harisec
@harisec.bsky.social
📤 2350
📥 750
📝 36
Interested in web security, bug bounties, machine learning and investing. SolidGoldMagikarp
pinned post!
I've released 'brainstorm': an alternative way to do web fuzzing combining my fav fuzzing tool 'ffuf' (from
@joohoi.bsky.social
)with local LLMs (via Ollama API) to generate smarter filename tests. It usually finds more endpoints with fewer requests. Added a IIS shortname support
@irsdl.bsky.social
over 1 year ago
5
39
9
I wrote a blog post about how I use Claude Code (and other models) in my work:
invicti.com/blog/securit...
loading . . .
Security Research in the Age of AI Tools
Learn how AI tools can support security researchers in investigating vulnerabilities and designing security checks to detect them.
https://invicti.com/blog/security-labs/security-research-in-the-age-of-ai-tools
3 months ago
0
8
3
I generated 20k vibe-coded web applications using various models via the OpenRouter API and analyzed them for security issues. The apps are available for download if anyone wants to take a look.
www.invicti.com/blog/securit...
loading . . .
Security Issues in Vibe-Coded Web Apps: Analysis, Vulnerabilities, Scanning
Learn about common security issues in AI-generated software, based on an analysis of over 20,000 vibe-coded web apps.
https://www.invicti.com/blog/security-labs/security-issues-in-vibe-coded-web-apps-analyzed
4 months ago
0
6
2
I wrote a blog post about enumerating and testing tool usage in web applications that use LLMs:
www.invicti.com/blog/securit...
loading . . .
LLM Tool Usage Security
Learn how attackers can exploit LLM tool usage and MCP servers, why this expands the attack surface, and how automated DAST scanning strengthens LLM security in web applications.
https://www.invicti.com/blog/security-labs/llm-tool-usage-security/
5 months ago
0
4
2
Here are the slides from my
@tumpicon.org
talk: Teaching LLMs how to XSS - An introduction to fine-tuning and reinforcement learning (using your own GPU)
docs.google.com/presentation...
loading . . .
Teaching LLMs how to XSS
Teaching LLMs how to XSS An introduction to fine-tuning and reinforcement learning (using your own GPU)
https://docs.google.com/presentation/d/1feHRtOWdAKhZUQcfyzeDSgsx4Sn5QzqfgLFV1Tiskmo/edit?usp=sharing
8 months ago
0
19
6
I wrote an article about how it's possible to use Assistant Prefill to jailbreak LLMs (Large Language Models). Here is an example of the latest model from Microsoft (Phi-4) writing a phishing email:
about 1 year ago
1
4
1
My favorite talk from
#38c3
: From Pegasus to Predator - The evolution of Commercial Spyware on iOS -
media.ccc.de/v/38c3-from-...
loading . . .
From Pegasus to Predator - The evolution of Commercial Spyware on iOS
My talk explores the trajectory of iOS spyware from the initial discovery of Pegasus in 2016 to the latest cases in 2024. The talk will ...
https://media.ccc.de/v/38c3-from-pegasus-to-predator-the-evolution-of-commercial-spyware-on-ios#t=431
about 1 year ago
0
8
0
Great paper from Orange Tsai about unicode transformations:
worst.fit/assets/EU-24...
loading . . .
https://worst.fit/assets/EU-24-Tsai-WorstFit-Unveiling-Hidden-Transformers-in-Windows-ANSI.pdf?utm_source=blog.criticalthinkingpodcast.io&utm_medium=newsletter&utm_campaign=hackernotes-ep-103-getting-ansi-about-unicode-normalization&_bhlid=e026c1a06d2a0dedaff013b56d728aa52b42f316
about 1 year ago
0
12
4
OpenAI o3 model just achieved unbelievable scores (75% and 87%) on ARC-AGI, the previous models made maximum 20% and humans make around 85%.
arcprize.org/blog/oai-o3-...
loading . . .
OpenAI o3 Breakthrough High Score on ARC-AGI-Pub
OpenAI o3 scores 75.7% on ARC-AGI public leaderboard.
https://arcprize.org/blog/oai-o3-pub-breakthrough
about 1 year ago
0
3
1
Must read if you are interested in test-time compute:
huggingface.co/spaces/Huggi...
loading . . .
