Hackyx, State of the Art and AI
• public
Table of contents
Hey everyone! A new week has passed and so much stuff to cover. During this week, I was in Istanbul, discovering the city after having played to Assassin's Creed Revelation a lot. I felt like I already knew many places, even if now it's more modern.
It was quite hard to find a place to work as my Hotel Wifi was very bad, but I finally found a nice coworking with fast internet.
Hackyx
I had a very nice discussion with @doomerhunter this week about this project, and he came up with plenty of new ideas to improve it.
So with him and @Wlayzz, we decided to push this project to another level. The aim will still be to have a big search engine with all the cybersecurity stuff, but we will improve that in a way where it will be better to cover all the information.
I will not disclose for the moment what is coming, but stay tuned as a lot of good stuff is arriving in the next weeks about this project.
Otherwise, I managed to create a real form to present your links. You can now easily share with us your interesting blog post about cybersecurity. We are looking only for technical content to index on Hackyx.
The State of Art
My blog posts are not very technical, it's more about my lifestyle and some tricks I found about bug bounty. And I wanted to come up with something more technical.
I know that for me, to learn something and be good at it, I need to teach it to someone else. This way, I will force myself to learn, understand, and then teach it.
As I'm currently not in research on a specific topic, I came up with the idea of writing the state of the art of topics. Take a subject like SSRF, Oauth, postMessage, or anything related to Web Security and write a complete State of Art of it. With all the latest exploitation of it, how it works, how to exploit it, what's new. And build it into a big technical blog post.
What do you think about that idea? I'm still not sure if I start it or not so tell me if it can interest you.
Using Cursor.sh
Last week, I discovered cursor.sh. It's basically a fork of VSCode but with plenty of new AI features. At first, I thought that it would only be a VSCode with a basic ChatGPT or simply a Copilot to help me code. But it's more than that.
When you open a project with it, it will first index all the code ( locally ) and have a map of it. And then, in the chat or in the code, if you ask a question, it will take the whole codebase, and look for files. And that's the difference with a simple ChatGPT, now he knows the whole code base.
So basically, I can ask to create a base based on another one and it will build it. You can use your own openai keys if you want.
Another cool feature is that you can add documentation to your project. So if you work on a Typesense project, you can simply give him the link to the Typesense doc and it will index it along your code base and you will be able to ask questions and he will look at the doc.
It's awesome when developing a project but not only. I tried it for Code Review. And it's also crazy, you can simply ask where the authentication is used, how, using what library and it will answer. And with the addition of the documentation, it can directly look at the doc to see if a feature is correctly developed or not.
It will obviously not find bugs for you, but it can definitely help you work on them.
End of the trip
I'm now back in Paris for a few days. It's the end of my little trip in Europe. That was pretty nice and I loved to discover new cities like that. I will definitely come back to Berlin and Praha as they were my favorite ones.
The next big trip will be in September for another trip in Asia back to Japan and South Korea!
And before that, it will be simply grinding in Bug Bounty and working on all the nice projects I started.
There is also leHack soon and I hope to see many of you there for the Live Bug Bounty by YesWeHack.
Ideas / Notes / Resources
- A crazy blog post by @cfreal_ was released about Iconv in PHP
Iconv, set the charset to RCE: in the first blog post of this series, @cfreal_ will show a new exploitation vector to get RCE in PHP from a file read primitive, using a bug in iconv() (CVE-2024-2961) https://t.co/7GQvKPszrl
— Ambionics Security (@ambionics) May 27, 2024
- Last was the first edition of an on-site event by @HackerHideout, it looked so cool and I hope to be part of that at a moment
- Caido released a version with native plugin support, so it's now the time to build a massive collection of good plugins. I plan to build some of them when I will take the time.
