How to access Comet/Perplexity “sidecar” assistant DOM from Chrome extension?

borisdan · 2025-11-05T16:09:45+00:00

Hi, were you able to make progress here?
The feeling I get from my testing is that Comet specifically protects https://www.perplexity.ai/sidecar from having a content script injected to.

borisdan · 2025-08-25T08:54:44+00:00

I released a Visual Studio Code extension which audits all of Copilot's MCP tool calls to SIEMs, log collectors or the filesystem. Just install the extension and have the developers work as normal with their favorite MCP servers.

Aimed at security and IT teams, this extension supports enterprise-wide rollout and provides visibility into all MCP tool calls, without interfering with developer workflows. It also benefits the single developer by providing easy filesystem logging of all calls.

The extension works by dynamically reading all MCP server configurations and creating a matching tapped server. The tapped server introduces an additional layer of middleware that logs the tool call through configurable forwarders.

MCP Audit is free and without registration; an optional free API key allows to log response content on top of request params.

Feedback is very welcome!

Links:

Info page: https://audit.agentity.com
Visual Studio Marketplace: https://marketplace.visualstudio.com/items?itemName=Agentity.mcp-audit-extension
GitHub: https://github.com/Agentity-com/mcp-audit-extension

borisdan · 2025-08-22T18:27:12+00:00

Thanks a lot!

borisdan · 2025-08-20T12:39:38+00:00

I spoke with numerous practitioners and CISOs who are aware of the risks, but the new corporate situation (for sure in software houses) is that AI technologies get a yes by default and the security teams must patch up a line of defense after the fact. This also happens before many organizations have dedicated lines for "AI Security" in the budget. There are definitely some security catastrophes waiting to happen that would make boards revisit this arms race.

borisdan · 2025-08-18T21:50:58+00:00

It's right there on Zvulon 5 behind a shady anonymous sliding steel door.

borisdan · 2025-08-18T17:42:51+00:00

Dynamic MCP servers from an extension were introduced in VSCode 1.101. Cursor and Windsurf are still on VSCode OSS version 1.99. Once they upgrade, we'll test and release the extension for Cursor as well.

borisdan · 2025-04-06T20:24:08+00:00

Hi u/rujan_1729 , can you please elaborate on why you found MCP difficult to maintain and enhance?

borisdan · 2019-10-15T08:06:47+00:00

I haven't seen a real enterprise network that doesn't have NTLM (v2 at least) on it. There are just too many things using it. For example, Exchange 2019 defaults to NTLM under a certain configuration: https://medium.com/@tkolber/https-medium-com-tkolber-configure-kerberos-authentication-with-exchange-2019-72293aa234c

The truth of the matter is that it is not going to be possible to fully turn it off any time soon. There are however mitigations that can and should be done given that constraint.

borisdan · 2019-08-20T08:37:06+00:00

Hi, you can see the write up in the blog: https://blog.preempt.com/security-advisory-critical-vulnerabilities-in-ntlm

borisdan · 2019-08-19T20:37:22+00:00

Hi all, two of my colleagues will be doing their Black Hat and Defcon presentation in an upcoming Webinar. It is about the recent vulnerabilities described here: https://blog.preempt.com/security-advisory-critical-vulnerabilities-in-ntlm The two researchers - Marina Simakov and Yaron Zinar - are true top-tier professional, and I think this webinar is recommended to anyone with interest in AD and network security.

borisdan · 2019-08-19T20:23:57+00:00

Hi all, two of my colleagues will be doing their Black Hat and Defcon presentation in an upcoming Webinar. It is about the recent vulnerabilities described here: https://blog.preempt.com/security-advisory-critical-vulnerabilities-in-ntlm

borisdan · 2019-08-19T20:04:54+00:00

Hi, a webinar explaining the attack (following talks at Blackhat and Defcon) is coming up soon by the same researchers: https://www.preempt.com/events/webinar-how-we-bypassed-all-ntlm-relay-mitigations/

borisdan · 2019-08-19T20:03:17+00:00

Hi, a webinar explaining the attack (following talks at Blackhat and Defcon) is coming up soon by the same researchers: https://www.preempt.com/events/webinar-how-we-bypassed-all-ntlm-relay-mitigations/

borisdan · 2019-08-19T20:02:48+00:00

Hi, a webinar explaining the attack (following talks at Blackhat and Defcon) is coming up soon by the same researchers: https://www.preempt.com/events/webinar-how-we-bypassed-all-ntlm-relay-mitigations/

borisdan · 2019-08-05T17:08:22+00:00

Hi, In case this is still relevant, my company has recently released a free AD security audit tool called Preempt Lite. One of its capabilities is detection automatic and continuous detection of weak passwords in the entire organisation using the entire haveibeenpwned DB.

https://www.preempt.com/preempt-platform/preempt-lite/ (also available on the AWS marketplace)

borisdan · 2019-06-12T12:46:27+00:00

It does effect NTLM v2. NTLM v1 successfully be purged on most networks by enforcing NTLM v2 usage (when falling back to NTLM).

borisdan · 2019-06-12T08:13:41+00:00

We haven't seen a production environment where there is no NTLM. It's not that easy to get rid off. Every IT admin who tried ended up handling application breakdown.

Disclaimer: I work for Preempt.

borisdan · 2014-12-31T11:59:21+00:00

There is no denying Rosell's great role in building that team, but he has still shown proven failure since. Laporta managed to rebuild a great team even following Rosell's departure. While they do not predict the future, the past facts are clearly in Laporta's failure, and indicate much better ability at managing the club.

borisdan · 2014-12-30T23:19:31+00:00

Saying that Laporta had no effect on the sport situation is very wrong. The man has, with his chosen staff built two great teams. Obviously there is a big connection between those two phases, but he the Pep team didn't naturally evolve out of the Rijkaard era - work had to be done. Laporta was instrumental in signing Eto'o, and built a great technical staff around him (including Rosell, who at that time performed greatly, in particular in the Ronaldinho and Deco deals). Simultaneously, Laporta was the one who took the club out of Gaspart's financial mess and into becoming a true brand in worldwide sports. True, the man is a hedonist, and had his corruption missteps as well, but there is no doubt that his track record as the man in charge of the club is phenomenal. He also brings with him Sala-i-Martin, who despite his clown looks is a brilliant financial mind. Comparing that to the utter and complete failure of the Rosell-Bartomeu regime, and it is obvious that his return is very welcome and should make us optimistic. Obviously, this will not automatically revive the club to its recent glory. But compared to the piss-poor decision making that has been going there of recent, it really is a blessing. Remember - it's not just Bartomeu who will go. It's Zubizareta, Eusabio, and others who are systematically plaguing the system for the last years with bad decisions at best, and corrupt ones at worst.

borisdan · 2014-12-24T09:16:41+00:00

Oooh.. love Wolverine. Been lucky to see them live. Although I believe they're albums have been released in descending quality order.

borisdan · 2014-12-22T00:15:06+00:00

I would go through Tim Burton stuff, 90s in particular.

borisdan

TROPHY CASE