ben
@hitman.services
broke programmer
i dabble in cybersec time to time
i dabble in cybersec time to time
The time has come! Yours truly has discovered his first CVE!!
www.cve.org/CVERecord?id...
#cybersec #infosec
www.cve.org/CVERecord?id...
#cybersec #infosec
www.cve.org
April 20, 2025 at 3:03 AM
The time has come! Yours truly has discovered his first CVE!!
www.cve.org/CVERecord?id...
#cybersec #infosec
www.cve.org/CVERecord?id...
#cybersec #infosec
Reposted by ben
Government employees have started a website to debunk the attacks on them! It’s at wethebuilders.org.
Jessica Craven
Jessica Craven
We are the builders
We find the truth and tell the truth
wethebuilders.org
February 24, 2025 at 5:35 AM
Government employees have started a website to debunk the attacks on them! It’s at wethebuilders.org.
Jessica Craven
Jessica Craven
Wild
Apple has ceased providing end-to-end encrypted iCloud backups in the UK following a legal order.
Apple has stopped offering end-to-end encrypted iCloud backups in the UK due to a legal order.
View post on Reddit.
reddit.com
February 21, 2025 at 8:31 PM
Wild
Reposted by ben
I say this as someone who doesn’t know what they’re talking about, but is old enough to have seen this shit before: An LLM is not intelligent. It is just a chat bot that has had gobs of money thrown at it.
February 21, 2025 at 6:26 AM
I say this as someone who doesn’t know what they’re talking about, but is old enough to have seen this shit before: An LLM is not intelligent. It is just a chat bot that has had gobs of money thrown at it.
Can’t believe we got to the point people are PAYING companies to intern. As if unpaid internships aren’t already bad enough. SMH 🤦♂️
February 21, 2025 at 6:31 AM
Can’t believe we got to the point people are PAYING companies to intern. As if unpaid internships aren’t already bad enough. SMH 🤦♂️
OSINT is the cherry on top for phishing. Sure, these techniques may seem juvenile but combine them with network analysis, and impersonation of legitimate people/services you have an extremely powerful tool. I’ve heard of campaigns that clone relative’s voices with generative AI.
On today’s #CyberSecTotD for #PhishingWeek we are talking some more traditional types of phishing: phone call (sometimes called voice phishing or vishing), text, and social platform DM phishing.
February 21, 2025 at 6:20 AM
OSINT is the cherry on top for phishing. Sure, these techniques may seem juvenile but combine them with network analysis, and impersonation of legitimate people/services you have an extremely powerful tool. I’ve heard of campaigns that clone relative’s voices with generative AI.
Not sure if it's just me but tria.ge always breaks whenever I try making search queries with more than two AND/OR statements, could be user error or I may just need to use the API.
February 20, 2025 at 7:13 PM
Not sure if it's just me but tria.ge always breaks whenever I try making search queries with more than two AND/OR statements, could be user error or I may just need to use the API.
Probably some of the worst ransomware I've found. Xelera is a PyInstaller executable that attempts to obfuscate it's code with... emojis and have long import aliases that are easily reverse-engineered.
github.com/0xBenCantCod...
github.com/0xBenCantCod...
GitHub - 0xBenCantCode/Xelera-Parser: A set of tools for extracting information from a Xelera ransomware executable.
A set of tools for extracting information from a Xelera ransomware executable. - 0xBenCantCode/Xelera-Parser
github.com
February 20, 2025 at 7:11 PM
Probably some of the worst ransomware I've found. Xelera is a PyInstaller executable that attempts to obfuscate it's code with... emojis and have long import aliases that are easily reverse-engineered.
github.com/0xBenCantCod...
github.com/0xBenCantCod...
Here's my first bug I got permission to disclose, found it a while back but thought I'd post it here. From XSS to account takeover in a creative way.
github.com/0xBenCantCod...
github.com/0xBenCantCod...
GitHub - 0xBenCantCode/Scratched: One-click itch.io account takeover via XSS and Oauth.
One-click itch.io account takeover via XSS and Oauth. - 0xBenCantCode/Scratched
github.com
February 20, 2025 at 7:09 PM
Here's my first bug I got permission to disclose, found it a while back but thought I'd post it here. From XSS to account takeover in a creative way.
github.com/0xBenCantCod...
github.com/0xBenCantCod...