Calle Svensson
@ZetaTwo
Followers
6,501
Following
736
Media
366
Statuses
7,349
Security Engineer @ Google. MSc in eng. physics & CompSci, dev & gamer. ❤️ music & long distance running. Wanna do a PhD sometime. Same U/N on all other sites
Zürich, Switzerland
Joined April 2009
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
#ใจซ่อนรักEP5
• 810568 Tweets
LINGORM TSOU EP5
• 790695 Tweets
Cheatle
• 537328 Tweets
#OccupyJKIA
• 374837 Tweets
Secret Service Director
• 271772 Tweets
Kesho
• 167528 Tweets
सुप्रीम कोर्ट
• 147382 Tweets
#HappyBirthdaySuriya
• 135715 Tweets
Nancy Mace
• 71497 Tweets
Jamaican
• 66872 Tweets
Where is Joe Biden
• 58957 Tweets
Roro
• 54390 Tweets
travis
• 52809 Tweets
Our Shining Star Yoon Jaehyuk
• 44721 Tweets
Kris Tyson
• 39516 Tweets
BOTO PARA SA SB19
• 25935 Tweets
Bienvenue
• 24646 Tweets
Doritos
• 19361 Tweets
#انصفوا_النصر_بالميزانيه3
• 16699 Tweets
Chalobah
• 16546 Tweets
Bodrum
• 15286 Tweets
灼熱カバディ
• 12977 Tweets
$AMC
• 11949 Tweets
Temuco
• 11167 Tweets
After intense debate we have concluded the following:
* IDA - Gryffindor
* Ghidra - Slytherin
* Binja - Ravenclaw
* r2 - Hufflepuff
20
205
780
Waking up to a lot of bad takes on QR codes. QR codes are meant to be scanned, just as links are meant to be clicked. If your security posture requires these two things to not happen you have already lost. Blaming the user here is Dunning-Kruger riddled infosec posing.
26
114
747
My colleague recently reminded me that Python executes zip files which of course extends to other zip-based formats and lets you do things like this.
7
111
598
Everyone's always posting threads about how to get into security but where are the threads about how to get out of it? 🤔
49
35
546
@FreyaHolmer
Generally agree with the caveat that people open source things for very different reasons and "making it easy for others to use the code" may or may not be a motivation.
1
2
504
Got some fantastic personal news to kick off the weekend. Thrilled to announce that in August I will join Google in the offensive security team in Zürich. Really excited about what this new chapter will bring.
33
2
311
Want to find good security content creators who make videos and streams? Check out this little thing I built:
18
88
233
Stop suggesting input validation as a fix for XSS. You handle it by context aware escaping when outputting, not by trying to prevent double quotes in your input.
8
31
232
@Hbomberguy
Started the audiobook recently. It's really good. Among my favorite part so far:
- They're trying to kill me
- No one's trying to kill you
- Then why are they shooting at me?
- They're shooting at everyone, They're trying to kill everyone.
- And what difference does that make?
1
0
202
Come join us in the Google red team! We have a position open in NYC: The team is fantastic and the work is really cool. Message me if you have questions about the role but if you are interested please don't wait to get your application in.
10
43
150
@RLewisReports
I appreciate having a professional like you pointing subtle details like this out. I layman like me might have missed it otherwise. Really adds that extra depth to the viewing experience.
1
0
137
I hate the self-deprecating personality in tech: the "I have no idea what I'm doing, I just copy-paste from SO until it works" crowd. Stop devaluing your own work and take some pride in your skills. Not only are you hurting yourself but also misrepresenting the field to beginners
4
24
143
Just published my write-up for the
@Hacker0x01
#h1702
#CTF
for your reading and commenting pleasure.
3
49
119
@LiveOverflow
Yeah, call me old fashioned but I believe that to be good at security you should first learn the thing you are trying to secure. Appsec: learn how to build software. Netsec: learn how to configure a network, etc
8
13
117
Less than two hours until
#GoogleCTF
starts. Good luck to everyone participating! Make sure to check out my reversing
#CTF
challenge which I will not apologize for. :)
5
11
103
That's a wrap for the qualification round of the Google
#CTF
Hackceler8. Four matches completed with four teams moving on to the finals next weekend. Had a great time doing video production and even commentating one match. Congrats to all the teams and good luck to the finalists!
0
6
103
There's some shady criminal on the loose in Zürich. Luckily I have been able to obtain some pictures of the suspect who is known to have been involved in several cyber attacks.
16
3
103
This shit is absolutely gross. Just the other week I helped a colleague who suspected her ex of spying on her. Fuck this paper for helping these less than humans with this.
Are there any initiatives out there who could use some help from a reverse engineer maybe?
