SOOOOOON, going live with WomanInRed, come say hi!

https://www.twitch.tv/womaninredpresents

Full video on youtube: https://youtu.be/wnVpmSrhNRo
3/3

I cover some tips and tricks of trying out vibe coding, my vibe coded project for an upcoming video, a tutorial on how to use cursor and the best cursor rules and some of the security concerns of vibe coding (and how we're going to benefit from those security concerns lol)
2/3

Vibe coding is all AI Twitter is talking about, but what is it? If you've ever wondered how to let AI do the coding so you can focus on the vibes today's video is for you. Create the recon tools you've always dreamed of using even if your code isn't quite production ready
1/3

Pleased to announce I will be keynoting the first ever Hacking APIs Con at @apidays NYC! It's everything you wanted to know about hacking GraphQL (but didn't know how to Query)

Had a blast at the API security happy hour, and not just 'cause it was in a pub!🍻 Big thanks to all who shared how my content helped you - your stories mean the world to me!😊 #APIsecurity #RSAC2025

And I am on the floor at RSA! Want to pick up some InsiderPhD stickers or just come say hi 👋 I’ll be at the Traceable by Harness Booth 3202 (between the two halls by the escalators!)

Want to level up your API Hacking? I’m doing a Hands On API Hacking workshop tomorrow at 1pm at the Bug Bounty Village @bsidessf if you’re feeling stuck with API hacking this is the workshop for you

Hanging out at the Bug Bounty Village @bsidessf listening to @Jhaddix talk about how to approach hacking AI using real approaches from his pen tests ✍️✍️✍️

Has infosec had you feeling a bit off? A bit uncomfortable? Bit of a weird vibe? Why not relish those ominous feelings with some bad vibes of your own? Come say hi at @bsidessf and revel (or find a sticker on the outside tables)

Has infosec had you feeling a bit off? A bit uncomfortable? Bit of a weird vibe? Why not relish those ominous feelings with some bad vibes of your own? Come say hi at @bsidessf and revel (or find a sticker on the outside tables)

@insiderphd my guiding questions would be, what does the risk look like (anybody on the internet can control your device vs you need it physically in hand, worst case effects, etc) and how does the manufacturer respond (in the interest of the end user, in your view, or not)?

I'm strongly in support of laws that would prevent manufacturers from penalizing you from using your own device how you see fit, including jailbreaking, modifying, repairing, replacing parts, and using consumables from other manufacturers.

I do see a difference between kindle and insulin pump but I also note that kindles and the like can be pretty critical interfaces with the digital world, and shouldn't be considered something a manufacturer has the right to make unusable. If you can't complete a licensing exam over zoom because your otherwise capable device won't let you install it, for example, I consider that indefensible, and we can't anticipate all these scenarios -- we need to broaden our understanding of what unusable might mean. If a device needs to be jailbroken to run in dark mode to prevent migraines, or to remove ads for gambling or dieting from the device of someone battling gambling addiction or anorexia, the device as sold is unusable to that person. I would consider jailbreaking a consumer right actually. Everyone should be able to make their device work for them.

@insiderphd there are already lines between the Kindle and an insulin pump, but there are commonalities. In both cases, there are times where I think the device manufacturer or maintainer needs to fork over the key to let owners self-determine. For consumer devices, I’d like that to be immediately - I understand that here there be dragons for keeping the device secure, but those dragons have been around desktop computing forever, so… for medical devices, I’m even more convinced we need a set of laws that protect user/owners. Laws should specify, where possible, a minimum support window and at release process by which the code is put out into the public so that it can be kept going by whoever wants and can. Carve outs would probably need to be made for experimental technologies for there to be shorter lifetime windows for devices deemed to fail, but the code and support tech should still be open-sourced. I concede readily that this would still fail some of the people who’ve been left with end-of-support medical implants that they wanted to keep, but I’m perhaps not ambitious enough in my vision to see a world that doesn’t abandon some.

We'll tell all join us at this month's eyJ webinar. Link to join:
https://www.traceable.ai/resources/lp/webinar-aspen-eyj-ep2
2/2

In December Eaton set his sights on McDonald’s, and he cooked up an interesting menu of vulnerabilities, from essentially free food, to massive PII leaks. Curious how he did it? What to know how he pivoted once he got access? What about his API hacking toolkit?
1/2

So is it right to report a vulnerability that allows you to use your physical device without the interference of a manufacturer? Do we draw a line between kindle and insulin pump? Do we need laws to protect device owners from manufacturers? Would love to hear your thoughts

On the other hand it is YOUR device and hardware vendors have made it clear that they will take away features, ban your account, and lock down your device without your knowledge or consent. They have shown they cannot be trusted to let you do what you like with your device

One of the most difficult things for me ethically in hacking is jailbreaking physical hardware you own. One the one hand they are security vulnerabilities, and pretty serious RCEs at that and therefore you need to report them to the vendor because they can be abused by attackers

‪Once again all completely 100% free, check it out below!‬

‪🔗 : https://www.justhacking.com/uc/uc-websockets/‬

Just dropped another completely free API security lesson on JustHacking, this time we’re looking at WebSocket APIs. In this 30min lesson you’ll learn what a WebSocket is and the types of apps that use them, how to communicate to WebSockets and some of the security issues in them!