Scaling test-time compute - a Hugging Face Space by HuggingFaceH4
Discover amazing ML apps made by the community
https://huggingface.co/spaces/HuggingFaceH4/blogpost-scaling-test-time-compute
about 1 year ago
0
2
0
Great read:
semianalysis.com/2024/12/11/s...
loading . . .
Scaling Laws – O1 Pro Architecture, Reasoning Training Infrastructure, Orion and Claude 3.5 Opus “Failures”
There has been an increasing amount of fear, uncertainty and doubt (FUD) regarding AI Scaling laws. A cavalcade of part-time AI industry prognosticators have latched on to any bearish narrative the…
https://semianalysis.com/2024/12/11/scaling-laws-o1-pro-architecture-reasoning-training-infrastructure-orion-and-claude-3-5-opus-failures/
about 1 year ago
0
5
1
reposted by
harisec
RyotaK
about 1 year ago
If you're interested in the technical details, I wrote the blog post here:
flatt.tech/research/pos...
For the further details, please check out the announcement from the OpenWrt team:
lists.openwrt.org/pipermail/op...
(2/2)
loading . . .
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection
Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc. A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router.1 After ac...
https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/
0
17
9
reposted by
harisec
ϻг_ϻε
about 1 year ago
Here is a great follow up blog post to my blog Remote Code Execution with Spring properties written by Elliot Ward:
snyk.io/articles/rem...
loading . . .
Remote Code Execution with Spring Boot 3.4.0 Properties | Snyk
this article introduces two methods for leveraging Logback configuration to achieve Remote Code Execution (RCE) in Spring Boot applications. These techniques are effective on the latest version of Spr...
https://snyk.io/articles/remote-code-execution-with-spring-boot-3-4-0-properties/
0
21
8
reposted by
harisec
renniepak
about 1 year ago
Pro tip for if you have XSS but you can only use upper case:
aem1k.com/transliterat...
transliterate.js by
@aemkei.bsky.social
works great!
loading . . .
transliterate.js
Translate any JavaScript code to foreign writing systems. Created by Martin Kleppe aka @aemkei.
https://aem1k.com/transliterate.js/#%7B%22alphabet%22%3A%22ABCDEFGHIJKLMNOPQRSTUVWXYZ%22%2C%22code%22%3A%22alert%28%27renniepak%27%29%22%7D
0
21
6
embracethered.com/blog/posts/2...
loading . . .
DeepSeek AI: From Prompt Injection To Account Takeover · Embrace The Red
This post discusses how I found and responsibly disclosed a Cross Site Scripting in DeepSeek and it was possible to trigger it via Prompt Injection to achieve complete account takeover. The issue was ...
https://embracethered.com/blog/posts/2024/deepseek-ai-prompt-injection-to-xss-and-account-takeover/
over 1 year ago
0
12
2
reposted by
harisec
Jeremy Howard
over 1 year ago
FYI, here's the entire code to create a dataset of every single bsky message in real time: ``` from atproto import * def f(m): print(m.header, parse_subscribe_repos_message()) FirehoseSubscribeReposClient().start(f) ```
19
442
72
reposted by
harisec
Jeremy Howard
over 1 year ago
A librarian that previously worked at the British Library created a relatively small dataset of bsky posts, hundreds of times smaller than previous researchers, to help folks create toxicity filters and stuff. So people bullied him & posted death threats. He took it down. Nice one, folks.
28
583
70
reposted by
harisec
Simon Willison
over 1 year ago
qwq is a new openly licensed LLM from Alibaba Cloud's Qwen team. It's an attempt at the OpenAI o1 "reasoning" trick that runs on my Mac (20GB download) via Ollama... and it's pretty good! My detailed notes here:
simonwillison.net/2024/Nov/27/...
- here's its attempt an SVG pelican riding a bicycle.
4
83
11
I've released 'brainstorm': an alternative way to do web fuzzing combining my fav fuzzing tool 'ffuf' (from
@joohoi.bsky.social
)with local LLMs (via Ollama API) to generate smarter filename tests. It usually finds more endpoints with fewer requests. Added a IIS shortname support
@irsdl.bsky.social
over 1 year ago
5
39
9
reposted by
harisec
Jake Handy
over 1 year ago
Cursor, the top performing
#AI
IDE, launched version 0.43 today with support for 🥁… Agents! Composer can now “pick its own context, use terminal, and complete entire tasks” give it a whirl:
www.cursor.com
2
5
3
reposted by
harisec
shubs
over 1 year ago
Earlier this year, Assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE. Order of operations bugs are one of my favorite types of bugs :) Write up and exploit script here:
assetnote.io/resources/re...
