Include Security

We've had a great time this month working with @b00fuzz by @jtpereyda, we're hoping we'll get to push out a fuzzer we wrote with it next month.

Hey Twitter crew, we've just had two new hires start this month and we're looking for more senior(always) consultants/researchers, take a look at our @r_netsec post for more info https://old.reddit.com/r/netsec/comments/eo3wgn/rnetsecs_q1_2020_information_security_hiring/fegbpmm/ …

Great team to work with, we're happy to see @OpenTechFund evolve and we're excited to see their future!https://twitter.com/OpenTechFund/status/1198969420934107141 …

People were asking which of our reported vulns were fixed in tcpdump 4.9.3. List below, thanks to @jduck and @berendjanwever for the great hax! CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165 CVE-2018-16301 CVE-2018-16230 CVE-2018-16452 CVE-2018-16300

A bunch of our vulns in tcpdump & libpcap were fixed last week. https://www.tcpdump.org/public-cve-list.txt … Thanks to @mozilla for sponsoring our Secure Open Source work! We're always looking for more Open Source projects to hack on if anybody is interested :)

Another Open Source security audit done, hit us up if you're at Defcon and want to hack on mission driven and commercial appsec assessments without a clearance #SCIFsSuckhttps://twitter.com/gustavonarea/status/1159230351388098561 …

Great turnout and a lot of new hacks taught and learned. Thanks to our instructors @0xRST and @w3af for bringing the skills to the masses!https://twitter.com/w3af/status/1134086750668828672 …

We've had a great response with lots of applicants for our free training in May 30/31st! Today is the last day for applications: http://blog.includesecurity.com/2019/04/free-training-from-includesec-in-buenos-aires.html …

IncludeSec is announcing a free training course in advanced web hacking techniques May 2019 in Buenos Aires http://blog.includesecurity.com/2019/04/free-training-from-includesec-in-buenos-aires.html … @ekoparty @securityjam @notpinkcon

So we just updated our site, it needed a refresh! In celebration we're going to give away a free training in Buenos Aires next month.

Always great working with @SecureDrop , thanks to @justtaft and @hannibals who got their hax on with this project.https://twitter.com/SecureDrop/status/1087894699631771649 …

Some projects we've touched on so far in 2019: A net appliance product found in almost every ISP, a medical research platform, a customer data platform coded in crazy functional langs, a virtualization based workstation, multiple SSO & authentication platforms, etc. Come hack!

We have done many hundreds of assessments for 160+ clients, but that's just a distraction from the real company milestone reached today: We've reached our 1337th follower we've made it in this industry!

We're hanging with the awesome .ar hacker crew this week at @ekoparty if anybody wants to chat hax email asadohackers at http://ourdomain.com 

We have arrived, 12+ IncludeSec folks in Vegas this week for BH/DC/CTFs. Hit us up if you want to to hang vegas@ourdomainname.com

We're at #RSAC and @bsidessf again this year. Hit us up if you want to chat exploits and vuln hunting heyImInSFToo@includesecurity.com

In descending order of frequency, here are the langs we saw in 2017 assessments: Java(web), Python, Ruby, PHP, C#, C/C++, NodeJS, java(Android), Obj C, Scala, GoLang, Swift, PERL, Clojure, VB.NE, ColdFusion, Groovy, Lua, Elixir What are you guys seeing in pen-testing world?