CraHan
@crahan.n00.be
Hacker, wearer of fake moustaches, and senior-level procrastinator. Remember, it could be worse, it could be raining! 🤘
Reposted by CraHan
GitHub MCP Exploited: Accessing private repositories via MCP https://invariantlabs.ai/blog/mcp-github-vulnerability
GitHub MCP Exploited: Accessing Private Repositories via MCP
Comments
invariantlabs.ai
May 28, 2025 at 1:18 PM
GitHub MCP Exploited: Accessing private repositories via MCP https://invariantlabs.ai/blog/mcp-github-vulnerability
So, since when does ChatGPT use request information (e.g., IP address) to determine the user's location? Shouldn't it just be using the prompt data? 🤔 #chatgpt
April 19, 2025 at 5:13 PM
So, since when does ChatGPT use request information (e.g., IP address) to determine the user's location? Shouldn't it just be using the prompt data? 🤔 #chatgpt
Ripping a page right out of @deviantollam.bsky.social's air travel book. I started using this pouch for transatlantic flights, hooked onto the seat in front of me with 2 little carabiners. But I know myself. If I don't document this properly, I'll be wondering how I packed it out the last time. 😄
April 17, 2025 at 11:40 AM
Ripping a page right out of @deviantollam.bsky.social's air travel book. I started using this pouch for transatlantic flights, hooked onto the seat in front of me with 2 little carabiners. But I know myself. If I don't document this properly, I'll be wondering how I packed it out the last time. 😄
Reposted by CraHan
I use Python all the time in most of the roles I've had in information security. One challenge has always been managing virtual environments for packages and one-off scripts. uv solves all that! In this video, I'll walk through how.
www.youtube.com/watch?v=G36Q...
www.youtube.com/watch?v=G36Q...
Python UV for Hackers
YouTube video by 0xdf
www.youtube.com
April 17, 2025 at 10:51 AM
I use Python all the time in most of the roles I've had in information security. One challenge has always been managing virtual environments for packages and one-off scripts. uv solves all that! In this video, I'll walk through how.
www.youtube.com/watch?v=G36Q...
www.youtube.com/watch?v=G36Q...
Reposted by CraHan
Another fantastic sign from today at the mall.
April 5, 2025 at 6:44 PM
Another fantastic sign from today at the mall.
Reposted by CraHan
a major issue with video games is that they produce a bunch of people who consider themselves brain geniuses for solving problems that were designed to be solvable. as a remedy, we should be making more games that are actively and irreconcilably hostile to the player. thank you
April 5, 2025 at 2:43 AM
a major issue with video games is that they produce a bunch of people who consider themselves brain geniuses for solving problems that were designed to be solvable. as a remedy, we should be making more games that are actively and irreconcilably hostile to the player. thank you
Here comes trickle-down economics 2.0... AI edition! 🙄
If you think companies will give us a 2 day work week instead of forcing us to more than double our output over 5 days, or pay us a lot less, then you don’t understand capitalism.
March 30, 2025 at 3:15 PM
Here comes trickle-down economics 2.0... AI edition! 🙄
Reposted by CraHan
this is what it's like dating me fyi
March 27, 2025 at 8:03 PM
this is what it's like dating me fyi
Reposted by CraHan
When your threat model is being a moron
No phone, no app, no encryption can protect you from yourself if you send the information you’re trying to hide directly to someone you don’t want to have it.
🔗 www.404media.co/when-your-th...
No phone, no app, no encryption can protect you from yourself if you send the information you’re trying to hide directly to someone you don’t want to have it.
🔗 www.404media.co/when-your-th...
When Your Threat Model Is Being a Moron
No phone, no app, no encryption can protect you from yourself if you send the information you’re trying to hide directly to someone you don’t want to have it.
www.404media.co
March 26, 2025 at 7:48 PM
When your threat model is being a moron
No phone, no app, no encryption can protect you from yourself if you send the information you’re trying to hide directly to someone you don’t want to have it.
🔗 www.404media.co/when-your-th...
No phone, no app, no encryption can protect you from yourself if you send the information you’re trying to hide directly to someone you don’t want to have it.
🔗 www.404media.co/when-your-th...
Reposted by CraHan
Reposted by CraHan
End-to-end encryption is secure because it protects the contents of your communications in transit between the endpoints. If you make one of those endpoints an editor at The Atlantic, no amount of encryption is going to save you from your own stupidity.
March 25, 2025 at 11:28 PM
End-to-end encryption is secure because it protects the contents of your communications in transit between the endpoints. If you make one of those endpoints an editor at The Atlantic, no amount of encryption is going to save you from your own stupidity.
"When we're in like a chat with friends..." 😂 www.youtube.com/watch?v=Modc...
Moskowitz Mocks Signal Chat Between Administration Officials
YouTube video by Congressman Jared Moskowitz
www.youtube.com
March 25, 2025 at 10:58 PM
"When we're in like a chat with friends..." 😂 www.youtube.com/watch?v=Modc...
Reposted by CraHan
Liven up the group chats you're in by posting any or all of these images along with some bullshit bombastic emojis like 🇺🇸🤜🤛🇷🇺🧙♂️🥵🍆💦
Then abruptly delete it all about 15 minutes later, saying something like...
"Wait, shit, is this the chat WITH reporters or WITHOUT reporters??"
