Include Security
@IncludeSecurity
Simply stated: Give us any kind of app and we'll hack it better than the rest. Our clients include awesome tech companies in Silicon Valley, NYC, and beyond.
You might like
Do you use or exploit WebSockets? Check out our new blog post to see how modern browsers may (or may not) be protecting you from Cross-Site WebSocket Hijacking! blog.includesecurity.com/2025/04/cross-…
See you all at BSidesSF later this month! @IncludeSecurity will be there with a lot of our team!
Thank you to @IncludeSecurity for sponsoring the lanyards at BSidesSF 2025! bsidessf.org/sponsors #bsidessf #BSidesSF2025 #infosec
Today our team at IncludeSec is releasing a site to help with key collision concerns. We've known for a while that private keys should not be shared, use this site to ensure they are not! ismyprivatekeypublic.com
New research🤩 on old tech👴! Our team's latest blog post demonstrates many ways memory vulnerabilities can occur in your legacy Delphi code despite being described as a "memory safe" language by the NSA. blog.includesecurity.com/2025/03/memory…
blog.includesecurity.com
Memory Corruption in Delphi - Include Security Research Blog
In our team's latest blog post, we build a few examples that showcase ways in which memory corruption vulnerabilities could manifest in Delphi code despite being included in a list of "memory safe"...
It's winter, so hacking space heater IoT devices to completely control their firmware seems like the thing to do! In our latest blog post, you'll see some of the things we do for our IoT/HW clients!! blog.includesecurity.com/2025/02/replac…
Hey folks, for those who like the HTB community we've done a collab contribution of a challenge box (free, no subscription needed), give it a spin if you like to hack the hackers! 🪓 👩💻 hackthebox.com/machines/backf… Hint: It's a tough box, check our github and our blog for info.
We're happy to sponsor great learning resources like @OpenSecTraining, the world is awash with a lot of bad training/certs, here's some courses that are solid and open/free!😀
As the year comes to a close, we want to once again thank all of the individual and corporate donors who generously contributed to #OST2's nonprofit mission this year! You help ensure that OST2 will be around for years to come! ost2.fyi/Partnership.ht… Platinum Partners:…
New blog! Join us as we explore seemingly safe but deceptively tricky ground in Elixir, Python, and the Golang standard library. Well-documented behavior is not always what it appears! blog.includesecurity.com/2024/11/spelun…
Who hacks the hackers? We do! Our new research on vulns in multiple common C2 frameworks used by netpen and red teams. If you use any of these take a look and patch up. blog.includesecurity.com
blog.includesecurity.com
Include Security Research Blog
Team Research blog
It's always great to work on open source security, even better when it helps users who need secure and private access online!
.@OpenTechFund’s Security Lab partner @IncludeSecurity’s security audit of VPN Generator (software that lets anyone provide a VPN to a small group) revealed that the tool only had 4 “low-risk” issues, 3 of which have already been fixed. Learn more ow.ly/XPZI50S8P7S
Fresh blog post for ya; We introduce coverage-guided fuzzing as a concept to hunt down bugs faster via modification of the Fuzzilli fuzzer from Google Project Zero. blog.includesecurity.com/2024/04/covera…
blog.includesecurity.com
Coverage Guided Fuzzing - Extending Instrumentation to Hunt Down Bugs Faster! - Include Security...
In our latest blog post, we introduce coverage-guided fuzzing with a brief description of fundamentals and a demonstration of how modifying program instrumentation can be used to more easily track...
Check out this @BSidesNYC 0x03 interview by @cybersnacker with Erik Cabetas where he discusses how BSidesNYC is different from the other New York conferences, how he started @IncludeSecurity, and what it's like to consult for #hacker movies. youtube.com/watch?v=ktk8px…
youtube.com
YouTube
BSidesNYC 0x03 interview with Erik Cabetas
We're happy to support great open/free security training to get more folks into our industry. If you want to learn low-level RE/hacks/OS check out OST2! ost2.fyi/Home.html
Thanks to @IncludeSecurity for Sponsoring #OST2 at the Bronze🥉 level! More about them here: blog.includesecurity.com
blog.includesecurity.com
Include Security Research Blog
Team Research blog
We're still seeing a lot of Ruby code out there in the tech world. If we see it we hack it! Latest blog post on advanced Ruby deserialization gadget chains for exploitation of application is up blog.includesecurity.com/2024/03/discov…
This is why we're thinking through though AI/ML security problems for our clients and the public, thanks for the appreciation @ZanderMackie
I want to thank you for publishing this. Your blog helped me solidify my thinking that LLMs are like von nuemann computers. And prompt injection is like a stack smash. Your suggestions to keep instruction/data separate using the roles APIs is 😍
One of the better posts on prompt injection I’ve seen. And this is because it gives actionable advice to developers! Attack insights without defense is insufficient.
Hey folks, we've been seeing a lot of blogs/linkedin/medium articles covering LLM prompt injection from the angle of the providers, but not many helping the implementers like our clients. Here's our first in a blog series covering that for ML/AI Security. blog.includesecurity.com/2024/01/improv…
United States Trends
- 1. Grammy 406K posts
- 2. #FliffCashFriday 2,132 posts
- 3. Dizzy 10.7K posts
- 4. James Watson 9,230 posts
- 5. #NXXT 1,183 posts
- 6. Clipse 23.5K posts
- 7. Kendrick 66.5K posts
- 8. #GOPHealthCareShutdown 10.4K posts
- 9. Darryl Strawberry 1,430 posts
- 10. Chase 88.9K posts
- 11. Thune 79.8K posts
- 12. MANELYK EN COMPLICES 12.2K posts
- 13. Orban 51.5K posts
- 14. #FursuitFriday 12.6K posts
- 15. Klay 5,719 posts
- 16. Capitol Police 13.4K posts
- 17. Laporta 14.3K posts
- 18. Bijan 3,191 posts
- 19. Carmen 48K posts
- 20. Starkville N/A
You might like
-
Jonathan Salwan
@JonathanSalwan -
quarkslab
@quarkslab -
SummerCon
@SummerC0n -
Julien Vanegue
@jvanegue -
chrisrohlf
@chrisrohlf -
Trail of Bits
@trailofbits -
Felix Wilhelm
@_fel1x -
Jakub Żoczek
@zoczus -
Richard Johnson
@richinseattle -
Pau Oliva
@pof -
Chris Eng
@chriseng -
Brandon Edwards
@drraid -
Stephen A. Ridley
@s7ephen -
Pedram Amini
@pedramamini -
Roman Shafigullin
@shafigullin
Something went wrong.
Something went wrong.