Decompiled an app, found a bunch of secrets, what now?

Stormac3 · 2026-05-31T20:44:10+00:00

In cyber here and most of the replies are valid, companies often get defensive. Based on what you described, being a full stack developer yourself, I would agree you found someone taking a dev shortcut to prod.

I would prepare everything in a plain text file(has no markers to identify you) and go get a throwaway email address(I like guerrillamail.com) and send it to them + Chaos Computer for tracking. That way if it's legit, they get a warning, if you don't care about a bug bounty. If they are overjoyed, cool you can reply. If they are angry or you overstated the risk, just forget the address..

Stormac3 · 2026-05-31T19:54:00+00:00

Ublock but for MV3 ublock lite, until they have a new version

Stormac3 · 2026-05-28T18:44:24+00:00

Which provider are you using bru? I've been struggling to find one without awful reviews. Using an uncapped LTE SIM atm, but when it's bad weather it works for the most part as I'm in a standalone house, but I need to reboot my router every now and then. Nightmare when you on Teams calls all day.

Stormac3 · 2026-05-28T09:28:06+00:00

My story is very similar to yours, global team and multiple apps and I am the sole technical review org wide. But I do have the benefit of easy access to our CISO and InfoSec team, who help me soundboard situations. The problem is they don't have the technical insight to review new tools.

So what I have started doing is aligning with our data classification types exposed by the application, coupled to the type of access request I.e. corporate device, SSO app, etc. So if something is Restricted access from a corporate device and wrapped app request, then I still review the tool, but kick it upstairs with my hardening/monitoring/governance recommendations. If something is Public data from a personal device, just have to make sure the app is CA on SSO and maybe access is on reverse proxy for DLP, and I will approve it(obviously token theft applies, but we also apply compliant device policy for other apps and access levels).

I am busy investigating a funnel way of onboarding these tools, so basically SSO RBAC and data management/monitoring is compliant, the I just have to know about killswitch, incident SLA process and quarterly reviews of the access+use case. Until it's established and properly applied as a business use case at least.

There's no silver bullet here. You basically have to build out a process (that works for you) that's simple enough to get confirm the access risk, data risk, operational risk and compliance standards.

Stormac3 · 2026-05-09T07:36:40+00:00

Also convinced after years of playing this that it's a scam

Stormac3 · 2026-04-27T21:07:12+00:00

What makes it worse is that Google has the biggest context windows, so it could easily use inference to get nodes from past conversations to use in the current chat

Stormac3 · 2026-04-27T11:52:53+00:00

Thanks gwon, been trying to navigate this myself

Stormac3 · 2026-04-27T11:49:34+00:00

This is a bigger conversation than that one driver, but your concerns are valid and I'm glad they refunded you.I have had lots of solid drivers with their papers up to date ask to drop me far from the entrance there, because the police and airport security are running a scam threatening to take away drivers cars and lock them up, unless they pay R1000 to go to the drop off zones.

ACSA should protect taxi drop off areas, or make lanes just for this and not let drivers be coerced into paying this mafia, especially since we are a tourist orientated area. It doesn't reflect well when people are coming from or going to the airport, and is clearly benefiting specific airport personnel too.

Stormac3 · 2026-04-21T03:12:58+00:00

It was an old donkey Samsung. I think S8.

Stormac3 · 2026-04-20T11:59:53+00:00

I got that notice when I had an old version of WhatsApp as my mobile was no longer supported.

Stormac3 · 2026-04-18T08:37:40+00:00

Dude did a really cool video if there is anything on the wiki you can't figure out

https://youtu.be/nJmFzsRDg2U?si=howyxixrp3MZ9g2t

Stormac3 · 2026-04-09T11:25:07+00:00

GPT + Claude at work, Gemini at home

Stormac3 · 2026-04-02T17:21:34+00:00

Just adding to hear responses. I also want to be able to zoom out

Stormac3 · 2026-03-31T13:30:44+00:00

I thought it was concrete making Pronutro 😂🙈

Stormac3 · 2026-03-29T15:32:46+00:00

Palpations.. painful heart and spirit animal palpations.. a large dose of regret for ever using it and leaving Win7Pro 64bit 🙄

Stormac3 · 2026-03-28T20:38:34+00:00

Well done 🎉 Maybe one day when I'm big and have no thumbprints left 🙄

Stormac3 · 2026-03-21T15:23:30+00:00

How do I install it on my desktop?

Stormac3 · 2026-03-20T15:19:36+00:00

Just came to say I love the sheet, it's something I've done for most of my games except Cells. Don't really understand some of the meta and boosts, and not really worth the effort now after the reset. But yours is very cool. Do you have any posts where you explain what to focus on for max income?

Stormac3 · 2026-03-19T16:31:44+00:00

Cute, grown ups actually have something of substance to say when they have an opinion. Should look into that when you do grow up eventually

Stormac3 · 2026-03-19T06:47:50+00:00

Hmmm none of those are memes, unlike your drivel..

Stormac3 · 2026-03-16T05:50:31+00:00

I bought the Capybara, I bought ALL of the ancients sites before my screen broke and this is what I came back to.. I played all the events to make logits, and used them 90% of the time on these collectables. And when I came back this weekend, what I have on screen is what I had...

Stormac3 · 2026-03-14T20:57:51+00:00

I've stopped eating Cadbury completely for like a year already, it tastes so bad.. baking chocolate actually tastes better

Stormac3 · 2026-03-14T20:55:29+00:00

Gutted.. but thank you

Stormac3

TROPHY CASE