I often get the question what beginners in the Security field should spend time on. While my view will be biased towards Pentesting/RedTeaming, here is a 🧵 on the respective topics and resources:

RT @terawhiz: A short writeup for the kernel pwn I solved last weekend in lactf

RT @Yogehi: Sup, I'm the guy that hacked the Samsung S24 during Pwn2Own Ireland 2024 I just released a non-beginner Android application se…

RT @ale_sp_brazil: The third article (62 pages) of the Exploiting Reversing Series (ERS) is available on: I would…

RT @_ringzer0: From arbitrary pointer dereference to arbitrary read/write in latest Windows 11:

@alexjplaskett Focus on the fundamentals. A great sentence a mentor once told me was "The basics are advanced". Also try to dive deep into anything you're looking at. If you feel out of your comfort zone, you grow :)

@alexjplaskett Offensive security Web expert and offensive security exploitation expert. Just because the courses/manuals are great!

RT @R00tkitSMM: Weekend (2025) papers: QMSan: Efficiently Detecting Uninitialized Memory Errors During Fuzzing In…

RT @alexjplaskett: The resources for glibc Malloc heap exploitation course by Maxwell Dulin and Security Innovation

RT @7etsuo: Windows Kernel Resources: Development, Exploitation and Analysis.

@PwnFunction Looks like two bytes. On Windows userspace ASLR typically does result in 20 bits of randomness

RT @bliutech: Ever wanted to learn fuzzing?!?! 🐛 Me and some other folks at @pbrucla recently ran a project where we taught folks about the…

RT @testanull: Everything in this blog are already written, this is just for my bad memory only!

@frycos I heard that a lot of online html to pdf tools also offer that kind of service :P

RT @frycos: CVE-2024-55969 CVE-2024-55970

RT @domenuk: Watch the recording of my @ekoparty talk "Advanced Fuzzing with LibAFL" here: Thanks @fede_k for th…

RT @ATeamJKR: I hacked Bean Beat and also Kurt's Maultaschenfabrikle again! Was Domain Admin for many weeks and eventually #roasted their v…

RT @Dinosn: Windows Sockets: From Registered I/O to SYSTEM Privileges

RT @noperator: The first in a three-part series detailing my team's work in decrypting and analyzing SonicWall firewall firmware 🔥🧱 https:/…

RT @frycos: Most of you know about Telerik or DevExpress but ever heard of Syncfusion as another big global player? I found some interestin…

@ZoomZoomZero @AzakaSekai_ Edit: Not the index register, the base address/register value not being null of course.