Anant Shrivastava
@anantshri.info
Researcher | Trainer | Security Professional | Developer | Admin
Pinned
Anant Shrivastava
@anantshri.info
· Jul 21
SBOM Play: Simplified SBOM Visualization Tool for Developers
Discover SBOM Play: a user-friendly tool to visualize SBOMs with vulnerability insights and licensing analysis—no complex setup required!
cyfinoid.com
Introducing SBOM Play: A Privacy-First SBOM Explorer with Vulnerability & License Insights
cyfinoid.com/introducing-...
A fully client side browser based SBoM Explorer. more details on the link.
#SBoM
cyfinoid.com/introducing-...
A fully client side browser based SBoM Explorer. more details on the link.
#SBoM
🚨 BLACK FRIDAY MEGA SALE 🚨
All Cyfinoid security tools are 100% OFF!
Get our security tools for the low price of $0.00!
SBOM analyzer? FREE
3PTracer? FREE
Act fast! This deal expires in... *checks notes* ...never.
Because they've always been free
cyfinoid.github.io
All Cyfinoid security tools are 100% OFF!
Get our security tools for the low price of $0.00!
SBOM analyzer? FREE
3PTracer? FREE
Act fast! This deal expires in... *checks notes* ...never.
Because they've always been free
cyfinoid.github.io
Cyfinoid Research - Security Tools & Projects
Cyfinoid's collection of security tools and research projects including software supply chain analysis, Android assessment, cloud security, and more.
cyfinoid.github.io
November 19, 2025 at 9:09 AM
🚨 BLACK FRIDAY MEGA SALE 🚨
All Cyfinoid security tools are 100% OFF!
Get our security tools for the low price of $0.00!
SBOM analyzer? FREE
3PTracer? FREE
Act fast! This deal expires in... *checks notes* ...never.
Because they've always been free
cyfinoid.github.io
All Cyfinoid security tools are 100% OFF!
Get our security tools for the low price of $0.00!
SBOM analyzer? FREE
3PTracer? FREE
Act fast! This deal expires in... *checks notes* ...never.
Because they've always been free
cyfinoid.github.io
Reposted by Anant Shrivastava
With cloudflare being down, and as a result, most things I use being down, I came here to say hi 🤭 I guess I will use other AIs than chatgpt today!
November 18, 2025 at 1:23 PM
With cloudflare being down, and as a result, most things I use being down, I came here to say hi 🤭 I guess I will use other AIs than chatgpt today!
New version of #SBoMPlay is available cyfinoid.github.io/sbomplay/
Source code : github.com/cyfinoid/sbo...
Bunch of New Features in experimental mode
- Aggregate List of authors
- Identify version sprawl amongst projects
- common dependencies across projects
- License changes in package versions
Source code : github.com/cyfinoid/sbo...
Bunch of New Features in experimental mode
- Aggregate List of authors
- Identify version sprawl amongst projects
- common dependencies across projects
- License changes in package versions
SBOM Play - Client-Side Analysis
cyfinoid.github.io
November 10, 2025 at 8:31 AM
New version of #SBoMPlay is available cyfinoid.github.io/sbomplay/
Source code : github.com/cyfinoid/sbo...
Bunch of New Features in experimental mode
- Aggregate List of authors
- Identify version sprawl amongst projects
- common dependencies across projects
- License changes in package versions
Source code : github.com/cyfinoid/sbo...
Bunch of New Features in experimental mode
- Aggregate List of authors
- Identify version sprawl amongst projects
- common dependencies across projects
- License changes in package versions
Reposted by Anant Shrivastava
#DEFCON34 Call for #CTF Organizers is OPEN!
After four excellent years, Nautilus Institute is retiring from running the official #DEFCON CTF. The search is on for the next team. Is it your turn? Is your crew the future of live hacking competitions?
defcon.org/html/links/d...
After four excellent years, Nautilus Institute is retiring from running the official #DEFCON CTF. The search is on for the next team. Is it your turn? Is your crew the future of live hacking competitions?
defcon.org/html/links/d...
DEF CON® Hacking Conference - Call for CTF Organizers
Nautilus Institute is passing the torch, will your group be the next CTF Overlords?.
defcon.org
October 9, 2025 at 11:11 PM
#DEFCON34 Call for #CTF Organizers is OPEN!
