Recently I showed GLIC JACK
Web extensions were capable of setting DeclarativeNetRequest rules to intercept network in WebView components, which is how the new Gemini Live in Chrome pane is embedded
From there, I took over it entirely using DNR rules only 🛎️
Here's how 🧵️
🌍 Earth Day Giveaway - Learn Mobile or AI Security, On Us
One beautiful planet we all share. Let's patch it together. 🌱
To celebrate Earth Day, we're planting 3 free seats 🌱 in any 8kSec Academy course - winner's choice of the whole forest:
• Practical AI Security: Attacks, Defenses, and Applications
• Practical Mobile Application Exploitation
• Offensive Mobile Reversing and Exploitation
• Offensive iOS Internals
• Offensive Android Internals
Explore the catalog → https://t.co/B8Q31o3o8q
How to enter (zero carbon footprint 🍃):
🌿 Follow us
🌿 Like this post
🌎 Repost to spread the seeds
🌟 Bonus: double your chances!
💬 Comment your favorite place on Earth that you have visited or would like to visit 🌍, and we'll count your entry twice
3 winners sprout on April 27. We’ll DM each winner to select their course.
A detailed and brutal look at the tactics of buzzy AI compliance startup Delve
"Delve built a machine designed to make clients complicit without their knowledge, to manufacture plausible deniability while producing exactly the opposite."
https://t.co/eiicE64eGr
$XOM | +32% Since My December 1 Post
Weekly Chart Update
I shared this setup back in DECEMBER.
$XOM has performed very well so far, and I’m pleased with this trade.
It will likely continue higher when the market opens tomorrow.
I’ve added the next price target: $166 zone.
Joining the agentic vuln research hype, @EyalKraft and I did something. Unfortunately, it worked better than we hoped.
We spent a few weeks building an agentic loop that reverse-engineers and exploits kernel drivers. We already found 100+ exploitable drivers.
(link below)
> be Sammy Azdoufal, software engineer
> spend $2000 on DJI Romo vacuum
> decide to control it with xbox controller like a chad
> use Claude to reverse engineer the API
> It works because Claude is the GOAT
> just need to grab auth token from their cloud servers
> token works... Claude is unbeaten
> wait why is he authenticated as 7000 devices
> ohno.jpg
> backend trusted any valid token for any device, no ownership verification
> mfw Sammy has live camera feeds from vacuums in 24 countries
> watching some german dude eat cereal at 3am
> can pull SLAM data and get floor plans of everyone's house
> could be the world's most efficient burglar
> could be the world's most at scale pervert
> Sammy just wanted to drive his vacuum bro
> reports it like a responsible adult
> DJI patches in 2 days
> back to being a normal guy with overpriced roomba
> mfw the entire IoT industry treats auth like it's 2005
If I ask Claude Code “how do I conduct a security review”, it checks the “find skills” skill that I never wanted and then recommends my malicious skill.
Amazing.
_ @mast3root and I delivered an intro talk on Red Teaming in Mac Environments. The slides don't have a lot of content as we took the 'talk' part literally. Always open for a discussion around this topic.
https://t.co/uy6WACY63e
https://t.co/w9GXVmwsJN
Keeping AI aside, we found a chained vuln in Supabase’s legacy cloud that let us go from a tenant DB user to controlling other instances in the same region. Supabase patched it fast and awarded us a $25,000 bounty.
https://t.co/0Cl8GDefld
i'm building a web browser for reverse engineers!
* identify calls to common fingerprinting APIs
* decode/decrypt known data collector payloads
* override / hook things without leaving a trace
* detect obfuscated scripts & deobfuscate
+ more
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3