Mastodawn

jehna

Feb 17, 2024

Canary tokens to reveal your data leaks 💦

https://docs.canarytokens.org/

Canarytokens

Official docs for Canarytokens

jehna

Feb 10, 2024

World's Shortest Threat Modeling Course
https://www.youtube.com/playlist?list=PLCVhBqLDKoOOZqKt74QI4pbDUnXSQo0nf

World's Shortest Threat Modeling Course

YouTube

jehna

Aug 25, 2023

Alexander Cafarella Nov 25, 2022

jehna

Aug 23, 2023

Using #LLM's to reverse #Javascript variable name minification
https://thejunkland.com/blog/using-llms-to-reverse-javascript-minification

#infosec #bugbounty #llama2 #chatgpt #pentesting #reverseengineering

Using LLMs to reverse JavaScript variable name minification

A novel way to reverse Javascript minification using LLMs.

Show thread

jehna

Aug 22, 2023

@kellogh llama2 needs one pass per each variable name. ChatGPT is much smarter, I can do ~10 variables per pass since they have the "function calling" feature

jehna

Aug 21, 2023

@tc001 I'm sure the technique is general enough for other languages too! I'd need to check if there's something similar to C what Babel is for Javascript

Would probably make sense to write a plugin for some decompilation tools 🤔

jehna

Aug 21, 2023

Yes, it seems that you can use #LLM's to reverse #Javascript variable name minification. Working on a tool that uses llama2 locally to make it practical to use on large files (can cost 1000s of dollars on big js bundles if using #ChatGPT ). Dropping a release blog post in a few days for #OSS tool
#bugbounty #infosec

jehna

Aug 11, 2023

"Smashing the state machine: the true potential of web race conditions" by @albinowax
https://portswigger.net/research/smashing-the-state-machine
#infosec #bugbounty

Smashing the state machine: the true potential of web race conditions

For too long, web race condition attacks have focused on a tiny handful of scenarios. Their true potential has been masked thanks to tricky workflows, missing tooling, and simple network jitter hiding

PortSwigger Research

jehna

Aug 10, 2023