tuckner

“Deleting GitHub accounts” is the new “we blocked their IP address”

@akses_0x00 Hopefully it can help in the future too!

@tuckner Bro this tool would have saved me a lot of frustration a few months ago I can’t even tell you

Added imposter commit tracking and release artifact gathering now also! githash.org/laravel-lang/a… githash.org/francesca898/d…

@PeteMarkowsky It just started because I didn't want to download a file to get a hash 😅

@PeteMarkowsky Haven't thought about it much to be honest with you! Makes sense but I wasn't intending on crawling deeply - just working off manual searches. That said it does seem possible!

Added a dead simple AI triage to user reported malware in #githash

@ZackKorman @rez0__ @CharlieEriksen @S1r1u5_ Only detects eicar

@rez0__ @CharlieEriksen @S1r1u5_ Well now I have to do this. What do I start with? Maybe something to detect and block malicious dependencies?

The biggest threat AI poses to cybersecurity isn't the vulnerability apocalypse. It's that it’s now trivially cheap for security vendors to build products that look like they work but don’t. The real threat actors are the unethical vendors we met along the way.

@AmitaiCo IYKYK

@tuckner you had me at "prevalence"

Githash - view hashes and find relations of files on GitHub. This app makes it really easy to get hashes of files in repositories without having to download anything. I'll only be saving what folks search for now, but as the corpus grows it will allow folks to identify prevalence and search across GitHub by SHA256. Also added some lightweight tagging of files which will follow the hash across repositories. Give it a try! githash.org/breardon2011/m…

Thousands of internal repos were compromised through a single malicious VS Code extension. Normal developer tools are becoming one of the easiest ways into major organizations 🗝️

@indy_singh_uk I got carried away 😅

@tuckner Didn't you only have this idea like 2 days ago? 🤯

@JaidCodes Fun that it's pivotable!

@tuckner Your Name

How fun! githash.org/hash/fa8e5a9c4…

Change github.com to githash.org and view the hash + enrichment super quickly!

Added graph and timeline views too

This git hash searching is quite fun already. You can see symlinks and also go view the target file reference.

@ZackKorman @endingwithali @IceSolst fml im getting the next video

@tuckner @endingwithali @IceSolst Tuckner why

I’m thinking I might go to this “def con” thing this year. Who here is going? I’m trying to decide whether I like enough of you to make it worth it

@endingwithali @ZackKorman @IceSolst legendary

@ZackKorman @tuckner @IceSolst HE'S BEEN LYING THIS WHOLE TIME?

@ZackKorman @endingwithali @IceSolst He also told me that after many years of avoiding it he will go this year

@endingwithali Oh cool. Yea @IceSolst told me he’d go

I don't think hashing the archive will work, but recording all the hashes for a repository seems very interesting. You'll be able to pivot and graph across similar hashes as well.