After four excellent years, Nautilus Institute is retiring from running the official #DEFCON CTF. The search is on for the next team. Is it your turn? Is your crew the future of live hacking competitions?
defcon.org/html/links/d...
After four excellent years, Nautilus Institute is retiring from running the official #DEFCON CTF. The search is on for the next team. Is it your turn? Is your crew the future of live hacking competitions?
defcon.org/html/links/d...
Final hours for Black Hat EU Early Bird! 🚨
Save £300 today and join my 0wning the Cloud training this December in London.
We’ll cover AWS, Azure, GCP, DigitalOcean & Aliyun with hands-on attack + defense labs.
🔗 Register before midnight: www.blackhat.com/eu-25/traini...
Save £300 today and join my 0wning the Cloud training this December in London.
We’ll cover AWS, Azure, GCP, DigitalOcean & Aliyun with hands-on attack + defense labs.
🔗 Register before midnight: www.blackhat.com/eu-25/traini...
Black Hat
Black Hat
www.blackhat.com
September 25, 2025 at 11:47 PM
Final hours for Black Hat EU Early Bird! 🚨
Save £300 today and join my 0wning the Cloud training this December in London.
We’ll cover AWS, Azure, GCP, DigitalOcean & Aliyun with hands-on attack + defense labs.
🔗 Register before midnight: www.blackhat.com/eu-25/traini...
Save £300 today and join my 0wning the Cloud training this December in London.
We’ll cover AWS, Azure, GCP, DigitalOcean & Aliyun with hands-on attack + defense labs.
🔗 Register before midnight: www.blackhat.com/eu-25/traini...
We just dropped GH Navigator 🎉
Paired with KeyChecker, it gives full GitHub coverage:
Data plane: what can be read
Control plane: what can be changed
Check out the release post 👉 cyfinoid.com/gh-navigator...
Paired with KeyChecker, it gives full GitHub coverage:
Data plane: what can be read
Control plane: what can be changed
Check out the release post 👉 cyfinoid.com/gh-navigator...
Introducing GH Navigator: Optimizing GitHub Security Tools
Discover how GH Navigator and KeyChecker enhance GitHub security by providing visibility and testing for both data and control planes.
cyfinoid.com
September 22, 2025 at 11:00 PM
We just dropped GH Navigator 🎉
Paired with KeyChecker, it gives full GitHub coverage:
Data plane: what can be read
Control plane: what can be changed
Check out the release post 👉 cyfinoid.com/gh-navigator...
Paired with KeyChecker, it gives full GitHub coverage:
Data plane: what can be read
Control plane: what can be changed
Check out the release post 👉 cyfinoid.com/gh-navigator...
Reposted by Anant Shrivastava
“OpenAI admits AI hallucinations are mathematically inevitable, not just engineering flaws”
https://www.computerworld.com/article/4059383/openai-admits-ai-hallucinations-are-mathematically-inevitable-not-just-engineering-flaws.html
https://www.computerworld.com/article/4059383/openai-admits-ai-hallucinations-are-mathematically-inevitable-not-just-engineering-flaws.html
September 21, 2025 at 10:04 AM
“OpenAI admits AI hallucinations are mathematically inevitable, not just engineering flaws”
https://www.computerworld.com/article/4059383/openai-admits-ai-hallucinations-are-mathematically-inevitable-not-just-engineering-flaws.html
https://www.computerworld.com/article/4059383/openai-admits-ai-hallucinations-are-mathematically-inevitable-not-just-engineering-flaws.html
Everyone talking about npm hacks. But is it really more attacks or just more visibility?
Maybe attackers are piling on npm
Maybe the ecosystem is just easier to monitor
Maybe sloppy practices make it an easy catch
What nags me more: silence in PyPI, RubyGems, Maven.
No attacks, or no one looking?
Maybe attackers are piling on npm
Maybe the ecosystem is just easier to monitor
Maybe sloppy practices make it an easy catch
What nags me more: silence in PyPI, RubyGems, Maven.
No attacks, or no one looking?
September 16, 2025 at 9:11 PM
Everyone talking about npm hacks. But is it really more attacks or just more visibility?
Maybe attackers are piling on npm
Maybe the ecosystem is just easier to monitor
Maybe sloppy practices make it an easy catch
What nags me more: silence in PyPI, RubyGems, Maven.
No attacks, or no one looking?
Maybe attackers are piling on npm
Maybe the ecosystem is just easier to monitor
Maybe sloppy practices make it an easy catch
What nags me more: silence in PyPI, RubyGems, Maven.
No attacks, or no one looking?
Reposted by Anant Shrivastava
#BSidesLDN205 Call for Workshops is still open!
Want to pass on the knowledge you have?
Here's your chance: cfp.bsides.london/bsides-londo...
Any topic.
2-4hrs long
Not a commercial presentation
30 people minimum audience (mixed experienced levels)
#Security #BSIdes #London
Want to pass on the knowledge you have?
Here's your chance: cfp.bsides.london/bsides-londo...
Any topic.
2-4hrs long
Not a commercial presentation
30 people minimum audience (mixed experienced levels)
#Security #BSIdes #London
September 8, 2025 at 8:11 AM
#BSidesLDN205 Call for Workshops is still open!
Want to pass on the knowledge you have?
Here's your chance: cfp.bsides.london/bsides-londo...
Any topic.
2-4hrs long
Not a commercial presentation
30 people minimum audience (mixed experienced levels)
#Security #BSIdes #London
Want to pass on the knowledge you have?
Here's your chance: cfp.bsides.london/bsides-londo...
Any topic.
2-4hrs long
Not a commercial presentation
30 people minimum audience (mixed experienced levels)
#Security #BSIdes #London
Reposted by Anant Shrivastava
To all of the people pushing hard to coin the term “vibe security,” the joke is on you. Security has always been about vibes. 😆
September 3, 2025 at 2:29 PM
To all of the people pushing hard to coin the term “vibe security,” the joke is on you. Security has always been about vibes. 😆
Determinism builds trust, non-determinism builds discovery. The art lies in knowing when the world needs certainty - and when it needs the unexpected gift of surprise.
Not Every Nail Needs a Non-Deterministic Hammer
Determinism builds trust, non-determinism builds discovery. The art lies in knowing when the world needs certainty - and when it needs the unexpected gift of surprise.
blog.anantshri.info
August 30, 2025 at 6:50 PM
Determinism builds trust, non-determinism builds discovery. The art lies in knowing when the world needs certainty - and when it needs the unexpected gift of surprise.
Most say ‘think like a hacker,’ but infosec fights adversaries with goals, not curiosity. Real defense means blending hacker creativity with adversary realism.
Hacker Vs Adversary
Most say ‘think like a hacker,’ but infosec fights adversaries with goals, not curiosity. Real defense means blending hacker creativity with adversary realism.
blog.anantshri.info
August 29, 2025 at 10:52 AM
Most say ‘think like a hacker,’ but infosec fights adversaries with goals, not curiosity. Real defense means blending hacker creativity with adversary realism.
My thoughts on how LLM behaviour makes me rethink my own brain’s inner workings. A prediction engine as a mirror for a mind.
What LLMs Teach Me About My Own Brain
My thoughts on how LLM behaviour makes me rethink my own brain’s inner workings. A prediction engine as a mirror for a mind.
blog.anantshri.info
August 28, 2025 at 5:00 AM
My thoughts on how LLM behaviour makes me rethink my own brain’s inner workings. A prediction engine as a mirror for a mind.
🔑 Introducing KeyChecker – a CLI to fingerprint SSH private keys & map them to Git hosting accounts.
📖 Blog: cyfinoid.com/automating-a...
🐍 PyPI: pypi.org/project/keyc...
#bugbountytips #ssh #git #github #infosec
📖 Blog: cyfinoid.com/automating-a...
🐍 PyPI: pypi.org/project/keyc...
#bugbountytips #ssh #git #github #infosec
Enhance Software Security with KeyChecker for Developer Keys
Discover how 'keychecker' automates SSH key validation to enhance supply chain security for developers and defenders alike.
cyfinoid.com
August 22, 2025 at 5:47 AM
🔑 Introducing KeyChecker – a CLI to fingerprint SSH private keys & map them to Git hosting accounts.
📖 Blog: cyfinoid.com/automating-a...
🐍 PyPI: pypi.org/project/keyc...
#bugbountytips #ssh #git #github #infosec
📖 Blog: cyfinoid.com/automating-a...
🐍 PyPI: pypi.org/project/keyc...
#bugbountytips #ssh #git #github #infosec
Its funny how current ai tooling plays out and a few years ago self help courses use to use this same tactic. We are giving you tool if you dont use it properly it will not give you result. So user pays you for stuff and if it doesnt work its their problem not yours.
July 30, 2025 at 10:00 AM
Its funny how current ai tooling plays out and a few years ago self help courses use to use this same tactic. We are giving you tool if you dont use it properly it will not give you result. So user pays you for stuff and if it doesnt work its their problem not yours.
Making Security Tools Accessible: Why I Chose the Browser
Tired of tools that need Docker to read a JSON file? I built browser-native, client-side tools like SBOMPlay and 3ptracer to prove you don’t need servers, tracking, or setup. Just open index.html and go. Minimalist, secure, and surprisingly…
Tired of tools that need Docker to read a JSON file? I built browser-native, client-side tools like SBOMPlay and 3ptracer to prove you don’t need servers, tracking, or setup. Just open index.html and go. Minimalist, secure, and surprisingly…
Making Security Tools Accessible: Why I Chose the Browser
Tired of tools that need Docker to read a JSON file? I built browser-native, client-side tools like SBOMPlay and 3ptracer to prove you don’t need servers, tracking, or setup. Just open index.html and go. Minimalist, secure, and surprisingly powerful.
blog.anantshri.info
July 29, 2025 at 1:36 AM
Making Security Tools Accessible: Why I Chose the Browser
Tired of tools that need Docker to read a JSON file? I built browser-native, client-side tools like SBOMPlay and 3ptracer to prove you don’t need servers, tracking, or setup. Just open index.html and go. Minimalist, secure, and surprisingly…
Tired of tools that need Docker to read a JSON file? I built browser-native, client-side tools like SBOMPlay and 3ptracer to prove you don’t need servers, tracking, or setup. Just open index.html and go. Minimalist, secure, and surprisingly…
Updates and plan for HackerSummerCamp USA 2025
HackerSummerCamp USA 2025
It’s that time again : HackerSummerCamp @ Vegas 2025.This one's special for me: it's my 10th BlackHat USA. What started back in 2015 as a support trainer gig has snowballed into… well, let’s just say the badge can no longer fit all the hats I wear. Here’s how the madness unfolds this year: 📆 2nd–5th Aug 2025: BlackHat Trainings…
blog.anantshri.info
July 27, 2025 at 1:31 AM
Updates and plan for HackerSummerCamp USA 2025
Vibe coding with AI feels magical until your project spirals into chaos. This guide explores how to stay grounded while building with AI tools; covering minimalism, context limits, testing, & code hygiene. A practical read for developers navigating the fine line between productivity & hallucination.
A Rational Survival Guide to Vibe Coding with AI
Vibe coding with AI feels magical until your project spirals into chaos. This guide explores how to stay grounded while building with AI tools, covering minimalism, context limits, testing, and code hygiene. A practical read for developers navigating the fine line between productivity and hallucination.
blog.anantshri.info
July 26, 2025 at 2:37 AM
Vibe coding with AI feels magical until your project spirals into chaos. This guide explores how to stay grounded while building with AI tools; covering minimalism, context limits, testing, & code hygiene. A practical read for developers navigating the fine line between productivity & hallucination.
If anyone here is already on @peerlist.bsky.social connect with me and if you are not signup here peerlist.io/anantshri/si... seems like a fun place especially if you want to be connected to builders.
Anant has invited you to join Peerlist!
peerlist.io
July 21, 2025 at 7:20 PM
If anyone here is already on @peerlist.bsky.social connect with me and if you are not signup here peerlist.io/anantshri/si... seems like a fun place especially if you want to be connected to builders.
Introducing SBOM Play: A Privacy-First SBOM Explorer with Vulnerability & License Insights
cyfinoid.com/introducing-...
A fully client side browser based SBoM Explorer. more details on the link.
#SBoM
cyfinoid.com/introducing-...
A fully client side browser based SBoM Explorer. more details on the link.
#SBoM
SBOM Play: Simplified SBOM Visualization Tool for Developers
Discover SBOM Play: a user-friendly tool to visualize SBOMs with vulnerability insights and licensing analysis—no complex setup required!
cyfinoid.com
July 21, 2025 at 12:46 AM
Introducing SBOM Play: A Privacy-First SBOM Explorer with Vulnerability & License Insights
cyfinoid.com/introducing-...
A fully client side browser based SBoM Explorer. more details on the link.
#SBoM
cyfinoid.com/introducing-...