1
51
24
reposted by
harisec
Gynvael Coldwind
over 1 year ago
We're doing a cool online talk tomorrow btw –
hexarcana.ch/workshops/cv...
loading . . .
CVEs of SSH
A talk about recent high-profile issues related to the SSH ecosystem.
https://hexarcana.ch/workshops/cves-of-ssh
2
21
8
reposted by
harisec
terjanq
over 1 year ago
Great article about multipart parsing. Reminds me about the bypasses I found in modsec parser
medium.com/@terjanq/waf...
add a skeleton here at some point
1
23
7
reposted by
harisec
Sam Stepanyan
over 1 year ago
#WAF
: "When WAFs Go Awry: Common Detection & Evasion Techniques for Web Application Firewalls" - by @MDSecLabs: 👇
www.mdsec.co.uk/2024/10/when...
loading . . .
When WAFs Go Awry: Common Detection & Evasion Techniques for Web Application Firewalls - MDSec
Web Application Firewalls (WAFs) help to protect web applications by monitoring, filtering, and blocking HTTP traffic to and from a web service. However, WAFs are too often relied upon as...
https://www.mdsec.co.uk/2024/10/when-wafs-go-awry-common-detection-evasion-techniques-for-web-application-firewalls/
1
6
2
reposted by
harisec
jiska
over 1 year ago
How does the new iOS inactivity reboot work? What does it protect from? I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.
naehrdine.blogspot.com/2024/11/reve...
loading . . .
Reverse Engineering iOS 18 Inactivity Reboot
Wireless and firmware hacking, PhD life, Technology
https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html
12
279
118
reposted by
harisec
Matthew Cashew
over 1 year ago
As a pentester and security engineer, I found this talk to be very inspiring. I haven't been able to use the tool yet, but you can bet I will soon!
youtu.be/bCNnloBaw_U?...
loading . . .
The Dangers of Building a Recursive Internet Scanner by Joel Moore | BSides CHS 2024
YouTube video by BSidesCHS
https://youtu.be/bCNnloBaw_U?si=023E_2K2-AhiqvQO
0
14
4
xbow.com/blog/xbow-sc...
loading . . .
XBOW – How XBOW found a Scoold authentication bypass
As we shift our focus from benchmarks to real world applications, we will be sharing some of the most interesting vulnerabilities XBOW has found in real-world, open-source targets. The first of these ...
https://xbow.com/blog/xbow-scoold-vuln/
over 1 year ago
0
0
0
I will definitelly do something with the BlueSky Firehose, that sounds very interesting.
joelgustafson.com/posts/2024-1...
loading . . .
Visualizing 13 million BlueSky users | Joel Gustafson
https://joelgustafson.com/posts/2024-11-12/vizualizing-13-million-bluesky-users
over 1 year ago
0
0
0
Recraft's new model, unlike typical diffusion models, can handle math and geography - a surprising capability for an image generator. I wrote an article about abusing this functionality to leak its system prompt (using only generated images).
www.invicti.com/blog/securit...
loading . . .
System prompt exposure: how AI image generators may leak sensitive instructions
Recraft's image generation service uses a unique architecture combining an LLM (Claude) with a diffusion model. Learn what led to the discovery that carefully crafted prompts could expose the system's...
https://www.invicti.com/blog/security-labs/system-prompt-exposure-how-ai-image-generators-may-leak-sensitive-instructions/
over 1 year ago
0
1
0
I wrote a blog post about analyzing WordPress hack access logs with
#NotebookLM
www.invicti.com/blog/securit...
loading . . .
Analyzing WordPress Hack Access Logs With NotebookLM
Learn how to analyze WordPress hack access logs using Google's NotebookLM, featuring a real-world case study of detecting and investigating a CVE-2023-6961 exploit in the WP Meta SEO plugin through in...
https://www.invicti.com/blog/security-labs/analyzing-wordpress-hack-access-logs-with-notebooklm/
over 1 year ago
0
4
0
you reached the end!!
feeds!
log in
