tacitPanda
3.5K posts
tacitPanda
@tacitPanda
InfoSec | Hacking is a team sport | The CLI is God | お前はもう死んでいる | #pandagang
On da innanet Beigetreten Mart 2022
734 Folgt194 Follower
@HackingDave Wtf happened bro? Idk I’ve been using it just fine. What happened that caused this??
English
Something deeply messed up with Claude's model right now. It went from a hero to a zero almost overnight. I hope they fix it, as of right now - I've moved over to codex, it's completely unusual. Beware.
English
@vxunderground Yea home ownership is real bro. There’s ALWAYS something to fix. On the bright side you’ll never be bored and if you want nice things but don’t have a shit ton of money you’ll have to do it yourself 😅
English
The cool thing about owning a home is you can do whatever you want with it.
The bad thing about owning a home is it's a fucking big hunk of fucking junk and for some reason dumb small shit happens all the time
If you've got a pussy fart worth of space between your outside walls and attic, or roof, or something, dumb ass lady bugs will come in. Once they're inside they won't do anything except go to your windows and die in hoards like a bunch of dumbasses.
I fucking HATE LADY BUGS. I HATE SIDING. I HATE WEATHER WHICH IMPACTS HOME SIDING AND CAN DETERIORATE MATERIAL OVER TIME
English
@Dinosn I got a chance to meet one of the creators of this tool when he did a talk on it. Cool guy, great tool.
English
redStack: Boot-to-Breach red team lab on AWS. Mythic, Sliver, and Havoc C2 behind a production-style Apache redirector. Deployed via Terraform. github.com/BaddKharma/red…
English
@vasilyKaiser @stokfredrik Wow I had no idea this site existed. Thanks for sharing!
English
@stokfredrik Unfortunately available only for Apple: opensource.apple.com/projects/conta…
English
What is the most efficient and easy way to setup a solution today for Claud code segmentation/sandboxing, without loosing to much performance?
What I want :
- a secure way to run Claud code + tools with full access to a shell on laptop (independent of the os) I want it to be able to install apps, dependencies you name it on the fly inside its ”home”.
- egress over network, so it can send / route traffic through a proxy like burp/caido for logging purposes, passive audits and manual evaluations. But no other host / access, findings will be sent back into the workflow for validation.
- files / memory / context dumps synced over git, rsync or similar,
- a easy snapshot functionality so I’m able to roll back and get em back up running fast when it eats itself.
Any ideas? I could easily ask the llm, but I want some human input around it.
English
The FBI (and apparently every other government agency on planet) has seized LeakBase, the long standing competitor to Breached, with the difference being LeakBase was more tailored to Eastern Europeans.
Hot take: Operation Leak is an unoriginal and lazy name
English
I blame the “Get into cybersecurity in 90 days and make $100k” crowd. I’ve met people making six figures leading teams that don’t know anything about Linux and rarely if ever touch a Cli.
solst/ICE of Astarte@IceSolst
There’s an astronomical skill gap between good security people, and the rest. There’s no mid. Accounts you see posting their research here are absolutely cracked, it’s not the norm. When you go out and talk to security folks that don’t go to conferences, don’t read up on research, you realize- holy shit. They have no fucking clue. The majority of the cybersecurity work force is absolutely incompetent. It’s partly why vendors can come up with inane bullshit as marketing material and it works on many CISOs. If you’re reading this, you’re most likely 1000x the skill level of the average person. Like I cannot emphasize enough how low the bar is when the sample size is the entire industry.
English
@HackingLZ @stokfredrik I can see teams in the coming future simply deploying agentic models on boxes in house for white/grey engagement periods that run on command and deliver reports. Days of testing turns to hours or minutes.
Teams will still have to analyze and look into reporting though.
English
I have no doubt AI tooling will augment testing in lots of ways, so if that means fewer OffSec jobs, I get it. We were in a period where OffSec was "easy" and people forgot the job was supposed to get harder over time instead, boot camps told people they would make X after 12 weeks.
The nature of most organizations security programs is a little more complex than their public facing bug bounty programs. The leap most people are making is that AI will close the gap to 80% and someone with no domain knowledge will drive that 80%. There is also a whole "replace a job vs. tasks" argument that all of AI land is currently having.|
Another somewhat useful point bug bounties largely avoid the data protection requirements companies have. For example, many wouldn't allow external or even internal people to run their data through frontier models during offensive testing.
The greater tipping point in the replacement discussion will come when local models reach a certain capability threshold, because it will allow companies to maintain safeguards while still meeting compliance and regulatory requirements. In that same space, there's also a lack of training data for internal pentesting and other areas compared to much of the bug bounty landscape.
