We’re hiring!!!
Want to come work with and grow the coolest security research team? Come join us, we’re looking for someone to help lead our engineering efforts, influencing roadmap, research direction and improvements in breadth and depth of the product
job-boards.greenhouse.io/semgrep/jobs...
Check out the latest Paged Out! Zine (page 22 under hardware) and you’ll find an article written by me about my little eink labelling project and the highs and lows of learning to CAD, solder and program an ESP32, how hard can it be?
Link is here www.justhacking.com/... want to try before you buy? I've made 3 modules free so you can get a feel for what you're buying!
⚠️ IMPORTANT: This is NOT a "bug bounty" course and won't make you rich.
If you're just looking for a magic methodology to find a bug and get paid tomorrow, do not buy this course. This is about building deep, foundational API hacking skills, not about bug bounty hunting.
Everyone learns differently. The course comes packed with:
✅ In-depth Videos, A LOT of Videos tbh
✅ Written Content & Guides
✅ Quizzes
✅ Demos
✅ Hands-on Exercises
✅ Lab
✅ Q+A and Support From Me
This course is 100% new content, designed for all skill levels. We start with "What is an API?" and go all the way from recon to reporting.
It includes videos, written guides, exercises, and a new, realistic lab environment to practice in. The hands-on lab is free on GitHub!
I've spent a lot of time thinking about the best way to teach API security from the ground up for beginners.
Today, I'm excited to launch the result: My brand new API Hacking course on JHT. It's built to give you a deep, foundational understanding of how to test modern APIs. 🧵
Link is here www.justhacking.com/... want to try before you buy? I've made 3 modules free so you can get a feel for what you're buying!
⚠️ IMPORTANT: This is NOT a "bug bounty" course and won't make you rich.
If you're just looking for a magic methodology to find a bug and get paid tomorrow, do not buy this course. This is about building deep, foundational API hacking skills, not about bug bounty hunting.
Everyone learns differently. The course comes packed with:
✅ In-depth Videos, A LOT of Videos tbh
✅ Written Content & Guides
✅ Quizzes
✅ Demos
✅ Hands-on Exercises
✅ Lab
✅ Q+A and Support From Me
This course is 100% new content, designed for all skill levels. We start with "What is an API?" and go all the way from recon to reporting.
It includes videos, written guides, exercises, and a new, realistic lab environment to practice in. The hands-on lab is free on GitHub!
I've spent a lot of time thinking about the best way to teach API security from the ground up for beginners.
Today, I'm excited to launch the result: My brand new API Hacking course on JHT. It's built to give you a deep, foundational understanding of how to test modern APIs. 🧵
I interviewed Farah Hawa at Diana Initiative in Las Vegas last month!
https://twp.ai/9PVWh8
📅 Join @insider.phd as she explores the realities of AI’s impact on AppSec:
🔹 Moving past uncertainty to see where AI truly fits in.
🔹 Automating repetitive tasks and cutting false positives.
🔹 Strengthening security, improving accuracy, reducing risk.
➡️ semgrep.dev/events/doubt...
My favourite genre on YouTube is engineers making stuff no one asked them to make, how hard can it be? The struggle is the fun
youtu.be/qy_9w_c2ub0
Link to register semgrep.dev/events/s... should be available on YouTube later this week!
2/2
Security Rulez: I took my boss to Hacker Summer Camp and here’s what happened on September 3rd, 2025 at 10:00 AM PT
Tomorrow I'll be live on this webinar chatting about Hacker Summer Camp with my boss. We'll recap everything that happened and all the talks we did, share our top moments and our highlights from this year as well as share Jayson's experience at his first hacker con!
1/2
Check out the Packt conference with my link (gives you 20% off) below, or perhaps just get your agent to come and give you the cliff notes 😉
Hope to see you (or your AI note takers) there on September 13th!
We'll move beyond the hype and look at the real, emerging threats:
Agents making hallucinated (but effective!) API calls.
"Hackbots" chaining unauthorized actions to breach systems.
Insecure frameworks that give attackers the keys to the kingdom.
What if the AI agent designed to help you... decides to hack you instead? 🤯
That's the chilling reality I'll be exploring in my upcoming talk: AI Agents Gone Rogue? Hackbots, AI Agents and The Future of the AI Attack Surface
Ironically this video ended up in my eyeballs thanks to the YouTube algorithm but it is REALLY good and really speaks to some of my thoughts around algorithmic content being horrible for you, and I really recommend it 🔥🔥
youtu.be/Bdj14_jdumI
Register here: semgrep.dev/events/m...
PS: This is my first official Semgrep webinar, so you better all attend so I look good! 😂 😂 😂 😂
MCP is all anyone can talk about right now, but uhh what is it? And what do you actually need to know about the latest hyped AI thing? Join me tomorrow as I dig into it as we cover a TL;DR for security teams and perhaps why it might actually be industry changing
If you’re in the market for a bag, the bag is a Patchaholic from CTactical originally they sent me the wrong one but fixed it 2days later despite being in Vietnam so I really rate their customer service not to shill for them but I know folks might be interested ctactical.vn/products/ct1...
How to get rid of cash at DEFCON? Buy patches! Here are my DEFCON purchases (combined with a few I already had!
I did but it took me a while to update my LinkedIn, I’ll ping them to update it ty for letting me know
Officially booked flights to Australia! I’ll be in Melbourne, Brisbane and Sydney for YOW! Conference(s)
30 Nov - 6 Dec Melbourne
6 Dec - 10 Dec Brisbane
10 Dec - 14 Dec Sydney
If you want to meet up let me know! This will be my first time in Australia (and flying this far!)
We’re just VERY keen lol enjoy your vacation