Then abruptly delete it all about 15 minutes later, saying something like...
"Wait, shit, is this the chat WITH reporters or WITHOUT reporters??"
March 25, 2025 at 4:36 PM
Liven up the group chats you're in by posting any or all of these images along with some bullshit bombastic emojis like 🇺🇸🤜🤛🇷🇺🧙♂️🥵🍆💦
Then abruptly delete it all about 15 minutes later, saying something like...
"Wait, shit, is this the chat WITH reporters or WITHOUT reporters??"
Then abruptly delete it all about 15 minutes later, saying something like...
"Wait, shit, is this the chat WITH reporters or WITHOUT reporters??"
Best of all, all of these amazing news sources also provide RSS feeds with full length articles!
I realize there's a lot of hate and distrust for journalists in infosec but it's absolutely crazy that I get a free newsletter with no ads every day from @404media.co plus tons of well-researched coverage, and every week I get a great round up for free from @zackwhittaker.com and @metacurity.com
March 25, 2025 at 9:51 PM
Best of all, all of these amazing news sources also provide RSS feeds with full length articles!
Reposted by CraHan
holy shit www.theatlantic.com/politics/arc...
The Trump Administration Accidentally Texted Me Its War Plans
U.S. national-security leaders included me in a group chat about upcoming military strikes in Yemen. I didn’t think it could be real. Then the bombs started falling.
www.theatlantic.com
March 24, 2025 at 4:29 PM
holy shit www.theatlantic.com/politics/arc...
Reposted by CraHan
Download the 6K Wallpaper: basicappleguy.com/haberdashery...
The Exalted Victory of Cold Harbor Wallpaper — Basic Apple Guy
Praise Kier as Mark S. prepares to finish refining his 25th & final Macrodata file.
basicappleguy.com
March 22, 2025 at 7:58 PM
Download the 6K Wallpaper: basicappleguy.com/haberdashery...
Reposted by CraHan
If a client demands an agent in a device, it's going on *their device*.
Yes, that sometimes means I'm carrying 3 laptops to service different clients. It's a cost of doing business.
Yes, that sometimes means I'm carrying 3 laptops to service different clients. It's a cost of doing business.
If a client insist I have an agent on device I only use it for that client and treat it as though it is compromised and HR can see everything I do on it.
March 18, 2025 at 11:46 AM
If a client demands an agent in a device, it's going on *their device*.
Yes, that sometimes means I'm carrying 3 laptops to service different clients. It's a cost of doing business.
Yes, that sometimes means I'm carrying 3 laptops to service different clients. It's a cost of doing business.
You might think you know all about IDOR, but that's just because you haven't seen @joswr1ght.bsky.social talk about it!
Check out @joswr1ght.bsky.social 's talk, "Hackventure: Having Fun With IDOR Attacks," from Wild West Hackin' Fest @ Mile High 2025! www.youtube.com/watch?v=hzrh...
Grab your tickets for Wild West Hackin' Fest - Deadwood 2025! --> wildwesthackinfest.com/wild-west-ha...
Grab your tickets for Wild West Hackin' Fest - Deadwood 2025! --> wildwesthackinfest.com/wild-west-ha...
Hackventure: Having Fun With IDOR Attacks | Joshua Wright
YouTube video by Wild West Hackin' Fest
www.youtube.com
March 16, 2025 at 6:39 PM
You might think you know all about IDOR, but that's just because you haven't seen @joswr1ght.bsky.social talk about it!
Reposted by CraHan
Mark is beloved by millions of kids, which makes it particularly great that he’s teaching them how to inform their parents that Tesla is a danger to children. This is another one of those “we don’t need a ‘Rogan of the left’, we need normal men” examples.
Tesla vs. other partially automated driving systems that use lidar. youtu.be/IQJL3htsDyQ by Mark Rober
Can You Fool A Self Driving Car?
YouTube video by Mark Rober
youtu.be
March 16, 2025 at 5:06 PM
Mark is beloved by millions of kids, which makes it particularly great that he’s teaching them how to inform their parents that Tesla is a danger to children. This is another one of those “we don’t need a ‘Rogan of the left’, we need normal men” examples.
If you're looking for a Linux Arm64 build of cloudfox, I've got you covered. Builds are available at github.com/crahan/cloud... until my pull request is merged into the main repo. The 'linux-arm64' branch has the updated Makefile in case you want to roll your own. #pentesting #cloud #arm64
Releases · crahan/cloudfox
Automating situational awareness for cloud penetration tests. - crahan/cloudfox
github.com
March 13, 2025 at 2:33 PM
If you're looking for a Linux Arm64 build of cloudfox, I've got you covered. Builds are available at github.com/crahan/cloud... until my pull request is merged into the main repo. The 'linux-arm64' branch has the updated Makefile in case you want to roll your own. #pentesting #cloud #arm64
Reposted by CraHan
Come on down to the White House Tesla Auto Mall!
March 12, 2025 at 9:02 PM
Come on down to the White House Tesla Auto Mall!
Tangent of the day: fixing the VMware Workstation icons that don't follow the Papirus icon theme. Good thing you can just grep for the icon names in the .so files.
March 11, 2025 at 11:55 PM
Tangent of the day: fixing the VMware Workstation icons that don't follow the Papirus icon theme. Good thing you can just grep for the icon names in the .so files.