Louis Nyffenegger
@snyff
Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...
Do you want to get into code review or improve your code review skills? Make sure you check out my upcoming live trainings: "Web Security Code Review Training"! pentesterlab.gumroad.com/l/securitycode…
"The training left me feeling in need of doing my own security research..." Great! :)
Here is a really cool blog post by wasamasa whos is a past student of our FSWA class: emacsninja.com/posts/cve-2025…. You can find them on Mastodon: lonely.town/@wasamasa/
We're excited to welcome @Pentesterlab as an In-Kind Sponsor of the Bug Bounty Village at DEF CON 33. Their support helps us create a space for hackers to connect, learn, and push boundaries. #BugBounty #DEFCON #BBV #BugBountyVillage
The biggest shift in AppSec with AI? Dev work looks more like code review. They’re reviewing AI output, not writing every line. Old “write secure code” training isn’t enough. You need to teach them to spot bugs like a reviewer. 👉 pentesterlab.com/live-training/
Another CVE we came across this week as part of our CVE-analysis routine. The impact is probably limited, but the vulnerability is a classic example of parser differential. To give you a bit of background, the file .netrc is used to store credentials. It's mostly used by FTP…
If you’re on twitch you can now follow me there, username is nastystereo The channel will be focused on hacking, link in the next tweet
Another incomplete fix: github.com/MobSF/Mobile-S… But the developers (and CodeQL) found it before me. if not purl.netloc.endswith('firebaseio.com'): instead of: if not purl.netloc.endswith('.firebaseio.com'):
💥🐹 4 new Go Code Review Labs just dropped! 🐹💥 Read the code, peek at the diff, find the bug. Sharpen your skills: pentesterlab.com/badges/golang-…
You can be sure I'll never hype something I don't actually use! My integrity can't be compromised like <INSERT VPN BRAND>'s security. Unrelated: you can get 20% off their UNHACKABLE plan using the promo code HACKTHEPLANET.
Yup, even midsize accounts like mine regularly get offered $ or products in exchange for posting nice things about some company/product. IMO you should be very suspicious whenever someone endorses something out of the blue on this website.
Let's create a certification... The exam: you find (and fix or get fixed) 12 issues in different open source projects with more than 10k stars on GitHub.
Worth reading just for the sentence: "This is written in Python and released under the viral-but-in-the-itchy-pants-way GPL v3 license"
I'm excited to announce our "Out-of-Band" series; focused on the security risks of management devices like BMCs, serial servers, and KVMs. "Out-of-Band, Part 1: The new generation of IP KVMs and how to find them" is now live at: runzero.com/blog/oob-p1-ip…