I'm not going to link to that
@TechTimes_News
story because they don't deserve the traffic. But I promise that this screenshot will be featured in all of my future talks about stalkerware and domestic abuse.
108
576
2K
5
15
100
In July I joined the Offensive Security team at Google and it has been a great experience. The red team work is challenging and fun and the team is awesome but even better, we are looking for more. Check these:
Zurich:
Sunnyvale:
1
27
100
Them: Noooo! You can't just use an SMT solver for this cryptography problem. You have to fully understand the non-linear transformations over finite fields and the subtleties of working with GF(2)! Nooooo!
Me: haha, Z3 goes brrrrrr
2
7
93
Yesterday I handed in my notice at work. This means that I'm now openly looking for a new job. I would love to work with something related to reverse engineering, malware and/or vuln research. Willing to relocate. Open for remote. DMs are open.
7
23
92
If you play
#CTF
, which you definitely should at least try a couple of times, don't limit yourself to a single category. Try to push yourself to at least a "medium" level of proficiency in several or most of them. This will make competitions more fun and you will learn a lot.
5
10
87
@alicegoldfuss
Related:
1. Wow this thing is really hard
2. *spends ~40h to learn it*
3. Why don't you understand it after my 15 min lightning talk on the subject?
0
2
80
@LiveOverflow
Trivial denial-of-service, PoC: "(.*a){100}aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!"
2
1
85
So, anyone else experiencing this thing in security where if you try to google technical details on a topic all you find is the same 5 basic concepts copy-pasted in 100 beginner guides and blog posts?
6
2
82
For the past few years I've been using a great fiverr artist to create some artwork for work. Unfortunately they have been MIA for 2+ months now and I realise that I probably need redundancy. I'm looking for a cartoon artist with similar style.
(Suggest AI = get instant block)
74
0
70
Every chapter has a beginning and an end. Today I'm working my last day at
@KRYcare
. Thanks for three great years with fantastic colleagues and exciting challenges. ❤️ Good luck in all the future work. Now I will enjoy some time off before starting at Google in Zürich in August.
8
0
78
Ok, we are doing this. Look what happens when you have crazy ideas at
#35c3
I invite you to watch our 1st ed. of "pwny race" (name pending). Tune in to our stream: on Feb 9 to see some
#CTF
pwnable racing with 4 excellent players and my co-host
@picklepwns
5
21
75
Another day, another garbage take from a bug bounty hunter. This is what makes the field look bad. Stop the gatekeeping BS and go back to running ffuf and retweeting SQL injection tricks.
#CTF
is one of many forms of hacking, a great way to learn & research and a lovely community
0
7
75
Tomorrow we will open the application window for security interns at Google in Europe next summer. You can read more about the position, requirements and process here: If you have any questions, don't hesitate to reach out. Come spend the summer with us!
2
34
65
25 minutes to Stockholm Marathon. I'm out of shape and got food poisoning yesterday so it's going to be rough. Will have to dig deep into the experience of those 13 previous finishes. Bib number 10004 if anyone wants to follow results.
10
0
66
@SwiftOnSecurity
@JasonInTheWild
Jason is 100% spot on. Additionally, many of these budgets are ridiculously low. I spent high school churning out websites for $250-$1000 that simply wouldn't be possible with any other solution (that I've seen).
5
2
61
Running my 14th Stockholm Marathon in 50 minutes with bib number 12245. See you on the other side.
6
0
61
We raised $100k for Alzheimerfonden! Thanks
@esamarathon
for a fantastic week! So fun to meet so many great people (and this robot). See you all at the next one!
0
3
61
The Numberphile podcast is one of very few podcasts I listen to. The episodes are always great but this latest one was fantastic. Really interesting to hear about Tadashi's philosophy on things. Strong recommendation even if you are not that into mathematics.
By popular demand, here's a podcast interview with Tadashi Tokieda...
It's pretty fascinating!
(also on podcast players - search Numberphile Podcast)
2
14
134
1
3
59
Helped a friend to repair a device yesterday. The first 32 bytes of the EEPROM had broken down so I extracted the firmware, binary patched it to add a small offset on all EEPROM accesses and wrote it back together with updated EEPROM contents and it worked perfectly. Quite proud!
3
3
58
We did it! We are going to DefCon, or at least virtually, to the DefCon
#CTF
finals. Great job everyone!
It looked really bleak for the warriors of the north but the taste for flags eventually set in and the hackers, fueled by shellcode and a desire for privescs, began their frenzy slaying challenge after challenge. In the end they stood triumphant as one of the qualifying teams.
0
6
27
5
1
57
Awww yes! Sub 90kg! My lowest weight since 2016. Still like 15 more to go but it's a great start.
