HackerTrans
TopNewTrendsCommentsPastAskShowJobs

x1sec

no profile record

comments

x1sec
·vor 2 Jahren·discuss
Could you describe the smell?
x1sec
·vor 3 Jahren·discuss
By "extensibility" does this mean the ability to write your own extensions? Being able to develop and contribute plugins back to the community (similar to Burp's BApp store) could really accelerate the competitiveness of Caido up against Burp.
x1sec
·vor 3 Jahren·discuss
Caido[1] a interception proxy written in Rust, is positioning itself as a "lightweight" alternative to Burp. It can't compete yet with Burp in terms of functionality, although the product is certainly looking promising.

Perhaps the only contender to Burp in respect to functionality/features is ZAP[2].

EDIT: You can run your own collaborator type setup with Project discovery's interactsh[3].

Further EDIT: A downvote might be because of the mention of Rust / closed source - this is explicitly mentioned because a large pain point for Burp is it's a Java memory hog. If Caido was written in C++ with Qt, this fact would be notable for the exact same reason.

[1] https://caido.io/

[2] https://www.zaproxy.org/

[3] https://github.com/projectdiscovery/interactsh
x1sec
·vor 3 Jahren·discuss
This is not a new plugin; it (and similar extensions) have been available for Burp and a staple for testers for a few years now.

Automating authorisation checks has less to do with novelty seeking and more to do with the practicalities of ensuring adequate coverage within the assigned engagement time frame.
x1sec
·vor 3 Jahren·discuss
In the Q&A section, the speaker remarks:

"There is a part of the talk where I am trying to perform a little bit.. the thing that I'm also talking about. My background is in art .. and we always try to think about form and content being kind of the same thing.."

Thoroughly entertaining, well executed.
x1sec
·vor 3 Jahren·discuss
Perhaps a physical switch that connects or disconnects the electrical signal from the microphone to the handset could be a more convenient approach.

There is a photo of Mark Zuckerberg with a cut off 3.5mm jack plugged into his laptop - likely to achieve a similar outcome.
x1sec
·vor 3 Jahren·discuss
How frequent?
x1sec
·vor 3 Jahren·discuss
In a week, a lot of data can be exfiltrated. Then after you have rebooted, the threat actor reinfects your device.

Frequently rebooting the device can’t hurt but it likely isn’t going to prevent a threat actor from achieving their objectives.

The best mitigation we have is to enable lockdown mode.
x1sec
·vor 3 Jahren·discuss
A port of the tutorial's Pascal code to C which emits x86 assembly:

https://github.com/lotabout/Let-s-build-a-compiler
x1sec
·vor 3 Jahren·discuss
> Of course it is quite common to need to read it

This is a notable differentiation - Writing assembly is a different skill to reading it from a disassembly. Reverse engineering, malware analysis etc. does not inherently require you to be able to write asm, although it certainly would help.
x1sec
·vor 3 Jahren·discuss
SSID / BSSID is often enough to pinpoint the location. Recently someone debated this with me, so I asked him what his wifi AP name was, then proceeded to provide their home address.

How? By searching it in https://wigle.net.

That ended the debate quite swiftly.
x1sec
·vor 3 Jahren·discuss
Recently having stumbled across the VSCode shellcheck plugin[1] - it's been particularly educational as it provides not only corrections but improvement tips. For example the common practice of:

if [ $? -ne 0 ]; then

Will get flagged and an improvement will be suggested with an explanation on why [2]

[1] https://marketplace.visualstudio.com/items?itemName=timonwon...

[2] https://www.shellcheck.net/wiki/SC2181
x1sec
·vor 3 Jahren·discuss
Cal Newport, the author of 'Deep Work'[1] releases frequent content on Youtube [2] that attempts to address the kind of challenges expressed by the author.

[1] https://www.goodreads.com/en/book/show/25744928

[2] https://www.youtube.com/@CalNewportMedia
x1sec
·vor 3 Jahren·discuss
Pikuma has a 25 hour “NES Programming with 6502 Assembly” that is both accessible to beginners with little to no prior knowledge and being packed with content. [1]

He also has other interesting courses which touch upon “retro” programming in a very accessible manner. [2]

[1] https://pikuma.com/courses/nes-game-programming-tutorial

[2] https://pikuma.com/courses