I’ve mentioned this before: this is one of the oncoming trains for corp-security. We’ve long failed at least-privilege, but weren’t often punished for it.
Helen in HR (or Bob in accounts) didn’t know what to do with the extra perms they didn’t know they had.
Their agents will.
Steven Spielberg não fazia um filme original sobre OVNIs há quase 50 anos
agora ele está voltando com “Disclosure Day”
e o mais estranho é a ideia por trás do filme
em 2023, Spielberg disse acreditar que os objetos vistos por militares talvez não sejam alienígenas
mas humanos do futuro voltando para estudar exatamente a nossa época
não porque somos especiais
mas porque “algo aconteceu” no século 20 e 21 que ainda não percebemos completamente
isso muda completamente o tipo de história que ele está contando
Close Encounters era sobre primeiro contato
E.T. era sobre conexão entre espécies
Disclosure Day parece ser sobre um aviso
Ah yes, the “are bugs, shallow or deep?” debate almost 30 years on ( using CatB as a rough starting point, but likely goes back at least a decade before that).
Assuming token optimization is still in its infancy it’s nice to think of a future where standard best practices include a agent using a highly optimized model running a @ProjectZeroBugs level review and providing patches as just a normal step (a kin to compilers enabling exploit mitigations a decade ago).
I’m looking forward to what the kids who have to “do it for the love” come up with to compete in this new world.
Is the theory from the talking heads that there's an unlimited supply of 0day in commonly exposed internet services?
Because if so once every LLM + researcher on the planet has combed through them over the next few months, is that number still infinity?
🗣️ Say it with us: CORS is a security feature.
In our latest episode of Learn with HTB, we explain why this misconception leads to critical vulnerabilities and how it interacts with the Same-Origin Policy.
@PinkDraconian covers why CORS does not prevent CSRF attacks, the danger of reflecting origins with credentials, and how to properly configure your headers.
Watch until the end to participate in our challenge. Drop your answer in the comments for a chance to win a prize next week! Full video here: https://t.co/twSH6F28yF
#hackthebox #cybersecurity #webdevelopment #bugbounty #cors #infosec #redteam