2
0
57
We played the DefCon
#CTF
qualifiers this weekend with the Scandinavian collaboration team
@NorseCodeCTF
and thanks to heroic efforts by the team we managed to qualify to the finals for a second time.
It was in the darkest hour and everything seemed desperate. The warriors of the north were on the verge of defeat. Hope was all but lost. They let out a mighty battle cry for a final charge and as if guided by Odin himself, seized not one, but two flags to triumph in the battle!
0
8
34
4
1
56
Anyone else using their knuckles as a reminder of which months have 31 days vs which have 30/28? It's one of few "life hacks" I actually have found useful.
11
0
55
Want to learn about GDB scripting? Check my article. Or maybe check some of the other amazing articles in this issue!
2
4
54
Inspired by
@0xeb
's 2018
#reconbrx
talk, I decided to write an exploit for the Starcraft EUD bug. This turned into a challenge for the
@MidnightSunCTF
#CTF
and a blog post:
3
23
54
Speaking to one of the best vuln researchers I know. His exploit server is not working. Spend 30 min trying to help troubleshooting over Signal messages. Nothing makes sense, start to believe we hit some kind of Python bug...
...his server was listening on the wrong port.
3
1
53
The line-up for the second episode of the Pwny Racing () will be: borysp, hpmv, je and vos who will be fighting to be the first one to solve the pwnable challenge created by my amazing co-commentator
@0xb0bb
. Mark March 9th 15:00 UTC in your calendars!
1
17
49
As a person in tech, a good way to guarantee that you will be made obsolete is to attach your whole identity to a specific language or technology.
Become an expert at things but make sure to stay diverse and keep learning things and constantly evolve.
8
2
53
Almost euphoric right now. Despite the conditions (weather was perfect though) I performed my best marathon in many years. 13th Stockholm marathon finish (14th marathon total) in the bag.
#stockholmmarathon
9
0
53
@0xabad1dea
Id just like to interject for a moment. What you're referring to as BusyBox, is in fact, bad firmware/BusyBox, or as I've recently taken to calling it, bad firmware + BusyBox. It is not an OS unto itself, but rather another free component of a somewhat functioning consumer router
0
3
52
OMG, finally! I solved challenge 11 and finished
#FlareOn7
Big thanks to
@nickharbour
and the
@FireEye
FLARE team for organizing a great
#CTF
again!
2
0
51
Preparing my move to Zürich. 100 days of learning German on Duolingo. It's pretty difficult but I am seeing a little progress at least.
Join in you too:
7
0
50
Sophia was a brilliant security researcher and a wonderful teammate when I was in HFS. I fondly remember tag-teaming on RE problems with her but also conversations about life, politics, religion and everything between.
She will be greatly missed.
Sophia d’Antoine was walking just half a block from her Upper East Side apartment when the Land Rover hit her.
22
36
114
3
2
49
I have been programming for over 20 years and yesterday I finally learned (the basics of) how makefiles work. :D Just like there's always a frontier of your knowledge to push forward there will also be gaps within the areas you "know" to fill in and improve.
1
0
49
I just published my
#BinaryNinja
plugin for deobfuscating level 9, Evil, of the
#flareon8
challenge:
3
10
49
Big update! We now host all Pwny Racing challenges on our servers so you can try your exploit against our systems. In this process, we rebuilt all challenges so you might need to adjust some offsets. Grab the updated challs from the freshly updated:
1
18
47
@gynvael
Give a 1h conference presentation where 15 minutes are about yourself, 15 minutes about basics of HTTP, 5 minutes about the bug itself and 20 minutes ranting about how everything is broken and that software developers are stupid. Last 5 min is about how much bounty you deserve.
1
0
47
Got my
#FlareOn7
medal 🏅! Thanks again to
@nickharbour
and the rest of the
@fireeye
FLARE team for putting on a great
#CTF
event this year again. Looking forward to the next one. Happy new year to all reverse engineers out there!
2
0
46
Had a great weekend in Copenhagen playing the DefCon
#CTF
with
@NorseCodeCTF
. I blame
@adamdoupe
for making me reverse a network card for 24h+. Great job everyone! Thanks to
@oooverflow
for hosting and GG to all the teams. Would have loved to meet in person. Next year!
1
3
46
I've never been a big reader so this year I challenged myself to read every day using
@SimoneGiertz
's Every Day Calendar and by the looks of it, I will succeed. In total I have managed to read 21 books with a few more started and I thought I would highlight some of my favourites:
2
2
46
We have now opened applications for security engineer internships at Google in Zürich and Stockholm. Apply here: and if you have any questions my DMs are open but hurry up because the deadline is the 22nd.
