HackerTrans
トップ新着トレンドコメント過去質問紹介求人

bearsyankees

no profile record

投稿

Securing a DoD contractor: Finding a multi-tenant authorization vulnerability

strix.ai
221 ポイント·投稿者 bearsyankees·2 か月前·101 コメント

Context.ai seemingly cause of Vercel breach

twitter.com
3 ポイント·投稿者 bearsyankees·3 か月前·0 コメント

Open Source Isn't Dead

strix.ai
356 ポイント·投稿者 bearsyankees·3 か月前·186 コメント

Show HN: Greptile for Security (open source)

strix.ai
2 ポイント·投稿者 bearsyankees·3 か月前·0 コメント

We love open source: finding a critical auth bypass in etcd (CVE-2026-33413)

strix.ai
4 ポイント·投稿者 bearsyankees·3 か月前·0 コメント

What Now (and What's Next)

strix.ai
11 ポイント·投稿者 bearsyankees·3 か月前·0 コメント

Yale senior hacks United, gets 2.6M miles

yaledailynews.com
5 ポイント·投稿者 bearsyankees·3 か月前·0 コメント

CVE-2026-33413 found in ETCD by open source AI agent (strix.ai), 8.8 CVSS

wiz.io
1 ポイント·投稿者 bearsyankees·4 か月前·0 コメント

Caido partners with Strix for the best of both worlds in AI penstesting

strix.ai
3 ポイント·投稿者 bearsyankees·4 か月前·1 コメント

First Impressions on Open-Source Claude Security (Strix)

theartificialq.github.io
8 ポイント·投稿者 bearsyankees·4 か月前·1 コメント

Strix Is an Open-Source Claude Code Security

strix.ai
5 ポイント·投稿者 bearsyankees·5 か月前·0 コメント

Finding a Cross-Tenant Vulnerability in GCP's Apigee

omeramiad.com
1 ポイント·投稿者 bearsyankees·5 か月前·0 コメント

Reverse Engineering US Airline's PNR System and Accessing All Reservations

alexschapiro.com
134 ポイント·投稿者 bearsyankees·7 か月前·63 コメント

Reverse engineering a $1B Legal AI tool exposed 100k+ confidential files

alexschapiro.com
821 ポイント·投稿者 bearsyankees·7 か月前·288 コメント

Pwning OpenAI Atlas Through Exposed Browser Internals

hacktron.ai
2 ポイント·投稿者 bearsyankees·7 か月前·1 コメント

Low PNR Entropy: I accessed all airline bookings via simple math

alexschapiro.com
4 ポイント·投稿者 bearsyankees·7 か月前·1 コメント

Airline Left All Passenger Data Vulnerable Due to Missing Last-Name Check

alexschapiro.com
6 ポイント·投稿者 bearsyankees·8 か月前·0 コメント

Hacktron Hacks Supabase

hacktron.ai
7 ポイント·投稿者 bearsyankees·8 か月前·0 コメント

Nobel Peace Prize Sparks Insider Trading Questions on Prediction Sites

forbes.com
3 ポイント·投稿者 bearsyankees·9 か月前·3 コメント

New investment bank is almost entirely powered by AI -- and it works

ft.com
2 ポイント·投稿者 bearsyankees·12 か月前·2 コメント

コメント

bearsyankees
·2 か月前·議論
oh apologies, thanks for the reminder
bearsyankees
·2 か月前·議論
[flagged]
bearsyankees
·2 か月前·議論
appreciate the feedback!!
bearsyankees
·2 か月前·議論
https://x.com/strix_ai/status/2051361018450948511
bearsyankees
·2 か月前·議論
fixed now
bearsyankees
·2 か月前·議論
apologies, just a vc firm
bearsyankees
·2 か月前·議論
Strix (strix.ai, https://github.com/usestrix/strix)| Founding Engineer | NYC/SF

We built the largest open-source AI pentesting framework — 25k GitHub stars, 80k active users, 15B LLM tokens processed daily, 1,800 pentests run per day. Two of us right now. You'd be the third.

Looking for a founding-engineer engineer who's done 0→1 before and wants to own the architecture of something already at scale. You'll touch everything — infra, product, research tooling. Python/TypeScript stack, AI-native workflows, real security problems.

Email [email protected] — tell us something you've built and why it was hard.
bearsyankees
·3 か月前·議論
https://x.com/steipete/status/2044423791405924562 very soon it seems...
bearsyankees
·3 か月前·議論
I don't know if I fully agree with this -- how many people were actually self-hosting cal infra? I def could be wrong though
bearsyankees
·3 か月前·議論
+1, at this point all companies need to be continuously testing their whole stack. The dumb scanners are now a thing of the past, the second your site goes live it will get slammed by the latest AI hackers
bearsyankees
·3 か月前·議論
Think this is a bad, bad move...

https://news.ycombinator.com/item?id=47780712
bearsyankees
·9 か月前·議論
https://archive.ph/T06X9
bearsyankees
·12 か月前·議論
The security issue and POCs provided were not real like they said there was a vuln but I double checked it and it was not an exploitable vuln
bearsyankees
·12 か月前·議論
Super cool! Just tried it out and it is giving me 100% confidence for two vulnerabilities (one 9.4, one 6.5) that aren't real -- how is that confidence calculated?
bearsyankees
·12 か月前·議論
https://archive.ph/qcoSR
bearsyankees
·昨年·議論
Wonder how many people still get hooked by these, though...
bearsyankees
·昨年·議論
Nice tool for curl -> python requests without an LLM, all static:

https://curlconverter.com/
bearsyankees
·昨年·議論
Awesome glad to help!! It is a pretty good tool (unless apps use SSL pinning)
bearsyankees
·昨年·議論
Hi, author here! My bad if that was not clear. The endpoint was just a POST request where the body was the phone number, so that is all you needed to know to take over someone's account.
bearsyankees
·昨年·議論
Glad you found it interesting, yeah I was experimenting with different names and obviously this one was the best. Not trying to self-promo as I am not like selling any product but just thought people would enjoy the article! Sorry if I violated any of the unwritten HN norms... but glad people are reading it now and having interesting discussions