CraHan's Avatar

CraHan

@crahan.n00.be

Hacker, wearer of fake moustaches, and senior-level procrastinator. Remember, it could be worse, it could be raining! 🀘

48 Followers  |  76 Following  |  82 Posts  |  Joined: 14.12.2023  |  2.0844

Latest posts by crahan.n00.be on Bluesky

Preview
GitHub MCP Exploited: Accessing Private Repositories via MCP Comments

GitHub MCP Exploited: Accessing private repositories via MCP https://invariantlabs.ai/blog/mcp-github-vulnerability

28.05.2025 13:15 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

Blockchain companies rebranding as Web3 companies rebranding as Metaverse companies rebranding as NFT companies rebranding as AI companies

24.05.2025 05:48 β€” πŸ‘ 29    πŸ” 14    πŸ’¬ 4    πŸ“Œ 0
Post image

So, since when does ChatGPT use request information (e.g., IP address) to determine the user's location? Shouldn't it just be using the prompt data? πŸ€” #chatgpt

19.04.2025 17:12 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

So much this! Anyone who creates single line scripts needs to start doing this by default. There really is no downside to it. From a Python script perspective it's just a comment block.

Honestly, I feel like this is a low effort PR for most GitHub projects.

17.04.2025 11:43 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image Post image

Ripping a page right out of @deviantollam.bsky.social's air travel book. I started using this pouch for transatlantic flights, hooked onto the seat in front of me with 2 little carabiners. But I know myself. If I don't document this properly, I'll be wondering how I packed it out the last time. πŸ˜„

17.04.2025 11:40 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Python UV for Hackers
YouTube video by 0xdf Python UV for Hackers

I use Python all the time in most of the roles I've had in information security. One challenge has always been managing virtual environments for packages and one-off scripts. uv solves all that! In this video, I'll walk through how.

www.youtube.com/watch?v=G36Q...

17.04.2025 10:51 β€” πŸ‘ 10    πŸ” 1    πŸ’¬ 2    πŸ“Œ 0

It has completely replaced pyenv for me. Total game changer! Every so often I run `uv clean` to get rid of some stale data and the speed at which it sets everything up again when you run the script or tool from scratch is really impressive. 1-2 seconds for me in most cases.

17.04.2025 11:11 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0
Sign that says "I've seen smarter cabinets at IKEA"

Sign that says "I've seen smarter cabinets at IKEA"

Another fantastic sign from today at the mall.

05.04.2025 18:44 β€” πŸ‘ 64    πŸ” 6    πŸ’¬ 1    πŸ“Œ 0

a major issue with video games is that they produce a bunch of people who consider themselves brain geniuses for solving problems that were designed to be solvable. as a remedy, we should be making more games that are actively and irreconcilably hostile to the player. thank you

05.04.2025 02:43 β€” πŸ‘ 10645    πŸ” 1972    πŸ’¬ 39    πŸ“Œ 66

Here comes trickle-down economics 2.0... AI edition! πŸ™„

30.03.2025 15:15 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Text exchange: them: there was a big accident this morning, just north of us and it took out a transformer me: oh wow. probably the Decepticons

Text exchange: them: there was a big accident this morning, just north of us and it took out a transformer me: oh wow. probably the Decepticons

this is what it's like dating me fyi

27.03.2025 20:03 β€” πŸ‘ 184    πŸ” 15    πŸ’¬ 7    πŸ“Œ 0
Preview
When Your Threat Model Is Being a Moron No phone, no app, no encryption can protect you from yourself if you send the information you’re trying to hide directly to someone you don’t want to have it.

When your threat model is being a moron

No phone, no app, no encryption can protect you from yourself if you send the information you’re trying to hide directly to someone you don’t want to have it.

πŸ”— www.404media.co/when-your-th...

26.03.2025 19:48 β€” πŸ‘ 2700    πŸ” 627    πŸ’¬ 42    πŸ“Œ 46

Make it happen Cupertino! #severance

26.03.2025 20:07 β€” πŸ‘ 159    πŸ” 16    πŸ’¬ 10    πŸ“Œ 5

End-to-end encryption is secure because it protects the contents of your communications in transit between the endpoints. If you make one of those endpoints an editor at The Atlantic, no amount of encryption is going to save you from your own stupidity.

25.03.2025 23:28 β€” πŸ‘ 3241    πŸ” 548    πŸ’¬ 70    πŸ“Œ 30
Moskowitz Mocks Signal Chat Between Administration Officials
YouTube video by Congressman Jared Moskowitz Moskowitz Mocks Signal Chat Between Administration Officials

"When we're in like a chat with friends..." πŸ˜‚ www.youtube.com/watch?v=Modc...

25.03.2025 22:58 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Screenshot from Top Gun: Maverick depicting a computer animated topographical diagram of a mountain range topped with anti-aircraft missile installations.

