HackerLangs
TopNewTrendsCommentsPastAskShowJobs

nullcathedral

no profile record

Submissions

[untitled]

1 points·by nullcathedral·4 mesi fa·0 comments

Roundcube Webmail: three more sanitizer bypasses enable tracking and phishing

nullcathedral.com
2 points·by nullcathedral·4 mesi fa·1 comments

Perfex CRM: Unauthenticated RCE via PHP's S: deserialization format

nullcathedral.com
1 points·by nullcathedral·4 mesi fa·1 comments

Roundcube Webmail: SVG feImage bypasses image blocking to track email opens

nullcathedral.com
175 points·by nullcathedral·5 mesi fa·75 comments

comments

nullcathedral
·4 mesi fa·discuss
I wouldn't be surprised if we saw a headline in a few years when we find out other actors (e.g. China, Russia) have been buying this data en-masse too.
nullcathedral
·4 mesi fa·discuss
Yikes. Why are private organizations so happy to participate in mass surveillance.
nullcathedral
·4 mesi fa·discuss
I got bored so I decided to take another look at Roundcube :)
nullcathedral
·4 mesi fa·discuss
This was one of my most frustrating disclosures, feedback on the process is very welcome :)
nullcathedral
·4 mesi fa·discuss
Did you request a SSL certificate? Those are public, actors use those to scan any newly requested website for known vulnerabilities and other misconfigurations. I suspect you're just looking at standard internet noise :)
nullcathedral
·4 mesi fa·discuss
Sonnet 4.6 and Opus 4.6 are still available here. Pro+ subscription.
nullcathedral
·4 mesi fa·discuss
Do you run a dedicated "AI SRE" instance for each customer or how do you ensure there is no potential for cross-contamination or data leakage across customers?

Basically how do you make sure your "AI SRE" does not deviate from it's task and cause mayhem in the VM, or worse. Exfiltrates secrets, or other nasty things? :)
nullcathedral
·4 mesi fa·discuss
I think the underlying point is valid. Agents are a potential tool to add to your arsenal in addition to "throw shit at the wall and see what sticks" tools like WebInspect, Appscan, Qualys, and Acunetix.
nullcathedral
·5 mesi fa·discuss
The website gave it away for me, felt very AI generated
nullcathedral
·5 mesi fa·discuss
One approach (Claude Code) is to evolve it over time. Start small and run /insights often and use that to refine the CLAUDE.md as needed.

https://github.com/trailofbits/claude-code-config?tab=readme...
nullcathedral
·5 mesi fa·discuss
Feel free to correct me, but the ML classifier appears to be rather bare. Less than 20 hardcoded payloads with randomized URL encoding as the only augmentation. How does this generalize to novel evasion techniques? Genuinely curious what your eval numbers look like against real traffic.

https://github.com/theghostshinobi/Shibuya-waf-light-version...
nullcathedral
·5 mesi fa·discuss
Good suggestion! Thanks. I'll go write up a welcome post soon :)
nullcathedral
·5 mesi fa·discuss
Author here! Are you referring to the "What’s inside this vendor’s VMware images?" on the about page? That is merely an illustration of what goes on inside my head. This is the first article on my blog.
nullcathedral
·5 mesi fa·discuss
Author here! I have looked at Thunderbird. I'll go and look at some others as well, should have probably done that earlier.
nullcathedral
·6 mesi fa·discuss
https://nullcathedral.com

Just waiting on some vendors to patch bugs before I can drop the first set of posts :)
nullcathedral
·6 mesi fa·discuss
I'd say I agree with you there for the low-hanging fruit. The deep research (there's an image filter here but we can bypass it by knowing some obscure corner of the SVG spec) is where they still fall over and need hand holding by pointing them at the browser rendering stack, specs, etc
nullcathedral
·6 mesi fa·discuss
Maybe in the future when labs train more specifically on offensive work, lots of hand holding needed right now.

Even simple stuff like training the models to recognize when they're stuck and should just go clone a repo or pull up the javadocs instead of hallucinating their way through or trying simple internet searches.
nullcathedral
·6 mesi fa·discuss
I work in this space. The productivity gains from LLMs are real, but not in the "replace humans" direction.

Where they shine is the interpretive grunt work: "help me figure out where the auth logic is in this obfuscated blob", "make sense of this minified JS", "what's this weird binary protocol doing.", "write me a Frida script to hook these methods and dump these keys" Things that used to mean staring at code for hours or writing throwaway tooling now takes a fraction of the time. They're straight up a playing field leveler.

Folks with the hacker's mindset but without the programming chops can punch above their weight and find more within the limited time of an engagement.

Sure they make mistakes, and will need babysitting a lot. But it's getting better. I expect more firms to adopt them as part of their routine.