evilpacket.net - Profile | ThreadSky | a Reddit-style client for Bluesky

evilpacket.net

Hacker / Farmer. Not a cog of the machine. I have a history of building & breaking things. Prev: Code4rena, Okta, Auth0, GitHub, npm, ^lift, &yet, Symantec. Pioneered BlindXSS & DVCS Pillaging npm audit is my fault. More info: https://evilpacket.net

340 posts 858 followers 575 following

Posts 38 Comments 12

Defcon cfp rejection email received. I knew it was a long shot but I submitted anyway. It was a basic topic and I enjoyed the research.

submitted 2 days ago • 0 comments

Woke up to a 2k bounty from Postman. 🤘🏻

submitted 2 days ago • 1 comment

Announcing my new threat modeling experience. You come visit me on the farm, we hang out by the fire and talk about threat modeling and build a pen for the goats.

submitted 3 days ago • 1 comment

Came up during conversation on what to make for dinner. Prompt: snoop dumplings, pho shizzle

submitted 4 days ago • 0 comments

these hacker trading cards were so much fun at defcon last year. help bring them back! www.indiegogo.com/projects/bla...

submitted 4 days ago • 0 comments

No badge, no face; no authority.

submitted 4 days ago • 0 comments

Makes me happy to see public commits fixing a couple high severity bugs I've submitted to programs in the last couple weeks /jig

submitted 4 days ago • 0 comments

The goats have been named. Meet Pebble and Puddle.

submitted 4 days ago • 0 comments

No dairy except local product at my local IGA because of the UNFI hack. Denial of Cheese.

submitted 4 days ago • 0 comments

Always a nice day when triage confirms your bug and adjusts the severity to high from /shrug

submitted 6 days ago • 0 comments

Hack the planet!

submitted 6 days ago • 0 comments

Red team has arrived on-site and is doing preliminary recon.

submitted 8 days ago • 2 comments

The neighborhood is getting ready for tomorrow

submitted 9 days ago • 100 comments

A couple of goats arrive on the farm tomorrow. I’m not ready for this modification to my threat model. 😅

submitted 9 days ago • 1 comment

We've updated and republished our guide to surveillance-resistant protest, first published in the summer of 2020. Paywall is down for this. www.wired.com/story/how-to...

submitted 10 days ago • 2 comments

r e m i n d e r

submitted 12 days ago • 10 comments

lol at 4o lying and telling me it’s made kale chips before. Ok computer.

submitted 11 days ago • 0 comments

Hank says good morning.

submitted 12 days ago • 1 comment

The No Kings protest map will help you find a place to exercise your First Amendment rights this weekend. (It's also a pretty good argument against the Electoral College.) www.nokings.org

submitted 13 days ago • 204 comments

It's rarely a mistake to look at things from different angles.

submitted 15 days ago • 1 comment

I think I'm somehow required to promote this paper (note: I haven't read it) "EPF: Evil Packet Filter" cs.brown.edu/~vpk/papers/...

submitted 17 days ago • 0 comments

I don’t know why some targets grab my attention and won’t let it go. Worthless bugs on targets that don’t matter most of the time.

submitted 23 days ago • 0 comments

oh hello honeypot; I do not have time for you today.

submitted 24 days ago • 0 comments

Interesting read on adapting developer workflows with (functional) AI Code Reviews: refactoring.fm/p/ai-code-re...

submitted 24 days ago • 0 comments

I don't think vibe coding is an issue. It's just more untrusted input. Developers should be enabled to splash around recklessly with prototype code in development environments. The problem is that most devs have over provisioned access and vibe code enters production with minor scrutiny.

submitted 25 days ago • 0 comments

It’s possible to air fry a book of matches for 8 minutes at 350 and nothing bad will happen 😅

submitted 26 days ago • 0 comments

This year’s contest was an rp2350 based “crypto wallet” with secure boot, encrypted flash, protected OTP, disabled debugging, and the glitch detectors turned up. The design is meant to be a target to easily replicate Aeden’s attack against the chip with no desoldering

submitted 27 days ago • 1 comment

We won the LayerOneCTF again this year. I believe that continues a streak started in 2019

submitted 28 days ago • 0 comments

We won the LayerOne CTF. Once again the team that runs the contest knocked it out of the park. We were happy to see some good competition this year. It was very close. infosec.exchange/@LayerOneCTF...

submitted 28 days ago • 0 comments

Once again, if your LLM system combines access to private data, exposure to malicious instructions and the ability to exfiltrate information (through tool use or through rendering links and images) you have a nasty security hole This time, GitLab: simonwillison.net/2025/May/23/...

submitted 30 days ago • 4 comments

I love that my computer is just randomly spouting off "Pwned by EvilPacket" because of the payload I worked on yesterday. Guess that persists...

submitted 30 days ago • 0 comments

Just got done recording a demo of a vuln I found today in a developer tool and when I got done I thought "this is way too complicated / too many steps to get code execution, there must be a shorter way" and then 10 minutes later I found the shorter way.

submitted 31 days ago • 1 comment

My colleagues and I at @securitylabs.datadoghq.com did a deep-dive on some recently discovered malicious VS Code extensions targeting Solidity developers. Check it out here: securitylabs.datadoghq.com/articles/mut...

submitted 32 days ago • 0 comments

Won’t apologize for my garden jokes. You want the hacks you gotta stay through the cringe farm crap.

submitted 32 days ago • 1 comment

Cilantro defense in depth.

submitted 32 days ago • 0 comments

Bitch, Peas.

submitted 32 days ago • 0 comments

Project to catalog all the known supply chain attacks github.com/tstromberg/s...

submitted 33 days ago • 1 comment

DDoSecrets publishes 410 GB of heap dumps, hacked from TeleMessage's archive server micahflee.com/ddosecrets-p...

submitted 34 days ago • 6 comments