HackerTrans
TopNewTrendsCommentsPastAskShowJobs

JohnLeitch

no profile record

comments

JohnLeitch
·5개월 전·discuss
> refrain from setting background colors

That's the thing though, setting bg color opens up a lot of options, and constraining to invert is not sufficient in my opinion.
JohnLeitch
·6개월 전·discuss
[flagged]
JohnLeitch
·6개월 전·discuss
Ah, okay. Thought you were talking about OOB heap write or something.
JohnLeitch
·6개월 전·discuss
> though this would be a much more sophisticated exploit and is maybe a bit of a reach.

Not necessarily. I have successfully exploited stack buffer overflows in major products despite stack canaries, ASLR, and DEP. It largely depends on context; if the vector is something that can be hit repeatedly, such a webform that that takes a cert or whatever, that simplifies things a lot versus something like a file format exploit, where you probably only get one chance. While I haven't analyzed this vulnerability, I would absolutely assume exploitability even if I couldn't see a way myself.
JohnLeitch
·6개월 전·discuss
It depends on what mitigations are in place and the arrangement of the stack. Even with stack canaries, having an unfortunate value on the stack e.g. a function pointer can still be quite dangerous if it can be overwritten without hitting any of the stack canaries.
JohnLeitch
·6개월 전·discuss
Assuming you're talking about a heap buffer overrun, it's still possible to exploit for EoP in some cases.
JohnLeitch
·6개월 전·discuss
While there's some overlap in methodologies and back-and-forth with various escalations, so-called malware is distinct from software exploits. Malware can be delivered without an exploit and quite often is. Social engineering is highly effective.
JohnLeitch
·6개월 전·discuss
I was hit by this. Could RDP into machines using the regular client, but could not access Dev Boxes via Windows App. Getting real sick of the low quality AI slop.
JohnLeitch
·6개월 전·discuss
Seems quite predictable given the others in the bug report encountering the same.
JohnLeitch
·6개월 전·discuss
For sure. When it's out I'll give it a go.
JohnLeitch
·6개월 전·discuss
Thanks for taking the time to respond, and apologies for the contentiousness. I'm a jaded old man suffering from severe LLM fatigue, so I may have come off a bit harsh. Your write-up was a good read, and while I might be critical of your methodology, what you did clearly worked, and that's what matters in the end. Best of luck with your project, especially the go lib fork.
JohnLeitch
·6개월 전·discuss
The problem is hallucinations. It's incredibly frustrating to have an LLM describe an API or piece of functionality that fulfills all requirements perfectly, only to find it was a hallucination. They are impressive sometimes though. Recently I had an issue with a regression in some of our test capabilities after a pivot to Microsoft Orleans. After trying everything I could think of, I asked Sonnet 4.5, and it came up with a solution to a problem I could not even find described on the internet, let alone solved. That was quite impressive, but I almost gave up on it because it hallucinated wildly before and after the workable solution.

The same stuff happens when summarizing documentation. In that regard, I would say that, at best, modern LLMs are only good for finding an entrypoint into the docs.
JohnLeitch
·6개월 전·discuss
Oh come on, the fact that the author was able to pull this off is surely indicative of some expertise. If the story started had started off with, "I asked the LLM how to capture network traffic," then yeah, what I said would not be applicable. But that's not how this was presented. tcpdump was used, profiling tools were mentioned, etc. It is not a stretch to expect somebody who develops networked applications knows a thing or two about protocol analysis.
JohnLeitch
·6개월 전·discuss
Sure, but that is aside from my original point. If somebody:

a) Has the knowledge to run tcpdump or similar from the command line

b) Has the ambition to document and publish their effort on the internet

c) Has the ability identify and patch the target behaviors in code

I argue that, had they not run to an LLM, they likely would have solved this problem more efficiently, and would have learned more along the way. Forgive me for being so critical, but the LLM use here simply comes off as lazy. And not lazy in a good efficiency amplifying way, but lazy in a sloppy way. Ultimately this person achieved their goal, but this is a pattern I am seeing on a daily basis at this point, and I worry that heavy LLM users will see their skill sets stagnate and likely atrophy.
JohnLeitch
·6개월 전·discuss
>Is that because wireshark can't do that just from packet captures?

Well, not quite. I think it's more that nobody has taken the time to implement it. That's not to say such an implementation would automatically decrypt the traffic from a capture with no extra leg work, of course. Wireshark dissectors have user configurable preferences, and presumably this would be where captured secrets could be set for use. This is how it handles TLS decryption [1], which works beautifully.

[1] https://wiki.wireshark.org/TLS#tls-decryption
JohnLeitch
·6개월 전·discuss
What are you even trying to say? I suppose I'll clarify for you: Yes, I'm confident I could have identified the cause of the mysterious packets quickly. No, I'm not going to go through the motions because I have no particular inclination toward the work outside of banter on the internet. And what's more, it would be contrived since the answer has already shared.
JohnLeitch
·6개월 전·discuss
Not even remotely accurate. While the dissector is not as mature as I thought and there's no built-in decryption as there is for TLS, that doesn't matter much. Hint: every component of the system is attacker controlled in this scenario.
JohnLeitch
·6개월 전·discuss
Well, I spent a good part of my career reverse engineering network protocols for the purpose of developing exploits against closed source software, so I'm pretty sure I could do this quickly. Not that it matters unless you're going to pay me.
JohnLeitch
·6개월 전·discuss
What I suggested (mistakenly so, see my revised suggested approach in response to one of your siblings) is the exact opposite of gate keeping.
JohnLeitch
·6개월 전·discuss
Interesting, I thought it was possible to decrypt SSH in Wireshark a la TLS, but it seems I'm mistaken. It still would have been my first goto, likely with encryption patched out as you stated. With well documented protocols, it's generally not too difficult deciphering the raw interior bits as needed with the orientation provided by the dissected pieces. So let me revise my statement: this probably would have been a fairly easy task with protocol analysis guided code review (or simply CR alone).