English
He’s not lying (not that anyone would think Dave was lying) lol. I rebranded my support business and it literally took an hour to build a VERY good looking website. Claude is top tier
Dave Kennedy@HackingDave
I am creating amazing websites in hours. Not days, not weeks with Claude. Example here: I'm part owner of a basketball training facility called Swish365. We built a custom app in the appstore/play store and its a challenge to update. The website too (original built on wordpress). Two hours, I converted our app to mobile UI without an app, integrated into Stripe's API's to manage subscriptions. Built fully dynamic and automate reporting for payments to each franchise location with all fees/royalties taken out. Something that took us hours before. Trending analysis of each facility on upward/downward trends for facility. Dynamic location creation so when we add new franchises it automatically creates it. Convert all existing members from old to new system. If they book once a week, it creates a streak similar to NBA Jam, if they get to BOOMSHAKALA they get a free shirt. Beautiful webpage, custom business processes directly to our business and enhancements over previous systems. Two hours. It's unbelievable.
English
tacitPanda retweetet
We found that Wi-Fi client isolation can often be bypassed. This allows an attacker who can connect to a network, either as a malicious insider or by connecting to a co-located open network, to attack others.
NDSS'26 paper: ndss-symposium.org/wp-content/upl…
GitHub: github.com/vanhoefm/airsn…
English
@vxunderground Lol welcome to parenthood my friend. If it ain’t about the babies it’s stress over other stuff like bills and life. But as Kendrick said I’m fucked up homie you fucked up but if god got us then we gon be alright 👍
English
I planned on making educational YouTube videos, but with full time employment, a 10 month old baby (about to be 11 months in a few days!), the rest of my family, a vx-underground, work developing malware and poking malware with a stick, I can't summon the energy to make dumb videos on malware.
I'm soft blooded.
When I'm not working, my brain is so deep fried and exhausted I unironically watch Elder Scrolls lore videos and dumb videos on internet drama.
I don't have any friends in real life, they're all far away or married with children too. My entire existence is working or caring for a baby.
It's not bad, I love it. I'm very happy.
But... God damn am I tired. I'm so tired and I don't even really remember the last time I was able to relax. It's unironically been years since I wasn't working in some capacity. At this point, I don't even know if I know how to relax. When I'm not doing malware stuff, I feel compelled to do malware stuff.
It's all ogre.
I don't expect any of you to give a shit. But I wanted to scream into the void of internet.
Thanks.
English
@vxunderground This is the perfect example of a healthy family and marriage and I do not mean that with any sarcasm
English
My son is 10 months old. Whenever I try to change his diaper he starts giggling, kicking his legs, or tries to roll over and crawl away.
Because of this, whenever I change his diaper I immediately fold up the dirty diaper and place it on the ground next to my feet. It is important I place the dirty diaper near my feet, where he can't reach it, otherwise he WILL reach for the dirty diaper and attempt to do bite it (he's teething).
Unfortunately, I've established a habit where once I place the dirty diaper by my feet I forget about it. Once I'm done changing him I walk away and do whatever else I was doing previously.
This has resulted in my wife finding dirty diapers on the ground and her becoming very frustrated by my forgotfulness.
I apologized, admitted I need to ensure they're disposed of. She told me that if I don't throwaway the dirty diaper once I'm done changing my baby son, she will place the dirty diaper under my pillow. She said, "the poop fairy will visit you". I assured her that this was not necessary because I won't forget to throwaway his diaper.
Moments ago I crawled into bed. When I placed my head on the pillow I heard a "squish" noise. Additionally, I smelled a strong odor of urine. I immediately jumped up, flipped over the pillow and ... I was visited by the "poop fairy". I forgot to throwaway the diaper.
English
I’m pretty sure most every world issue could be solved if we just started offering each other pieces of candy.
The good stuff too. Maybe a mix of the grandma candy here and there.
English
@d0tslash A feature some of the kiosks have is that you can save a digital version of your key in case you lose it and need to have one made again...
English
@d0tslash Initially I thought no because why would this be connected to the internet. Then I remembered a toothbrush and a stove can so why wouldn’t this?
I’d venture to say there’s either hard coded creds or a weak password governing administrative access.
English
@I_Am_Jakoby The job market is a complete dumpster fire right now. I don’t even look anymore. Just freelance, have fun, and spend time with my family
English
So I havent stopped trying to apply for jobs, just unfortunately havent had any luck. More unfortunately its honestly just too late now.
It sucks I wasn't able to find my place. In my head I feel I have a lot to offer. Its ok though, I really have found peace.
Its weird because I still feel so blessed. I've put my work out there and people appreciate it. People appreciate me and I feel appreciated. Its a beautiful feeling. I'm a lucky man. I'm grateful.
English