Include Security

Today our team at IncludeSec is releasing a site to help with key collision concerns. We've known for a while that private keys should not be shared, use this site to ensure they are not! https://t.co/FGQESjIbOR

New research🤩 on old tech👴! Our team's latest blog post demonstrates many ways memory vulnerabilities can occur in your legacy Delphi code despite being described as a "memory safe" language by the NSA. https://t.co/NV53JVotPQ

It's winter, so hacking space heater IoT devices to completely control their firmware seems like the thing to do! In our latest blog post, you'll see some of the things we do for our IoT/HW clients!! https://t.co/gul5NuUE9L

Hey folks, for those who like the HTB community we've done a collab contribution of a challenge box (free, no subscription needed), give it a spin if you like to hack the hackers! 🪓 👩‍💻 https://t.co/2ivQEybp5F Hint: It's a tough box, check our github and our blog for info.

New blog! Join us as we explore seemingly safe but deceptively tricky ground in Elixir, Python, and the Golang standard library. Well-documented behavior is not always what it appears! https://t.co/CZ41M6SfWy

Who hacks the hackers? We do! Our new research on vulns in multiple common C2 frameworks used by netpen and red teams. If you use any of these take a look and patch up. https://t.co/5lpJS6Mlbx

It's always great to work on open source security, even better when it helps users who need secure and private access online!

Fresh blog post for ya; We introduce coverage-guided fuzzing as a concept to hunt down bugs faster via modification of the Fuzzilli fuzzer from Google Project Zero. https://t.co/u8Rzpvgkn8

We're glad everybody enjoyed our April fool's joke for 2024. See you can be serious about security but also have fun!

We released our new semgrep rules today. Given the recent news about executive orders from the Whitehouse, we thought it would be important to flag all of the code that doesn't meet federal standards. Memory Safety is serious stuff today: https://t.co/STqHYBDk4h

We're happy to support great open/free security training to get more folks into our industry. If you want to learn low-level RE/hacks/OS check out OST2! https://t.co/wRzpwapA3w

We're still seeing a lot of Ruby code out there in the tech world. If we see it we hack it! Latest blog post on advanced Ruby deserialization gadget chains for exploitation of application is up https://t.co/aZazzSVm7i

It’s here folks, here’s an actually deeper dive into the topic of LLM prompt injection; Much more complete than all the fluff you see out there on the topic today. If you like under-the-hood AI context, this one is for you. https://t.co/Z5zB6SF6MU