Cas van Cooten
@casvancooten.com
@chvancooten on the bird app 🐦
---
Benevolently malicious offensive security enthusiast || OffSec Developer & Malware Linguist || NimPlant & NimPackt author || @ABNAMRO Red Team
---
Benevolently malicious offensive security enthusiast || OffSec Developer & Malware Linguist || NimPlant & NimPackt author || @ABNAMRO Red Team
Not thinking about infosec for a while 🥰
April 25, 2025 at 7:00 PM
Not thinking about infosec for a while 🥰
BTW - I don't see this as a vulnerability. It is (clearly) by design, just something to be cautious with for all the vibe coders out there :)
The @vscode.dev is doing an excellent job here - they even disable Copilot entirely in untrusted (restricted) workspaces.
The @vscode.dev is doing an excellent job here - they even disable Copilot entirely in untrusted (restricted) workspaces.
April 18, 2025 at 3:00 PM
BTW - I don't see this as a vulnerability. It is (clearly) by design, just something to be cautious with for all the vibe coders out there :)
The @vscode.dev is doing an excellent job here - they even disable Copilot entirely in untrusted (restricted) workspaces.
The @vscode.dev is doing an excellent job here - they even disable Copilot entirely in untrusted (restricted) workspaces.
10/10 no notes, excellent blending in
April 18, 2025 at 2:36 PM
10/10 no notes, excellent blending in
Pretty fun proof of concept - VS Code's `copilot-instructions.md` allows for blatant backdooring of agents if any AI agents or edits are run from an untrusted repository. It can seemingly fulfil the user's request, but actually implement (and hide) some nefarious side activities 😂
April 18, 2025 at 2:33 PM
Pretty fun proof of concept - VS Code's `copilot-instructions.md` allows for blatant backdooring of agents if any AI agents or edits are run from an untrusted repository. It can seemingly fulfil the user's request, but actually implement (and hide) some nefarious side activities 😂
Touched down in Singapore! Looking forward to Black Hat Asia. Hope to see many of you around!
March 31, 2025 at 11:40 AM
Touched down in Singapore! Looking forward to Black Hat Asia. Hope to see many of you around!
This must be the most informative graphic contained in the Microsoft docs
learn.microsoft.com/en-us/opensp...
learn.microsoft.com/en-us/opensp...
March 18, 2025 at 12:55 PM
This must be the most informative graphic contained in the Microsoft docs
learn.microsoft.com/en-us/opensp...
learn.microsoft.com/en-us/opensp...
I was invited to present Nimplant at Black Hat Asia 2025 in Singapore this April! If you're around, please do reach out to talk offensive development, modern programming languages, or how to use (or detect) Nimplant in your ops. Looking forward to it!
www.blackhat.com/asia-25/arse...
www.blackhat.com/asia-25/arse...
March 8, 2025 at 10:29 AM
I was invited to present Nimplant at Black Hat Asia 2025 in Singapore this April! If you're around, please do reach out to talk offensive development, modern programming languages, or how to use (or detect) Nimplant in your ops. Looking forward to it!
www.blackhat.com/asia-25/arse...
www.blackhat.com/asia-25/arse...
Lol 75% thought leader, must be because I interact with @xpnsec.com too much 😂
blueskyroast.com/roast/casvan...
blueskyroast.com/roast/casvan...
December 2, 2024 at 8:32 AM
Lol 75% thought leader, must be because I interact with @xpnsec.com too much 😂
blueskyroast.com/roast/casvan...
blueskyroast.com/roast/casvan...