@DanaEpp @bishopfox Nice! And if running the Eyeballer python is too much of a hassle, there's bishopfox.github.io/eyeballer/ It's a front-end JS implementation so you can just drag-and-drop files with no setup.
English
AltF4
130 posts
AltF4
@2600AltF4
Consultant with Bishop Fox, Software engineer, hacker, free software advocate, gamer, husband. (In no particular order)
Katılım Ocak 2012
12 Takip Edilen645 Takipçiler
Let me show you how to use the AI in Eyeballer from BishopFox to help identify interesting targets during recon of your web apps & APIs.
#apihacking #apisecurity
danaepp.com/api-recon-tip-…
English
@IDmachines @MalwareCarlos @RFID_Consultant @bishopfox The blog post just covers the high risk exploitable issues we identified, a portion of the full research. Hopefully we'll get video of the full talk soon.
But if you want to see a very brief listing of our other findings, you can find them here: #additional-medium--low-risk-issues" target="_blank" rel="nofollow noopener">github.com/BishopFox/mell…
English
@MalwareCarlos @RFID_Consultant @2600AltF4 @bishopfox Not exactly, you need access to the wire or installation mode, this is primarily about poor implementation not underlying weaknesses in the protocol, also states that you should only use devices that are OSDP Verified(tm) as conclusion..,
English
Researchers @2600AltF4 & David Vargas of @bishopfox have introduced the covert #OSDP attack device, mellon, similar to tools like ESPKey and Gecko. Researchers can use it to subvert the next-gen protocol during #security engagements #RedTeaming #infosec bfx.social/3KuieHa?blaid=…
English
@TakSec If you didn't know, there's also a totally in-browser JS version here for ease of use: eyeballer.bishopfox.com
English
Anyone use Eyeballer in their recon flow after eyewitness or gowitness? Would love to hear your experience w/ it.
Playing w/ it this weekend and will post something next week. github.com/BishopFox/eyeb…
English
@SIAonline, I'm trying to disclose a vulnerability about one of your protocols but am getting no responses via email. Who should I contact?
English
@ssbmGooms Feel free to hit me up on the Slippi discord if you wanna talk. I do security full-time. (Helping w/ Slippi is my hobby)
English
Still hacked, think they hacked my network, not just my computer. I’m factory resetting my computer and router and won’t be connecting any devices that haven’t yet been reset to my internet. I’ll then reset all my passwords again. Will this be enough? Cybersec nerds pls help
English
@yoloswagwest When you get the chance, drop the SLP replay in the Slippi discord. We'll take a look at it.
English
@Violent_Lee @peachupairfan @iBDWSSBM Fair, though this convo is starting to have more nuance than what bird app is capable of. Maybe continue offline
English
@2600AltF4 @peachupairfan @iBDWSSBM I think that whether or not they're defined as cheating, they certainly give you an advantage over other players.
Imagine I set an overlay to turn a character white on frame 1 whenever they tech in place, I would have a significant advantage in tech chasing.
English
My actual main issues with online ever counting like that:
Both people are playing on functionally different setups, what are you testing exactly?
Cheating is SUBSTANTIALLY easier online. Overlays, frame delay, hell someone can play for you.
Cross country is mostly dog
Mono@monotheon
Now that Panda isn't doing the rankings how are we counting SMASH CAMP TRAIL INVITATIONAL OFF SEASON ETC but not LACS4?
English
@peachupairfan @iBDWSSBM I'm not the one who decides this stuff, but both of those are pretty clearly "not cheating" imo.
Melee is a game of perfect information, you just have to live with the consequences of that.
English
@2600AltF4 @iBDWSSBM widescreen and using the overlay to read inputs are both pretty easy to do right? a lot of people are against those
English
English
AltF4 retweetledi
Our July #webcast is around the bend! Join veteran #pentester + Lead Researcher Dan Petro (@2600AltF4) as he dives into getting the most from your #pentests. Learn the key aspects of #pentesting, questions to ask during the process, & more! bfx.social/3OYE0mq #cybersecurity
English
@notdan "this was a faux vulnerability for credibility nobody questioned"
Time lapse of output as a super resolution resnet trains on the task:
GIF
English
The Bounty Has Officially Been Upped To $1,000 USD. Enjoy! I really would like to see something happen with this, but we will finally see how practical the supposed “pixel deobfuscation attack” actually is.
uɐpʇou@ ✸@notdan
Show me one practical use of the "Deobfuscating Pixel Filter With AI/ML" and I'll send you $100 in XMR. Must be original, show your work (aka screenrecord everything) and not be one of the samples that the author of the "vulnerability" provided. Print the text on my sample & win:
English
Show me one practical use of the "Deobfuscating Pixel Filter With AI/ML" and I'll send you $100 in XMR. Must be original, show your work (aka screenrecord everything) and not be one of the samples that the author of the "vulnerability" provided. Print the text on my sample & win:
English
@NMcnotme I'm afraid not. Unredacter works by guessing the letters and verifying it against the original image. It won't work when the target is just a low-res photo. Even if you did make a guess and "low-res" it, it wouldn't produce the SAME low-res image. The noise would be all different
English
@2600AltF4 hey, I dunno how to Twitter. Would your Unredacter software be able to do anything with this? library.uta.edu/roswell/ramey-… not Redacted blurry, so maybe not, but there’s a bounty if it can, but I am mainly just curious to read it if it’s possible.
English
@3isenHeiM @GIMP_Official There is no secure block size. Obviously the larger the block size, the less information you leak. But you're always leaking _some_ information so long as you're doing a pixelation process. So just don't do it.
English
@2600AltF4 In @GIMP_Official, there is the options to choose the pixel size.
Any recommendation on the minimal size to thwart this (awesome BTW) tool ? :)
English
My latest research, Unredacter, is live! bfx.social/34Y4MZU Never ever ever use pixelation as a redaction technique. This will show you why.
English
@sickcodes @binitamshah I'm quite sure Unredacter is an order of magnitude slower than it needs to be. XD It's an Electron app, and I almost immediately regretted it and wished I had made it in Golang. But such is life.
English
@binitamshah @2600AltF4 Awesome. Someone should combine this tool with beurtschipper’s Depix but using CUDA cores or tensorflow because either the FPS is low af on the video or that is genuinely slow
English
unredacter : Never ever ever use pixelation as a redaction technique : github.com/BishopFox/unre… credits @2600AltF4
GIF
English
@0x01K @binitamshah The technique is pretty sensitive to the font used. I made a whole writeup about it here if you're interested: bishopfox.com/blog/unredacte…
English
@binitamshah @2600AltF4 Does the original font matter at all? Though, I don’t think there’s gonna be much variation in a specific class of documents (e.g. official/government docs)
English
English
@sehnaoui @bishopfox Cool program. Pretty efficient implementation. But about not pixelating for redaction ... Haven't we known that for like more than a decade?
English
Cool writeup from @bishopfox on why you should never use pixelation for redacting text. Also check out their Unredacter tool on github.
#pixelation #infosec
bishopfox.com/blog/unredacte…
github.com/BishopFox/unre…
GIF
English
@superevr @JumpsecLabs The same basic technique ought to work, though you'd have to make a few non-trivial changes to Unredacter to make it function. But the same basic idea of "guess it character by character" works for blurring in principle.
English
@2600AltF4 @JumpsecLabs depixelizing is cool, but what about deblurring?
zawy@zawy3
The hacking expert who broke open the $2M trezor wallet only blurred the seed phrase, so I thought I'd see what gimp can do.
English