A fully client side browser based SBoM Explorer. more details on the link.
#SBoM
As i finalize my "Attack and Defend Software Supply Chain" Training. I am sprinkling newer content and one of the thing would be AI supply chain attacks.
Join me @ Defcon 2025 : training.defcon.org/collections/...
for a deep dive into the amazing world of software supply chain security.
Join me @ Defcon 2025 : training.defcon.org/collections/...
for a deep dive into the amazing world of software supply chain security.
July 21, 2025 at 12:42 AM
As i finalize my "Attack and Defend Software Supply Chain" Training. I am sprinkling newer content and one of the thing would be AI supply chain attacks.
Join me @ Defcon 2025 : training.defcon.org/collections/...
for a deep dive into the amazing world of software supply chain security.
Join me @ Defcon 2025 : training.defcon.org/collections/...
for a deep dive into the amazing world of software supply chain security.
The Contribute page is now live at hackingarchivesofindia.com/contribute/ 🚨
Submit your talks, tools, or fix missing data.
This archive is built by the Indian hacker community : now it can grow with it.
And yeah, you can now ☕ or 💖 support it too.
#infosec #india #hackingarchives #cybersecurity
Submit your talks, tools, or fix missing data.
This archive is built by the Indian hacker community : now it can grow with it.
And yeah, you can now ☕ or 💖 support it too.
#infosec #india #hackingarchives #cybersecurity
How to Contribute? | Hackers of India
hackingarchivesofindia.com
July 13, 2025 at 5:06 AM
The Contribute page is now live at hackingarchivesofindia.com/contribute/ 🚨
Submit your talks, tools, or fix missing data.
This archive is built by the Indian hacker community : now it can grow with it.
And yeah, you can now ☕ or 💖 support it too.
#infosec #india #hackingarchives #cybersecurity
Submit your talks, tools, or fix missing data.
This archive is built by the Indian hacker community : now it can grow with it.
And yeah, you can now ☕ or 💖 support it too.
#infosec #india #hackingarchives #cybersecurity
Why i love chiptunes. Short story
My first computer had lots of limitations like mp3 files could be played but limited ram and buffer meant it will stop after few seconds for buffering.
Wav was too big file size to store on tiny disks
Speakers were not great;
Midi came as life saver & left a mark
My first computer had lots of limitations like mp3 files could be played but limited ram and buffer meant it will stop after few seconds for buffering.
Wav was too big file size to store on tiny disks
Speakers were not great;
Midi came as life saver & left a mark
July 11, 2025 at 3:52 AM
Why i love chiptunes. Short story
My first computer had lots of limitations like mp3 files could be played but limited ram and buffer meant it will stop after few seconds for buffering.
Wav was too big file size to store on tiny disks
Speakers were not great;
Midi came as life saver & left a mark
My first computer had lots of limitations like mp3 files could be played but limited ram and buffer meant it will stop after few seconds for buffering.
Wav was too big file size to store on tiny disks
Speakers were not great;
Midi came as life saver & left a mark
It has happened multiple times now. Every single time i use ai based coding assistents i am reminded that they are lowest cost typing assistents thst are coding lingo aware which means most proper logics are to be defined by me and left alone their own coding has very convaluted logic
July 8, 2025 at 1:25 AM
It has happened multiple times now. Every single time i use ai based coding assistents i am reminded that they are lowest cost typing assistents thst are coding lingo aware which means most proper logics are to be defined by me and left alone their own coding has very convaluted logic
Reposted by Anant Shrivastava
Teammate Leonid discovered a leaked credential that allowed anyone unauthorized access to all Microsoft tenants of orgs that use Synology's "Active Backup for Microsoft 365" (ABM), including sensitive data like Teams channel messages. 🤓
#synology #disclosure #modzero
modzero.com/en/blog/when...
#synology #disclosure #modzero
modzero.com/en/blog/when...
When Backups Open Backdoors: Accessing Sensitive Cloud Data via
modzero.com
June 29, 2025 at 8:01 AM
Teammate Leonid discovered a leaked credential that allowed anyone unauthorized access to all Microsoft tenants of orgs that use Synology's "Active Backup for Microsoft 365" (ABM), including sensitive data like Teams channel messages. 🤓
#synology #disclosure #modzero
modzero.com/en/blog/when...
#synology #disclosure #modzero
modzero.com/en/blog/when...