HackerTrans
TopNewTrendsCommentsPastAskShowJobs

nullcathedral

no profile record

Submissions

[untitled]

1 points·by nullcathedral·4 tháng trước·0 comments

Roundcube Webmail: three more sanitizer bypasses enable tracking and phishing

nullcathedral.com
2 points·by nullcathedral·4 tháng trước·1 comments

Perfex CRM: Unauthenticated RCE via PHP's S: deserialization format

nullcathedral.com
1 points·by nullcathedral·4 tháng trước·1 comments

Roundcube Webmail: SVG feImage bypasses image blocking to track email opens

nullcathedral.com
175 points·by nullcathedral·5 tháng trước·75 comments

comments

nullcathedral
·4 tháng trước·discuss
I wouldn't be surprised if we saw a headline in a few years when we find out other actors (e.g. China, Russia) have been buying this data en-masse too.
nullcathedral
·4 tháng trước·discuss
Yikes. Why are private organizations so happy to participate in mass surveillance.
nullcathedral
·4 tháng trước·discuss
I got bored so I decided to take another look at Roundcube :)
nullcathedral
·4 tháng trước·discuss
This was one of my most frustrating disclosures, feedback on the process is very welcome :)
nullcathedral
·4 tháng trước·discuss
Did you request a SSL certificate? Those are public, actors use those to scan any newly requested website for known vulnerabilities and other misconfigurations. I suspect you're just looking at standard internet noise :)
nullcathedral
·4 tháng trước·discuss
Sonnet 4.6 and Opus 4.6 are still available here. Pro+ subscription.
nullcathedral
·4 tháng trước·discuss
Do you run a dedicated "AI SRE" instance for each customer or how do you ensure there is no potential for cross-contamination or data leakage across customers?

Basically how do you make sure your "AI SRE" does not deviate from it's task and cause mayhem in the VM, or worse. Exfiltrates secrets, or other nasty things? :)
nullcathedral
·4 tháng trước·discuss
I think the underlying point is valid. Agents are a potential tool to add to your arsenal in addition to "throw shit at the wall and see what sticks" tools like WebInspect, Appscan, Qualys, and Acunetix.
nullcathedral
·5 tháng trước·discuss
The website gave it away for me, felt very AI generated
nullcathedral
·5 tháng trước·discuss
One approach (Claude Code) is to evolve it over time. Start small and run /insights often and use that to refine the CLAUDE.md as needed.

https://github.com/trailofbits/claude-code-config?tab=readme...
nullcathedral
·5 tháng trước·discuss
Feel free to correct me, but the ML classifier appears to be rather bare. Less than 20 hardcoded payloads with randomized URL encoding as the only augmentation. How does this generalize to novel evasion techniques? Genuinely curious what your eval numbers look like against real traffic.

https://github.com/theghostshinobi/Shibuya-waf-light-version...
nullcathedral
·5 tháng trước·discuss
Good suggestion! Thanks. I'll go write up a welcome post soon :)
nullcathedral
·5 tháng trước·discuss
Author here! Are you referring to the "What’s inside this vendor’s VMware images?" on the about page? That is merely an illustration of what goes on inside my head. This is the first article on my blog.
nullcathedral
·5 tháng trước·discuss
Author here! I have looked at Thunderbird. I'll go and look at some others as well, should have probably done that earlier.
nullcathedral
·6 tháng trước·discuss
https://nullcathedral.com

Just waiting on some vendors to patch bugs before I can drop the first set of posts :)
nullcathedral
·6 tháng trước·discuss
I'd say I agree with you there for the low-hanging fruit. The deep research (there's an image filter here but we can bypass it by knowing some obscure corner of the SVG spec) is where they still fall over and need hand holding by pointing them at the browser rendering stack, specs, etc
nullcathedral
·6 tháng trước·discuss
Maybe in the future when labs train more specifically on offensive work, lots of hand holding needed right now.

Even simple stuff like training the models to recognize when they're stuck and should just go clone a repo or pull up the javadocs instead of hallucinating their way through or trying simple internet searches.
nullcathedral
·6 tháng trước·discuss
I work in this space. The productivity gains from LLMs are real, but not in the "replace humans" direction.

Where they shine is the interpretive grunt work: "help me figure out where the auth logic is in this obfuscated blob", "make sense of this minified JS", "what's this weird binary protocol doing.", "write me a Frida script to hook these methods and dump these keys" Things that used to mean staring at code for hours or writing throwaway tooling now takes a fraction of the time. They're straight up a playing field leveler.

Folks with the hacker's mindset but without the programming chops can punch above their weight and find more within the limited time of an engagement.

Sure they make mistakes, and will need babysitting a lot. But it's getting better. I expect more firms to adopt them as part of their routine.