Bill Sempf
Using Machine Learning to perfect SQL Injection
https://portswigger.net/daily-swig/machine-learning-offers-fresh-approach-to-tackling-sql-injection-vulnerabilities
And some practical application of that idea
https://research.nccgroup.com/2019/06/05/project-ava-on-the-matter-of-using-machine-learning-for-web-application-security-testing-part-1-understanding-the-basics-and-what-platforms-and-frameworks-are-available/
Didier has a new PDF tool out. I haven't used it yet but I am certain it is awesome.
https://blog.didierstevens.com/2021/01/31/new-tool-pdftool-py/
OK, this is a weird one. It appears that threat actors are using project files with built-in vulnerabilities to target the vulnerability researchers themselves, apparently to steal their research. That's some next level stuff.
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/amp/
Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.
Tweets by @sempf