Chris Dale's Avatar

Chris Dale

@chrisdale.bsky.social

Principal instructor at SANS Institute. CHO (Chief Hacking Officer) and co-founder of River Security. Occasionally put content on YT: https://www.youtube.com/@chrisdale

431 Followers  |  113 Following  |  42 Posts  |  Joined: 09.06.2023  |  1.5055

Latest posts by chrisdale.bsky.social on Bluesky

Post image

Hackers don't wait, why should we? SANS 2025 Attack Surface & Vulnerability Management Survey – We Need Your Voice! survey.sans.org/jfe/form/SV_...

29.04.2025 07:57 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
CSScape Room

Old school CSS escape room!

csscape-room.iamdanielmarino.com

04.04.2025 06:59 β€” πŸ‘ 5    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

That was fun. Took about 10 minutes of clicking around. Last two I brute-forced :) Thanks for sharing.

04.04.2025 20:55 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Slack: lack of port normalisation allows bypass of Blocked Previews
YouTube video by jub0bs Slack: lack of port normalisation allows bypass of Blocked Previews

For instance, if your Slack workspace blocks example[.]com, share a link with an explicit port left-padded with enough zeroes, e.g. httpx//:example[.]com:000443, and your link will be unfurled.

Admittedly not much of a security impact; just a broken functionality. 🀷

youtu.be/uI0JrHkLAXA

2/2

04.04.2025 09:14 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Respect! 🀩

24.03.2025 07:00 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

I couldn't help myself do a kiosk escape considering the entire table is a touch screen menu

08.03.2025 17:02 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Hacker Space - Skjelbred Poiree - River Security Hacking Team
YouTube video by River Security Hacker Space - Skjelbred Poiree - River Security Hacking Team

The most fun time of the year is not Christmas! It's our hacker spaces youtu.be/u6DdqrmylZQ

28.02.2025 12:52 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

We're looking for passionate cybersecurity professionals, both junior and senior roles, to join our remote pentesting team. There is a hacking challenge below... Does this sound enticing?Message me.

209.38.109.251 (Reach out if you need hints) πŸ’ͺ

21.02.2025 12:25 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Coaching a CTF team was one of last years highlights. I hope I get to do it again. www.htx.gov.sg/whats-happen...

20.02.2025 13:14 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
ktrlpanel ep 3 - Chris Dale | The evolution of pentesting, becoming a SANS instructor, remote teams
YouTube video by ktrlpanel ktrlpanel ep 3 - Chris Dale | The evolution of pentesting, becoming a SANS instructor, remote teams

In this podcast I am discussing things like how peneration testing is changing, modern penetration testing methodlogy, and more. www.youtube.com/watch?v=kRwG...

20.02.2025 08:57 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

In case the post gets taken down, here is a screenshot.

14.02.2025 08:59 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Workforce | DOGE: Department of Government Efficiency Workforce data for the U.S. government.

🍿 DOGE.gov breached: doge.gov/workforce?or...

14.02.2025 08:58 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Raw SQL Queries are Actually Better for Security Than ORMs? Have I gone mad? Do I actually recommend not using an ORM and actually gaining a security advantage? Sort of. It's more nuanced but if we're trying to fix SQL injection and related vulnerabilities the...

ORM vs Raw SQL queries - Careful Either Way - www.nodejs-security.com/blog/raw-sql...

06.02.2025 19:03 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Top 10 web hacking techniques of 2024 Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! portswigger.net/research/top...

04.02.2025 15:02 β€” πŸ‘ 66    πŸ” 36    πŸ’¬ 2    πŸ“Œ 5
Preview
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform - research.md

Very cool write-up on a deanonymizing attack using Cloudflare's Cache - gist.github.com/hackermondev...

23.01.2025 19:16 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Credential Stuffing: Hacking Without Being a Hacker
YouTube video by Chris Dale Credential Stuffing: Hacking Without Being a Hacker

Credential stuffing β€” no advanced hacking skills needed. A short 6 minute video to explain the concept www.youtube.com/watch?v=1BTF...

21.01.2025 15:52 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I'm not sure which is more frustrating: interacting with a support system run by an LLM or dealing with technicians who seem to rely solely on predefined playbooks without critical thinking...

08.01.2025 07:24 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Keeping free open-source software maintained is often an unrewarding and unrecognized effort. Thank you!

24.12.2024 12:28 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Setting up an unmarked malicous cable and it comes with a warning: "Do Not Eat"... Wow πŸ™ˆ

24.12.2024 12:26 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Feel like Santa Claus πŸŽ… Bug bounty on Christmas Eve. An IDOR which at first seemed impossible to enumerate, but once I reduced the JSON object to the least parameters that would still make the request work, I found two enumerable values which ended up in a nice vulnerability. Happy holidays!

24.12.2024 11:32 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Exposing the Honey Influencer Scam
YouTube video by MegaLag Exposing the Honey Influencer Scam

Honey, the browser plugin with godmode to your browser activity, found to rewrite afilliate links. Keep your browsers clean all, you use it for too much important stuff. www.youtube.com/watch?v=vc4y...

23.12.2024 14:48 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

I don't particularly enjoy questions like these, but then again, how would you answer it? I'd say: "Start with a problem, and what you want to achieve. Seek the answers by firmly understanding the problem and the technology you operate.".

10.12.2024 11:13 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Internet Crime Complaint Center (IC3) | Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud

FBI PSA; Some good tips on protecting against threat actors using AI against us. My favorite is to have a secret passphrase between family members to validate on another is not AI. www.ic3.gov/PSA/2024/PSA...

06.12.2024 21:17 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Hi Matt, nice to meet you πŸ€ŸπŸ˜‚

19.11.2024 22:06 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

It was a commodore 64, but what happened after was truly amazing times

18.11.2024 22:49 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Is My Phone Listening To Me? Is My Phone Listening To Me?

A common question (or rather, statement) I often hear from everyday users is, "Clearly, my phone is listening to everything I sayβ€”I keep getting targeted ads based on my conversations." Well, they are listening, just not in the way most people think. The EFF breaks it down for us here:

18.11.2024 22:04 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Great Turkish restaurant that is, absolutely love it myself.

18.11.2024 19:20 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Ever since the Gen AI revolution started I've found myself more and more skeptical about any and all content I read. Even direct messages with people sometimes make me go 🀨

18.11.2024 18:15 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Intentionally vague post:

If you've pentested an org and they later have "an incident," I recommend you don't write speculative blog posts about how you think it maybe went down. πŸ’©

18.11.2024 18:12 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

@chrisdale is following 20 prominent accounts