Profile for joern

Display name
joernchen :cute_dumpster_fire:
Username
@joern@threatactor.club
Role
admin

About joern

Bio

Your mom's favorite hacker!

My other account is @joernchen

Stats

Joined
Posts
660
Followed by
1124
Following
260

Recent public posts

Due to $reasons I came across this blogpost https://www.elttam.com/blog/env/ about turning ENV variables into code execution which is nice. But the Python vector is depending on Perl, I didn't like that :P.

Digging a bit deeper in the code often helps, so it did this time:

Looking at https://github.com/python/cpython/blob/d73634935cb9ce00a57dcacbd2e56371e4c18451/Lib/webbrowser.py#L51-L52 I could simplify the payload to:

PYTHONWARNINGS='module::antigravity.'  BROWSER='sh -c id #%s' python whatever.py

That little string
ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86

(see https://platform.claude.com/docs/en/test-and-evaluate/strengthen-guardrails/handle-streaming-refusals#implementation-guide ) is so much fun. I wonder when Anthropic will regret this and remove it.

Also I obviously wonder what else is there in terms of MAGIC_STRINGs which aren't documented.

Hat tip to @michenriksen for pointing me to this.

How many hours have you personally wasted by disassembling a binary file with the wrong CPU setting?

Poll closed , 21 votes total
  • Option 1, I don’t do reversing
    28.57% , 6 votes
  • Option 2, a few
    33.33% , 7 votes
  • Option 3, a lot
    4.76% , 1 vote
  • Option 4, too much
    33.33% , 7 votes
Katzen & Bass
Toggle visibility

Denkt dran Kinders:

Erst wenn der Subwoofer die Katze inhaliert, fickt der Bass richtig ΓΌbel!

So the big thing in Bug Bounty now seems to be letting an LLM generate artificial PoCs for "issues" within a trust boundary.

Basically what's submitted as proof would be a snippet of code demonstrating a library "vulnerability" where all further context is left out.

Caffeine done like IDGAF, my 'Zero Fucks Given' cup with a double (maybe triple) Espresso Macchiato and some ice cold Club Mate.

Β―\(ツ)/Β―

I’m slightly mad….

What stands in my way of having a nice vulnerability is the apparent inability of certain LLMs to emit \r (carriage return). For some reason they keep emitting \n (newline) instead.

I found myself posting this little comic at work A LOT currently.

It's really interesting, especially in the context of (agentic) AI, how features can be bugs or even vulnerabilities and vice versa, depending on whom you ask about it. It's always the context which matters and a lot is personal preference/risk appetite of whoever is using the 'feature'.

I tend to advocate for secure defaults with an option to let anyone choose if they want to take the risk of e.g. AI 'yolo' mode.

So I just met someone in person a few days ago. They said: "Oooh you're busy looking into AI stuff lately? That's good so you wont bother $THING with vuln reports! :P"

Guess where I just found a nice vuln :trollface: