Type of vulns, Pentest, and Architecture
• public
Table of contents
This week was intense for me, beginning of the year, a lot of stuff to do, and it was great.
I started the season of pentests, which is so nice to cover some of my expenses.
And I also wanted to build a nice architecture using AI for myself, which I will tell you more about.
Type of vulnerabilities
I'm currently on a web pentest, and I found a bunch of different vulnerabilities and a ton of XSS. The thing was that I was looking for them, as this was the first thing I found.
And it reminds me of the fact that you only find what you're looking for. It's quite obvious, but we face that every day.
A lot of people tell me that they never find any SQLi or RCE, but do you really look for them? It's also the case for me, and I usually don't find these, especially because I never look for them.
I love to see the example of my friend Icare, who always finds RCE. It's crazy how much RCE he can pop, but the truth is that he is mostly looking for them. And when he sees me looking for IDOR, he is always amazed by the fact that there are tons of IDORs as well that he never found.
I think it's important to look at it and think about what you really want to look for and start really dig about this.
On my pentest, I wanted to find more impactful bugs like SSRF or RCE, and started to look for entry points for them. And after a few minutes, I found a nice SSRF in a pdf generator. My intention was to find it, and I found it. Of course, it's not always the case, but it helps a lot to switch my focus to a specific task like that.
Pentest
Talking about pentest, I'm very happy about this one, as I contacted the company directly and they were directly onto giving me a contract. And I started the week after.
It will probably be for multiple pentests as the application is huge, and it's so nice as this is an app that I use mostly every day, so I already know it.
I will probably have other pentests during Q1 to cover some expenses, and I'm really looking for them.
To write my report, I used to use Sysreptor, which is nice, but I wanted to try something new. My friend Hippie is currently building a company called Vulnote,s which is very helpful to help pentesters write reports.
I'm trying his solution, and by far, this is the best experience I ever found to write a pentest report. And I'm really looking forward to his product being fully released for you to use. I will write a better review of it when it is the case, so stay tuned.
Architecture
This year, I also wanted to work back on my homelab and set up stuff that is really helpful for my workflow.
The first step was to use Claude, and especially Claude code. This is an amazing piece of software, and after using it for almost two weeks, it's so helpful when it's well configured.
I first went to configure it like PAI from Daniel Miessler. This is a really great architecture, but in my opinion, it's too much for me, and I prefer to fully understand what I'm doing.
So I decided to write my own skills and commands based on what he did, and do something simpler. For instance, as I'm writing the CTBB podcast notes, I did a full automation to help me. I gave him all the contents to notice the perfect tone and architecture of the articles.
And now, I can give him the transcript of the episode and it will help me build the article. It will not write it totally for me, but the base is perfect for me to then listen to the pod, and write it back.
Another piece of the architecture is the note-taking system. I love using Bear, this is very Apple-oriented, clean and minimalist. The issue with that is it's not very suitable for AI. I want something that I can use with Claude, and be helped to write or take notes.
An alternative is Obsidian, and I'm currently looking into the best way to integrate it into my workflow. I'm still not sure about how I will use it.
I also installed Clawdis, which is pretty great to talk to agents directly from WhatsApp ( what a lazy world we live ), and I will put all my skills into it to be able to control my stuff directly from the couch.
By simply creating my own MCP servers to like, make some recon, do requests or automate stuff, I will be able to wire any agent into that and make anything possible using only my voice.
For the voice system, I'm using SuperWhisper on mac which is great; the free version is enough, even if sometimes it misses some words.
On top of that, everything will be located in my homelab, accessible only via Tailscale.
I want all my stuff to be safe and replicated/backed up. This way, I can lose my Mac, my phone, or my home can be burned, I don't want to be worried about. For that, I will take a look at Syncthing, which looks pretty nice, and do the best backup system I can.
A lot of stuff to work with, and I love doing it. I also came back to working a lot with analog systems like notebooks.
I bought a notebook for the year, writing a lot in it, and also a shorter one to just dump my brain. And it's pretty useful when it comes to thinking and being creative.
When looking for bugs, I can just write my thoughts and it helps a lot have a clearer path. So I will continue in this way and write more.
It's still unclear about the full architecture, but when it is done, I will for sure make a good article about it. Also, if you have any questions, feel free to ask me.
