Daniel Cuthbert
@dcuthbert
Documentary photographer, old creaky hacker. Co-author of @OWASP ASVS standard. Blackhat/Brucon Review Board & Co_chair UK Gov Cyber Security Advisory Board
Much excite!!!
Today we're dropping a DEF CON teaser AND running a preorder sale for Designing Electronics That Work – the book that answers "which capacitor should I actually buy?" instead of explaining what a capacitor is for 50 pages. Use code PROTIPS for 30% off through 7/28, or stop by…
When you have 42 kids having a LAN party at your house, and you are told that if the Ping isn’t low, there will be problems. This is gonna push my networking skills to the extreme I feel.
Really, no REALLY, hope all these age/ID verification APIs and LLM model endpoints are thoroughly tested and maybe use the @OWASP_ASVS otherwise this is going to be ugly
It’s always “old” data. It’s always a “test” server. It’s always “not your bank card”. There’s “always” an excuse and until we finally have legislation that punishes those who make excuses, this will happen again and again and again
Tea App puts out a statement regarding the compromise. They assert it is mostly older data, but not too old but not too new (?). However, data dump nerds contend data is present in the dump from 2025 which conflicts with the statement from the developers.
Security be like…
3 months ago, building an app required: - 6 months of development - $300K budget - Team of 5 devs - Prayer that nothing breaks Yesterday, I created and deployed CoachFlow in 22 minutes. Workflow: ChatGPT - Lovable - Supabase - Cursor step-by-step how:
Nothing drives home how badly we are being ripped off in the UK than going to most EU shops and buying groceries.
Forget the 9 circles. Dante missed Stansted Airport at 5 AM. The true tenth level of hell.
Technology is at the centre of everything we do. That’s why we develop tech-for-good - to help us stay ahead of the criminals who ruthlessly abuse children and legitimate services online, and to give our expert human analysts a technological advantage. Learn more:…
NGL, using drones armed with heat cameras in order to find grow houses in order to rob them, wasn’t on my 2025 “oh shit really?”list Omar flying…. bbc.co.uk/news/articles/…
It's an open secret in the industry that the AI customer service tools with famous founders and hundreds of millions in funding are vaporware. Expect to see a bunch of companies announce they're using AI CS from actual startups over the next few weeks.
Greatest british rap song ever, and don't you dare @ me youtube.com/watch?v=jXR_C6… Roots Manuva for a knighthood
This is neat, using EntrySign to backport microcode patches to EOL systems without BIOS updates. github.com/divestedcg/rea…
Our research on open tunneling servers got nominated for the Most Innovative Research award :) The work will be presented by Angelos Beitis at Black Hat and also at USENIX Security Brief summary and code: github.com/vanhoefm/tunne… Paper: papers.mathyvanhoef.com/usenix2025-tun…
Modern obfuscation techniques - a great weekend read. Master's thesis (by Roman Oravec) investigates various common obfuscation techniques and freely available implementations, focusing on the LLVM Pass Framework's potential for program obfuscation. Additionally, several…
Utterly lovely bit of research this by @gnuler matiassoler.com/posts/approtec…
How to make $$$ from request smuggling Step 1) Pick the right target:
I don’t think my children appreciate the generational wealth that is being left for them
