available we had to exercise discipline to not gorge ourselves.

Back @blackhatofficial.bsky.social with my flagship #cloud security class: 0wning the Cloud - AWS, Azure, GCP, DigitalOcean, Aliyun 🗓 2-3 Aug: www.blackhat.com/us-25/traini... 🗓 4-5 Aug: www.blackhat.com/us-25/traini... 🎯 80% hands-on 🎯 Real-world API & IAM attacks 🔥 Early bird closes May 23!

After months immersed in organising @blackhatevents.bsky.social and a clutch of other conferences, one conclusion is stark: many talks would serve us better as properly argued articles. Conference fatigue is eroding the craft of the blog post and the long-form paper. A good blog post is useful

Google unveils Gemini in Chrome, which initially works across just two tabs but will eventually support many and be agentic, for Google AI Pro and Ultra users (Jay Peters/The Verge) Main Link | Techmeme Permalink

I use to be ashamed or not happy about my spelling mistakes and habit of not being able to write proper spellings, but now I feel like this might be what I need to keep having. This gives my messages a uniqueness that they are not perfect, they are not accurate, they are not just ai generated Cont.

Out of chaos, sometimes order emerges. I’ve collected my scattered thoughts on careers, leadership, growth & founder's life: blog.anantshri.info/career-notes... Not advice. Not a blueprint. Just raw, evolving notes for anyone figuring out their path. #Careers #Leadership #Growth #FounderLife

When I talk to the young generation nowadays, there is a slight delay in response most of the time. After prodding someone who trusts me a bit, they confirmed my suspicion: every single sentence by most in the young generation is being vetted and mostly written by ChatGPT-esque systems. 1/n

We sense a disturbance in the force…reg is open for #DEFCONTraining Las Vegas 2025! Rebel Red Teamer or True Blue Defender, there is training for all. Register today and take advantage of this opportunity to train with our Jedi Instructors. training.defcon.org/lasvegas2025 #defcon #maythe4th

People think of computer security as either this thing of installing antivirus, and being the NSA. There is this entire gap between it. It takes people who care, people who are human – because the threats are against companies who don't have people. People who are empowered. People with the tools.

Something that is not evident is the incredible bias for money that computer security favors. All these people all these experts that you hear from – they largely work for the same like couple hundred firms. This is something graduates don't understand. Computer Security is privilege manifest.

Troubleshooting isn’t just a technical skill : it’s survival. In a world of abstractions and automation, the ability to calmly dig into problems remains one of the most critical (and forgotten) foundations of success.

As an #infosec professional it is in my best interest that more people use low code no code ai based software to create more softwares. More stuff created without background will help pverall growth of this industry. #appsec #ai

It is the reason I spent so much of my teenage years on Wikipedia – as a contributor and maintainer. We were going to save humanity. We were going to make information free. And it would fix everything about us as a species. But it didn't. And that is the most crushing thing to live through.

If there's one thing I've learned about covering cybersecurity over the past decade or so, is that the cybersecurity community (the fixers and breakers) and the cybersecurity industry (profits above all else) are two very, very different things.