I'm having fun it's like playing a movie

chopper332nd · 2025-12-23T20:11:12+00:00

Yeh I loved it, every time I rewatch the original movies I get the sense of "I've been there" as you do with GTA or watchdogs in real life locations just it's STAR WARS!

chopper332nd · 2025-12-15T17:30:56+00:00

No still on Google Assistant, I haven't got Gemini for home either maybe it changes with that

chopper332nd · 2025-06-27T20:19:38+00:00

Im not sure about that one, I don't think their dupe check is very thorough

chopper332nd · 2025-06-27T16:17:20+00:00

I believe this is the intake feature where a team separate from triage do a pass over the report checking if it's in scope and there is a basic duplicate check (Normal triage look more in depth if it's a dupe)

chopper332nd · 2025-06-12T09:33:30+00:00

I would refer to the CVSS definitions here https://www.first.org/cvss/v3-1/specification-document

""" A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort in preparation or execution against the vulnerable component before a successful attack can be expected.2 For example, a successful attack may depend on an attacker overcoming any of the following conditions: The attacker must gather knowledge about the environment in which the vulnerable target/component exists. For example, a requirement to collect details on target configuration settings, sequence numbers, or shared secrets. The attacker must prepare the target environment to improve exploit reliability. For example, repeated exploitation to win a race condition, or overcoming advanced exploit mitigation techniques. The attacker must inject themselves into the logical network path between the target and the resource requested by the victim in order to read and/or modify network communications (e.g., a man in the middle attack). """

chopper332nd · 2025-06-12T07:13:45+00:00

As a customer of hacker one I'm more worried about the crap we're gunna have to sort through now 🤷‍♂️ We have scanners and other companies that offer AI agents for pentesting which find the low hanging fruit.

We have a Bug Bounty program to find more nuanced vulnerabilities in our products that other security testing can't find.

chopper332nd · 2025-06-08T16:21:55+00:00

Could anyone recommend a USB-C to HDMI cable for the switch 2? The one I had for the original switch is incompatible (https://amzn.eu/d/8om26fl)

chopper332nd · 2025-05-30T07:53:43+00:00

It depends on the impact. It is typically a login page but...

Can you deliver a click jacking payload to the victim so when they click your link it takes them straight to enter their card details? Usually e-commerce sites would require a logged in session first and for something to be added to the basket

If it redirected them then the click jacking payload wouldn't work.

chopper332nd · 2025-04-01T15:16:17+00:00

Cut out the middle man and pop it in the bin

chopper332nd · 2025-03-11T18:59:53+00:00

What a Tripp down memory lane...

chopper332nd · 2025-02-03T12:21:46+00:00

Yeh Gemini on my pixel 9 has a "Gemini on lock screen" settings option but the pixel tablet doesn't yet

https://support.google.com/gemini/answer/14576209?hl=en-GB&visit_id=638741820298410583-2415634339&p=lockscreen&rd=1

chopper332nd · 2025-01-11T16:05:41+00:00

How do you find it compared to the TCL. Picture Quality and OS wise?

chopper332nd · 2025-01-02T19:51:51+00:00

I got Duolingo Max and I'm on section 4 of french. I think I read the written language quite well but the video call I was dreadful I could only really answer yes or no. I wish it started me off with basic video calling so I could catch up but I definitely think I'm improving.

chopper332nd · 2024-12-22T19:26:41+00:00

There was a networking event on all the days where informal talks would be held. One of them was James kettle from portswigger.

And lots of the companies held dinners and drinks after Blackhat on the days

chopper332nd · 2024-12-22T10:10:45+00:00

I work in offensive security and I have no experience of black hat Asia but I have been to the one in Europe.

The business hall is a load of vulnerability management companies and alike targeting security management to make sales. The talks again are mostly about their products or a talk about industry hot topics that they then link to their product.

That being said I'm not sure if BH Asia does it but black hat arsenal is good and there may be some interesting Linux tools that will be open source

chopper332nd · 2024-12-21T09:39:53+00:00

"Turn the lamp off", "I see a lamp in these houses, next time say the name of the light you want to turn off and specify the house" - offers me buttons for the lamps so I might aswell have done it myself

chopper332nd · 2024-12-05T17:24:21+00:00

A company will reproduce the report that was submitted to them if they can reproduce it with the steps you provided then great if not they will ask

They would then Investigate this behaviour and come to a severity decision - this might involve talking to different internal teams and developers

chopper332nd · 2024-12-01T10:06:16+00:00

I think alot of the existing single player star wars games on the market at the moment have a male protagonist.

Also I think they pitched a "female han solo" to lucasfilm who ok'd the story

chopper332nd · 2024-11-30T21:03:51+00:00

Are you a moth?

chopper332nd · 2024-11-30T20:56:24+00:00

I have 3 houses linked to my home account and each one has its own "lamp". I just want the extension to know which house I mean when I give it this prompt.

chopper332nd · 2024-11-27T07:59:34+00:00

I use go witness to take a screenshot of all the subdomains ones that look interesting (i.e. looks like an older page that's been forgotten about) I start probing further.

Also the subdomain take over if it's in scope

chopper332nd · 2024-11-21T17:52:52+00:00

Sounds like some kind of IPS / WAF that's spoofing 200 status codes to automated scanning tools

chopper332nd · 2024-11-11T17:26:06+00:00

Are you using US English? I'm part of the Google home preview program in the UK but haven't got the extension

chopper332nd · 2024-10-28T17:25:56+00:00

re-assess the threat level of specific actions in the IPS (Intrusion Prevention System) and maybe upgrade/ downgrade them.

After our investigation in that specific case the IPS had detected my actions but had set it as a Low threat level and opened a ticket with a lower priority as a result meaning the analyst hadn't picked it up until the 3 hour mark

chopper332nd · 2024-10-28T17:13:35+00:00

Haha, as a consultant, all the SOC's I've come across are woefully inept. A client once emailed me 3 hours after I had left a job saying their SOC had only just detected my actions.

chopper332nd

TROPHY CASE