LiveOverflow 🔴

Managers will be the first to be replaced by AI, because they send so many Emails back and forth that we can easily train models on it 🤔

The only reason it doesn't happen is because managers protect their own job by not letting teams work on this 🧠

Got two RTX 3090 for local AI stuff.

And yes, I do see that the thermals are not optimal 🙃

Ah cool thanks! I was wondering where this is from. I was just thinking of "Fancy Bear" en.wikipedia.org/wiki/Fancy_B...

Fancy Bear! what are young russian hackers up to??

LangGraph Studio looks pretty amazing. Unfortunately local deployment requires a langsmith license (Free while in beta) :/

Are there any good alternative UIs to observe and trace LangGraph or LangChain agents?

This year two new security legends have joined the top-ten expert panel - @liveoverflow.bsky.social and @stokfredrik.bsky.social! Excited to see what analysis & insights they bring to the top ten alongside long-time contributors @agarri.fr and @irsdl.bsky.social

From the bugbounty community on Reddit Explore this post and more from the bugbounty community

This was really a good conversation!

1. OP is capable to self-reflect and be humble
2. Commenters are knowledgable and they asked the right questions
3. And OP genuinely engaged with the responses

Source: www.reddit.com/r/bugbounty/...

This is the kind of issue where you need to change your perspective. If you are stuck with "we as the attacker want to directly access cached data", you will miss the obvious.

Turns out, we can control the cache parameter, by forcing the victim to visit the link with our value!!

OP clarifies it's not the browser cache. Server-side cache would still be exploitable, right?

But no... OP explains that it's not exploitable, because an attacker cannot guess the random cache key parameter :(

Those are the real bug bounty tricks nobody talks about :P Faking bugs!!!

Jokes aside, that's not the end of the story!
A fellow hunter asks some clarifying questions. Browser cache? Server side cache? Or maybe even a service worker?

This is a great post on bug bounty reddit!

OP reported an IDOR, gets paid $2,000, and then realizes it never was IDOR. It's just a cached response...

YouTube video by FiNCH FiNCH - WENN DU DUMM BiST

This song would be fun to analyse in german or politics class outside of Germany.

The video and the dialect, combined with some pretty clever lines, you can learn a lot about the current german political and social climate 🙈 🙉

www.youtube.com/watch?v=FoD0...

Fearsome File Formats Specifications are enough, they say… 10 years after 31c3's "Funky File Formats" … Have things improved? With so many open-source parse...

Checkout his new talk from 38c3 "Fearsome File Formats": media.ccc.de/v/38c3-fears...

YouTube video by LiveOverflow What is a File Format?

My video "What is a File Format?" is also based on his work.
www.youtube.com/watch?v=VVdm...

When I was still early in my career, 7 years ago at 31C3, I saw
Ange Albertini's talk. His work on file formats always was one of those "aha!" moments for me.

So it was really nice to see @angealbertini.bsky.social (corkami) back again at #38C3 <3

Thank you @gf256.bsky.social and SuperFashi for taking time to make this 🥰

This video in particular reminds me of the the classic live CTF recordings that helped me break through an educational wall, and motivated me to start LiveOverflow

Kids these days don't even know how much opportunity they have to learn hacking from actual pros.

I know there is a lot of content out there, so it can be hard to find the good stuff. But 10 years ago you had to be lucky to find at least something.

Anyway, watch this 👇

My cat roomate always pranks me when I don't lock my laptop

Want to learn hacking? (ad) https://hextree.io Binary Exploitation vs. Web Security

Web Security vs. Binary Exploitation

www.youtube.com/shorts/Fbeak...

Let's explore the \ Zenbleed (CVE-2023-20593)

Zenbleed (CVE-2023-20593)
https://youtu.be/9EY_9KtxyPg