Screenshot from Top Gun: Maverick depicting a computer animated topographical diagram of a mountain range topped with anti-aircraft missile installations.

Blueprint diagram of the G.I.Joe aerial vehicle called the "FANG" or "Fully Armed Negator Gyrocopter"

Blueprint diagram of the G.I.Joe aerial vehicle called the "FANG" or "Fully Armed Negator Gyrocopter"

Crayon drawing from the movie "Home Alone" entitled "Battle Plan" depicting several rooms of a house equipped with assorted traps like broken glass ornaments, icy steps, swinging paint cans, and a tripwire-enabled fan set to blow feathers on a glue-covered intruder.

Crayon drawing from the movie "Home Alone" entitled "Battle Plan" depicting several rooms of a house equipped with assorted traps like broken glass ornaments, icy steps, swinging paint cans, and a tripwire-enabled fan set to blow feathers on a glue-covered intruder.

Screenshot from Star Wars scene where rebel pilots are being briefed on the plan to attack the Death Star.

Screenshot from Star Wars scene where rebel pilots are being briefed on the plan to attack the Death Star.

Liven up the group chats you're in by posting any or all of these images along with some bullshit bombastic emojis like πŸ‡ΊπŸ‡ΈπŸ€œπŸ€›πŸ‡·πŸ‡ΊπŸ§™β€β™‚οΈπŸ₯΅πŸ†πŸ’¦

Then abruptly delete it all about 15 minutes later, saying something like...

"Wait, shit, is this the chat WITH reporters or WITHOUT reporters??"

25.03.2025 16:36 β€” πŸ‘ 117    πŸ” 28    πŸ’¬ 6    πŸ“Œ 2

Also, every single one of these provides an RSS feed containing the full length articles. Not something you see so often anymore these days.

25.03.2025 21:52 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Best of all, all of these amazing news sources also provide RSS feeds with full length articles!

25.03.2025 21:51 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
The Trump Administration Accidentally Texted Me Its War Plans U.S. national-security leaders included me in a group chat about upcoming military strikes in Yemen. I didn’t think it could be real. Then the bombs started falling.

holy shit www.theatlantic.com/politics/arc...

24.03.2025 16:29 β€” πŸ‘ 6843    πŸ” 1501    πŸ’¬ 333    πŸ“Œ 638
Preview
The Exalted Victory of Cold Harbor Wallpaper β€” Basic Apple Guy Praise Kier as Mark S. prepares to finish refining his 25th & final Macrodata file.

Download the 6K Wallpaper: basicappleguy.com/haberdashery...

22.03.2025 19:58 β€” πŸ‘ 16    πŸ” 3    πŸ’¬ 2    πŸ“Œ 0

If a client demands an agent in a device, it's going on *their device*.

Yes, that sometimes means I'm carrying 3 laptops to service different clients. It's a cost of doing business.

18.03.2025 11:46 β€” πŸ‘ 43    πŸ” 4    πŸ’¬ 3    πŸ“Œ 0

You might think you know all about IDOR, but that's just because you haven't seen @joswr1ght.bsky.social talk about it!

16.03.2025 18:39 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Mark is beloved by millions of kids, which makes it particularly great that he’s teaching them how to inform their parents that Tesla is a danger to children. This is another one of those β€œwe don’t need a β€˜Rogan of the left’, we need normal men” examples.

16.03.2025 17:06 β€” πŸ‘ 5812    πŸ” 1076    πŸ’¬ 87    πŸ“Œ 34
Releases Β· crahan/cloudfox Automating situational awareness for cloud penetration tests. - crahan/cloudfox

If you're looking for a Linux Arm64 build of cloudfox, I've got you covered. Builds are available at github.com/crahan/cloud... until my pull request is merged into the main repo. The 'linux-arm64' branch has the updated Makefile in case you want to roll your own. #pentesting #cloud #arm64

13.03.2025 14:33 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

Come on down to the White House Tesla Auto Mall!

12.03.2025 21:02 β€” πŸ‘ 16478    πŸ” 4980    πŸ’¬ 815    πŸ“Œ 766
Post image Post image

Tangent of the day: fixing the VMware Workstation icons that don't follow the Papirus icon theme. Good thing you can just grep for the icon names in the .so files.

11.03.2025 23:55 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

We got another "critical vulnerability" on #curl reported. I figured you might enjoy it.

"The authentication mechanism in cURL does not properly restrict the number of failed authentication attempts, allowing an attacker to brute-force credentials"

Yawn. Away, away you go.

10.03.2025 22:43 β€” πŸ‘ 33    πŸ” 38    πŸ’¬ 11    πŸ“Œ 1

10/10. No notes.

10.03.2025 19:14 β€” πŸ‘ 441    πŸ” 63    πŸ’¬ 3    πŸ“Œ 2

@crahan.n00.be is following 20 prominent accounts