API Abuse – Lessons from the Duolingo Data Scraping Attack
It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained...
Read more →Category: Mix
The Prompt Injection Primer · rez0
Bringing clarity to questions about Prompt Injection Security Everyone loves talking about prompt injection, but the real impact to an...
Read more →
Act Now to Prepare for New NCUA Cyber Incident Reporting Requirements
We recently discussed the new SEC rule requiring all registered companies to report material cyber incidents within four (4) days....
Read more →![[tl;dr sec] #196 - How Secrets Leak in CI/CD, AI Threat Modeling, Supply Chain](https://cybernoz.com/wp-content/uploads/2023/08/tldr-sec-196-How-Secrets-Leak-in-CICD-AI.jpg "[tl;dr sec] #196 - How Secrets Leak in CI/CD, AI Threat Modeling, Supply Chain 4")
[tl;dr sec] #196 – How Secrets Leak in CI/CD, AI Threat Modeling, Supply Chain
I hope you’ve been doing well! What We’re Known For It’s long had a place in my heart, as I...
Read more →
What Happens to Content When Top-Tier Presentation is Commoditized?
I think AI is about to massively improve the quality of our best content. But not for the reason you...
Read more →
Thoughts on the Eliezer vs. Hotz AI Safety Debate
The debate was quite fun to watch, but also frustrating. What irked me about the debate—and all similar debates—is that...
Read more →
Punicoder – discover domains that are phishing you – honoki
So we’re seeing homograph attacks again. Examples show how ‘apple.com’ and ‘epic.com’ can be mimicked by the use of Internationalized...
Read more →
RCE in Slanger, a Ruby implementation of Pusher – honoki
While researching a web application last February, I learned about Slanger, an open source server implementation of Pusher. In this...
Read more →
Bug Bytes #209 – The only graphQL wordlist you need, ML bug hunting and VDP submissions
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by...
Read more →
I’ve Got You Under My Skin, Bill Evans Solo Transcription – honoki
Download my transcription of Bill Evans’ piano solo in I’ve Got You Under My Skin below. The solo starts around...
Read more →
Burp ♥ OpenVPN – honoki
When performing security tests, you will often be required to send all of your traffic through a VPN. If you...
Read more →
XXE-scape through the front door: circumventing the firewall with HTTP request smuggling
In this write-up, I want to share a cool way in which I was able to bypass firewall limitations that...
Read more →