Tal Skverer

Breaking 'Em All!

The blog posts going deeper into hacking Pokemon Go that accompany my #DEFCON talk are live on my blog!

taltechtreks.com/2024/04/06/H...
taltechtreks.com/2025/08/09/H...

Happy to get questions on the research!

DEFCON_DCTV_Three - Twitch DEFCON TV Channel 3: Track 3 Talks

Talking in an hour at #DEFCON about Pokemon Go on track 3. Couldn't be more excited!

I've worked on it multiple nights in the past months, and I hope you'll enjoy it!

If you're not here in person, you can catch the talk live at www.youtube.com/live/fzbrrKP...
or www.twitch.tv/defcon_dctv_...

Giving a talk on Pokemon Go, I just had to convert myself to a Pokemon trainer.

The amazing Ryan Rockenbaugh surprised me with a limited edition sticker of Trainer Tal

Sticker wall at #DEFCON got 2, and I will be giving what's left tomorrow at my talk

Breaking 'Em All! 11:30 Track 3. See you!

Excited and humbled to speak once again in DEF CON.
Talk is on Saturday at 11:30, track 3.

I'll be in the conf till Sunday, hit me up if you want to chat over the talk or any other project.

The #DEFCON 33 schedule is live and I'm excited to announce I'll be giving a talk this year on unique research I was a part of a few years back!

"Breakin 'Em All – Overcoming Pokémon Go's Anti-Cheat Mechanism"

Join me on stage - Sat, 11:30 AM, Track 3
defcon.org/html/defcon-...

Looks like I'll be at Hacker Summer Camp this year!

Exciting #DEFCON33 ☺

AppSec IL 2025 CTF - Writeup A writeup on all challenges I solved in the 2025 OWASP CTF

Just got back from #AppSecIL2025!
Ended up 4th place in the #CTF 🎉

Solved 12/15 challenges alone - Android pwn, JS sandbox escapes, cache poisoning, XSS bypasses. The usual suspects: SQLi, LDAP injection, XXE.
Had a blast!
Looking forward to the next one.

Writeup: taltechtreks.com/2025/06/04/a...

I'm building something cute and new, but as opposed to my normal ways, this time I'm using #Cursor heavily and the flow blows my mind.
Although I'm certain that without prior good knowledge of coding it wouldn't work that well.

Claude can now connect to your world Today we're announcing Integrations, a new way to connect your apps and tools to Claude. We're also expanding Claude's Research capabilities with an advanced mode that searches the web, your Google Wo...

Ah, I wondered when this was due to come out.
Can't wait to experiment!
www.anthropic.com/news/integra...

Excited to present my research tomorrow at #RSAC!
Come by to hear John and me share conclusions and insights on the first publicly available report on Non-Human identity security!

See you there,
May 1, 10:50 am at Moscone West 3004!

The Largest Sofa You Can Move Around a Corner | Quanta Magazine A new proof reveals the answer to the decades-old “moving sofa” problem. It highlights how even the simplest optimization problems can have counterintuitive answers.

For today, a bit Friends content! Or, uhh, actually, computer science!
What’s the largest sofa you can pivot around a corner?

Heard about this problem in the past, but I thought it's one of those we will never be able to prove. (At least until quantum computers arrive to solve some NP problems)

Took a bit of hiatus from posting here, was quite busy the past few months (CFP season amiright…)

But I do have more cool stuff ready for sharing as well as writing 2 blog posts about projects I worked on lately.

Looking forward to sharing with you all

Great time presenting OWASP NHI Top 10 at #SnowFROC!

If you're here, come say hi!

Dragonsweeper by Daniel Benmergui A roguelike minesweeper adventure

Well, that was an hour of my life well spent.

An amazing adaptation of minesweeper to include old-school RPG elements.

UPDATE: Had to go back and play, another 4 hours to achieve a perfect clear. Incredible game!

Great thread on the emerging new details on the ByBit breach

A cute post showcasing the basis of every website - HTML! The site goes over (almost) all HTML tags, by using them.

Seeing this, it’s unfortunate that text inputs in websites don't allow most tags but rather encapsulate how the final result is displayed for users. Give us more, please!

Managed to squeeze in 2 talk submissions to #fwd:cloudsec just before the first round CFP closes.
Hoping for good news, will be the perfect reason to finally attend in person!

Check out this wild project: #Steam #Brick.
The author transformed the Steam Deck to a brick that still connects to screens or VR while reducing size by a third

Projects like this (author used steam-provided data) are a great example of "right-to-own", critical to enhance electronics sustainability

Thanks for the shout-out!
Happy to see the starterpack in use 😁

#OAuth #phishing apps are coming to get you - now on #X!

It's annoying to see yet another case of how easy it is to fake consent screens that look identical to real companies.

Why we still lack mandatory verification processes for new OAuth apps is beyond me.

x.com/thealexbanks...

This researcher found a clever persistence trick: create a rogue #OIDC provider mimicking an existing one, then silently tweak the conditions.
Easy to miss, but it lets an attacker retain access to a compromised account.

How many orgs actually audit their OIDC roles? Feels like a blind spot.

#OIDC identity providers in #AWS have been getting more attention lately and rightfully so: It’s unfortunately surprisingly easy (and common) to create misconfiguration within the necessary conditions on OIDC-based #IAM roles trust policy.

OAuth Non-Happy Path to ATO Learn how small errors in OAuth implementation can lead to significant security vulnerabilities like one-click account takeover in web applications

So, #OAuth implementations seem to always have some edge case or quirk making it vulnerable in odd ways.

This particular exploit leveraged an open redirect in an app's OAuth callback, combined with #Google OAuth's quirks to steal authorization codes on visiting a malicious website.

DeepSeek My User Agent DeepSeek My User Agent

#DeepSeek roasts me based on my #UserAgent:

Your browser history is so bare even your referrer ghosted you, your 2560x1440 screen is just compensating for how bland Firefox 134 on Windows 10 is, and 16 CPU cores in Tel Aviv? Congrats, you’re the NPC overclocking spreadsheets in the Silicon Wadi.

Why is Git Autocorrect too fast for Formula One drivers? Why does Git's autocorrect wait 0.1s before executing a mistyped command? Let's dig in.

Cute bit of #internet history, this post shows why #Git gives you 0.1 seconds to decide if it runs a fixed command.

Turns out, backwards compatibility in code is hard, especially if the code is distributed widely, and can lead to these kind of funny instances (and other that can cause real damage)

The author created a CPU #JTAG breakout and by inserting it between the balls and the CPU—manages to successfully debug the Xbox and extract the holy grail—a secret 512-byte boot ROM.

This ROM was originally extracted in other methods which allowed #Jailbreaking the #Xbox in the first place.

Of course, it can't that simple. #Microsoft took a straightforward but effective countermeasure—grounding the #TRST pin, effectively locking out #JTAG access on retail consoles.

Additionally, the #CPU is soldered on a ball-grid-array, making direct patching nearly impossible. But - there’s a way!

JTAG 'Hacking' the Original Xbox in 2023 Released in November 2001, the original Xbox was Microsoft’s first venture into the game console industry. With its hardware closely resembling a cheap but v...

I love #hacking #embedded systems, and also #gaming when time permits.

Imagine my delight seeing a post that blends both! Two decades after its release, someone revisits the idea of “just” using the original #Xbox CPU's #JTAG connector to debug it.

The Dead Internet Theory is just a meme, right?

Well…something strange happens over at PhysicsForums. Once an active forum for physics students, now a quieter place.

A year ago, posts appeared, made by users long after their last login. LLM-generated replies back-inserted into the DB

Must read!

Hey, Erica! :) Glad to have you over here too.