Sabitlenmiş Tweet
Tanner Barnes
3.2K posts
Tanner Barnes
@_StaticFlow_
I build security tools and sometimes do some hacking. Always compress then encrypt ;)
Katılım Eylül 2009
985 Takip Edilen4.9K Takipçiler
@xssdoctor @ctbbpodcast For sure, but are there things you’re looking for as prerequisites to chain with CSPT? In the XSS case it seems the thought process is: I found a spot in the app that can render raw html, how do I get my html in there, oh cool there’s a CSPT gadget. Can CSPT alone achieve XSS?
English
@_StaticFlow_ @ctbbpodcast It can lead to csrf or xss. That’s how it’s useful
English
Hey guys! If you’re interested in cspt and quirks with frontend frameworks here’s some cool research I did with @ctbbpodcast
criticalthinkingpodcast.github.io/research/the-d…
English
@xssdoctor @ctbbpodcast Yea it’s a lot to fit into a tweet unfortunately. lab.ctbb.show/research/the-d…. This part of the doc where you explain a potential vuln, it seems to assume anyone can view the attachment you uploaded. I get the bug class of CSPT just fuzzy on when it’s useful.
English
Hey I’m not 100% sure what you mean. Cspt is a client side gadget and idor is a server side bug. In cspt, a path traversal payload flows to the api call. You chain this with open redirect or file upload bug to control the api response. If that response flows to a dangerous sink you have a bug
English
One weird trick for getting Codex to run for a very long time is to ask it to boot a kernel in QEMU for a machine that QEMU doesn't support. It's been at it for like 8 hours, making steady forward progress and getting further into the boot process
English
@evilsocket @moyix I was wondering the other day whether you could use a loop like this to find a kernel LPE by putting the agent in a low privilege environment and asking it to not stop till it can read flag.txt in the root folder
English
Any time you can create some sort of feedback loop (for instance, "check unit tests code coverage and iteratively write more tests to increase it to X%", or "make X work, check why it doesn't and keep working on it") with some sort of signal the model can follow, this happens. At least to my personal experience with coding.
English
Inspired by @kuzushi I created a web server that just sends the raw HTTP requests it receives to an LLM with a system prompt telling the LLM to act like an HTTP server.
It's actually pretty funny to use. 😅
Send me URLs, I will try them...
kuzushi@kuzushi
I am going to launch a webpage that uses genai per request to create the responses, that way any security bugs I have are stochastic too and we can't be hacked.
English
@thedawgyg Also there’s no place in America currently where you’re allowed to vote without proof of ID. There’s just 12 states where you don’t have to bring that ID with you. Those 12 still require proof of ID to register to vote. The people in power just don’t want folks voting in general.
English
@thedawgyg Yea, interestingly I see it from the opposite side. Why are so many people in power making this big a deal over a problem with an incident rate of 0.007%? If you crack open the laws proposed, like the safe act, their sole purpose is to make it harder for _anyone_ to vote.
English
I agree with this. I have to show my ID every time i purchase cigarettes, alcohol, beer, hell even going to an R rated movie. People generally have to show ID every day for something (work, purchases of age restricted items etc) yet when they have to show it to vote, it suddenly becomes racist then. This makes no sense at all to me. Every member of the house/congress have to use their ID to vote....
Elon Musk@elonmusk
If requiring ID to vote is racist/sexist, as they falsely claim, then so is requiring ID for anything else, which they do all the time. The same people saying no ID for voting are the ones who demanded vaccination ID!
English
@thedawgyg And that’s just presidential election years. If you count midterm voting the total goes to like 2.2 billion and the amount of voter fraud goes to 0.0072%.
English
@thedawgyg I don’t think there’s any data to support voter fraud is an issue at all.
All Votes for pres: statista.com/statistics/113… : ~1.4 Billion. Heritage Fdn’s sample of all voter fraud data (‘82-‘25): electionfraud.heritage.org/search 1620. (1620*100k)/1.4B ~= 0.01%
That’s if their sample is 1/100k
English
@rez0__ It’s more “high fantasy” classic dungeon crawl vs tech themed. There’s many more class-species combos. I like the visuals better. There’s a “standard” win path and an “extended” game if you are feeling brave.
English
Want to come work with me building AppSec tooling to help keep the many brands at Match Group secure? Apply here! jobs.lever.co/matchgroup/7b3…
English
Would anyone be interested in a hardware hacking stream? I have a device I've been playing with recently that I just made some big progress on and thought others might find it interesting!
English
@DanielLockyer The web app for sourcebot.dev is really slow when there’s lots of matches for a query. Was gonna take a swing at fixing it but you might find it easier to solve than I
English
alright, what else is slow
Daniel Lockyer@DanielLockyer
I've found (and locally fixed) an annoying performance bug on @X web! TLDR: go to a post with a lot of replies, and scroll up and down - notice it's laggy? There's a component that calculates the scroll parent, and then removes the scroll listener when unmounting. But it seems we don't even have a scroll listener most of the time, so we can avoid the heavy _getScrollParent function by wrapping it in a conditional This removes seconds of forced reflow and lag for me Would love to get it fixed! 🙏🏻 @X @engineering @elonmusk @nikitabier
English
Tanner Barnes retweetledi
@CristiVlad25 @NotebookLM What if the room you’re videoing in is just covered in prompt injections
English
Now testing @NotebookLM Video Overviews, though from a Google workspace account. I don't have Video Overview on my personal account as of yet.
English
Anyone gonna be at defcon this year bringing a hardware hacking setup? I’ve got a device I’ve been tinkering with but I am thus far unsuccessful in extracting the firmware. Would be fun to jam on it live at the con!
English
Tanner Barnes retweetledi
The is diabolical... a Python object that hallucinates method implementations on demand any time you call them, using my LLM Python library github.com/awwaiid/gremllm
English
@CristiVlad25 My guess is you're going to have to solve this at the hardware level. Phone/DSLR vendors are going to have to include TPM chips that sign the bytes from the camera sensor. Couple that with an attestation service which can verify the signature and then trust no unsigned content.
English
We kinda urgently need to authenticate human content and efficient automated ways to flag the AI generated kind.
Recent high-quality videos impersonating well-known figures are likely going to lead to an increasing number of people being deceived.
(a strong cryptographic or blockchain solution could work for starters)
English