New blog post - Automation for AppSec
blog.adamschaal.com/posts/2026-0...
25.01.2026 04:22
π 2
π 1
π¬ 0
π 0
New blog post - Automation for AppSec
blog.adamschaal.com/posts/2026-0...
The night of October 20th, I woke up ice-cold. My bed had cooled all the way to 55Β° F and I couldn't adjust it at all. The irony: this was due to an AWS failure. Read more about removing my bed's cloud dependency.
blog.adamschaal.com/posts/2025-1...
I dockerized a proof-of-concept for CVE-2025-55182 (React2Shell) here - github.com/clevernyyyy/...
Original POC by github.com/msanft.
Super excited for the World Cup draw on Friday. β½οΈ π₯
Can't wait to see what matchups we can attend!
Writing is something I'm always challenging myself to be better at. This fall, my friend @themattvirus.bsky.social and I were pleased to attend BruCON, a security conference in Belgium and I've finally managed to put together my BruCON review:
blog.adamschaal.com/posts/2025-1...
I always appreciate the little details in the DEF CON 402 ornaments from @tvidas.bsky.social like this one from 2020. Hard to believe how long our community has been together, really thankful for the friends I've made in dc402.org. β‘ talks in December!
Yes, @themattvirus.bsky.social and I visited the Louvre on our trip to BruCON. Yes, we cased the jewels, and noted that their cameras were obsolete [1] for our talk, but no, we did not steal them.
[1] www.artnews.com/art-news/new...
Speaking at BruCON in t-minus 12 hours with @themattvirus.bsky.social. We've prepared as much as we can with waffles, beer, and club mate, we are almost fully Belgian now. π§πͺ
Bluesky vs Twitter on my pixel fold.
At AWS, our GenAI development is moving at π warp speed. With new tools popping up faster than browser tabs in my macbook, my team created Nebula β a system to track all our GenAI initiatives.
Today, we just launched an AI assistant to help upload new tools to Nebula tracker.
Thrilled to share that @themattvirus.bsky.social and I are speaking at BruCON this year! The lineup is π₯ so far and we can't wait to reconnect with our amazing European hacking friends. Always a highlight to be among that fantastic community.
www.brucon.org
π―NIST's updated security guidelines finally hit the mark.
1. No more forced password changes
2. Longer passwords beat complexity rules
3. Security responsibility shifts to providers where it belongs.
Common sense security FTW.
pages.nist.gov/800-63-4/sp8...
5/5 - Thankfully, github.com/ZonkSec was able to create a fork + PR which I could merge from GH mobile. Total downtime our our registration was something like ~12 mins from notification, but it was a stressful 12 minutes.
4/n - To compound the issue, GitHub's mobile app doesn't support adding people into repos or organizations yet.
No really, since 2021.
github.com/orgs/communi...
3/n - Except the only people who've made commits this year (including me) were afk for another few hours.
Luckily, we had set up our website to take commits and use GitHub actions to automatically publish. We just needed someone to find/replace, but... our team didn't have direct commit access.
2/n - We then figured out that kernelcon.org uses the url reg.kernelcon.org to redirect to our eventzilla site. Unfortunately, something with the google domains -> square space move nuked our subdomain redirect.
Easy fix, we just needed to change our buttons to point directly to eventzilla...
1/n - Today at kernelcon.bsky.social, we were notified that our registration was down. We immediately jumped on our phones to check and sure enough, clicking our registration buttons led to a 503.
However, our eventzilla admin page was up, and we could access our event through that site, hmm?
For 311 day, don't forget to kick it Omaha Stylee and get your tickets to @kernelcon.bsky.social!
youtu.be/rokq0CIfXXk?...
kernelcon.org
Kernelcon Agenda is LIVE!
kernelcon.org/agenda
Room block closes on March 7th, please go get your rooms and tickets now.
π€¦ββοΈ What is going on?
therecord.media/hegseth-orde...
I hate pointing out flaws in a system and the subsequent team expecting my team to own the outcome of escalating for a fix.
Ownership is maybe the most important trait of a team leader.
More details on kernelcon.org/robo-race.
There might be some custom swag for participants who bring their own robot for the competition!
This is really exciting... I can't wait to see what our community comes up with. Prizes for fastest and best dressed robot! And for the robo-curious we will have our own to play with.
Had a ton of fun speaking at Shmoocon this year, I really enjoyed this con and wish the best for Heidi, Bruce, and the volunteers in future endeavors!
I'm loving my Rivian so far. I picked up the Tri-motor in Storm Blue.
If you're interested in an EV, especially one not produced by Elon, we each get $750 if you use my referral code.
code: ADAM1508922
Now that they've teamed up with VW, I think they'll be even more popular.
#rivian
Wow, this is crazy. A "researcher" uses an LLM to find a vulnerability in curl that is COMPLETELY hallucinated. What a waste of time.
hackerone.com/reports/2199...
Had a great time in Germany with @themattvirus.bsky.social speaking at Chaos Communication Camp. I would love to come back in four years!
My wife and I every time I have an upcoming talk. Looking forward to #cccamp23!