2
8
46
Really proud to have participated as part of the Swedish/Icelandic team. I led the web application sub team and it was great fun. I'm very impressed by my teammates and how we worked together on this.
#LockedShields2023
has concluded! This year was even more competitive than previous years. As organisers, we saw a big jump in quality within the Blue Teams.
The most effective participants were the 🇸🇪-🇮🇸 joint team, followed by the 🇪🇪-🇺🇸 joint team and the 🇵🇱 team. Good job!
3
51
215
4
0
45
This whole AI hype wave has become genuinely annoying. I mind it so mind-numbingly uninteresting and yet it's starting to get challenging to find contexts where it's extremely prevalent. AI in all products, AI in all discussions, AI jokes, AI companies AI, AI, AI. Leave me alone!
11
4
42
@oppnaskolplatt
@IsabelSmedberg
Om ni behöver hjälp med reverse engineering av kod i framtiden får ni gärna höra av er.
1
0
44
@me_mazunki
@littmath
Yes sure but it's fun that you can manage to translate it using only words starting with V.
2
0
43
Every disagreement is not drama. Showing emotions is not "cringe". Having opinions is not "bias". Words matter. Most things are not binary. Stop pretending to be mindless robots. It's neither true nor an ideal to strive for.
2
3
42
1
0
44
Interested in the security and privacy teams at Google? The 0x0G Lounge is returning in a virtual format this year. There will be talks, panels and a
#CTF
. For more details, and to register, visit
0
10
43
Our application window for security engineer interns will open very soon: apply and come spend some time in Zürich at an amazing workplace with fantastic colleagues. Reach out if you have any questions, and don't wait to get your application in!
0
3
44
I'll live stream some blind
#CTF
challenge solving later today at 18:00 CEST. Check it out: This time I will try the "Hack AB" CTF by
@KnowitSecure
1
13
43
I played the
@1ns0mn1h4ck
#CTF
together with
@TeamTasteless
in Lausanne. We managed to get a 6th place and beat most of the other boomer teams so I'm pretty happy. Thanks for having me as a guest player and thanks for a great event! :D
4
0
43
I made a video for the
#MegaFavNumbers
playlist about how a not so random number broke the security of the Playstation 3: Check it out to learn a little bit about the security of the PS3 and elliptic curve cryptography.
4
15
42
The wait is soon over! Ep. 3 of Pwny Racing will go live on Sat April 13th at 15:00 UTC with
@0xb0bb
and me commentating our players
@David3141593
,
@OwariDa
,
@jinmo123
and
@maciekkotowicz
trying to be the first to solve a pwnable challenge. Tune in:
3
13
42
@MACHINEgg
Also, who tf wants to watch that? The personalities and small shenanigans is what elevates a decent match to a great viewing experience.
0
0
38
@ghidraninja
@InsiderPhD
...and other hilarious jokes Germans tell themselves", out now in stores, on Amazon and Audible.
2
0
40
Finally finished
#flareon8
. I had a good early start but had to take a break and didn't pick it up again until this week. With the exception of 3 & 5 I liked most challenges although sad that 10 had a cheese solution. Challenge 9 was nice. Thanks
@nickharbour
,
@mikesiko
and team!
3
0
41
@LiveOverflow
I started by using separate strings: "str1.matches(str2)", set up a test program to measure time, played around with various examples of "evil regex" I found in blog posts and that one gave good results then combined them into one single string.
0
2
41
0
13
40
@MalwareTechBlog
You could make a browser extension that screenshots and saves their last tweet or the last interaction with you or something like that.
0
2
40
0
2
39
Just came home from giving a guest lecture at the Royal Institute of Technology (KTH), my alma mater here in Stockholm. I covered the basics of binary exploitation as part of the fairly new "Ethical Hacking" course (dislike the term, love the initiative). Seemed appreciated.
3
3
40
Pretty sad how the goto reaction in the comments is "just ignore them" and not "yeet these despicable fuckers out of this community so hard they can't tell up from down". There's more than enough respectful people to go around, no need to pad out with absolute trash.
This is why some women dont want to be apart of the
#BugBounty
community. Although there are of course really lovely people, messages like this can be a stark reminder of how far we have left to go
20
28
137
2
12
38
@0xabad1dea
I saw a presentation with a whole collection of examples on different ways sites break pw managers and the lengths to which they go to achieve this is frightening.
2
0
37
@MurmusCTF
Imo that's still a very weak argument. The QR reader should ask for a confirmation before opening other apps and furthermore, if an intent can cause a state-change in an app without user interaction, that's a vulnerability in the same vein as a CSRF.
1
0
38
Time for the first live stream of the year. This time I will do some blind solves of some
#CTF
challenges from "The Nixu Challenge". Join me on YT today at 18:00 UTC:
1
4
39