Model Context Protocol servers often rely on SSE and WebSockets, which makes manual testing tricky. @hoodoer.bsky.social introduces MCP-ASD, a new Burp Suite extension designed to help testers identify, enumerate, and interact with MCP servers more effectively. trustedsec.com/blog/mcp-in-...
Microsoft seems to be integrating #Copilot into everything. And we mean EVERYTHING. Find out what we have to say about it and how it relates to data security on the latest episode of the #SecurityNoise podcast! @hoodoer.bsky.social youtu.be/QsmdLJsvAkc
Nice to finally knock this off my to-do list. Hope it helps!
The path to tricking users to trigger this isn't so hard.
Yes!
Apparently they did post it up, they just used the camera feed:
youtu.be/O7-zxAmP13o?...
The big features missing in that talk are the mimic feature that auto generates custom payloads and network traffic obfuscation.
Let me know if you have any questions, happy to help
I'm afraid the recording didn't work, my Mac doesn't play nice with conference recordings.
If there's a specific feature you're most interested in I can recommend another video that highlights that feature.
The readme has a demo section with links to a bunch of videos.
github.com/hoodoer/JS-Tap
I use "what's my IP" sites a ton to check my routing, got tired of bloated sites.
Made a simple service for this:
checkip.sh
or
checkip.sh?ip=8.8.8.8
Command line too (-L needed):
curl -L checkip.sh/cli
or for a specific IP instead of your source IP:
curl -L checkip.sh/cli?ip=8.8.8.8
I hope you're on the discord?
Are you in the ENC area? I may be biased but I think the PWN-252 group is pretty great ๐
Bunch of us will be at the con. Bring a laptop and CTF with us.
Absolutely, one of my favorite cons all year
Looking forward to showing off the latest features. Hoping to have some fun conversations during the Livestream.
That's forboding ๐ฌ
Good luck with whatever you're dealing with
The #eagles are Conowingo at feisty. One eagle catches, 3 more chase and it's fair game to steal food if you can. #birds #eagle #wildlife #photography
What this tells me is that since we talked at Shmoo you made the move.
Congratulations, this makes me happier than you can imagine. We miss it down there terribly. I hope you have a fantastic time โฅ๏ธ๐ฆ
It's their place in the universe to be insufferable. Share it widely, it's a solid take.
Interesting mix up of approaches. I mean, I do JavaScript C2 a lot, but that's for WebApps ๐คฃ
I just pushed my private JS-Tap repo changes over to public for v2.2 release.
Network obfuscation, rendering improvements, reverse filter searching, and client fingerprinting that isn't completely broken now available.
Release notes:
github.com/hoodoer/JS-T...
Repo:
github.com/hoodoer/JS-Tap
CISA does have a top notch team, I hope they all find spots soon.
This should be fun, this is a great tool.
Senior Security Consultant Whitney Phillips will be speaking at CactusCon next week! Her session "Tips and Tricks to Creating Your First Conference Talk" will take place on Feb 14 at 11am in the Career Village. Stop by our booth too if you'll be there! www.cactuscon.com/cc13-schedule
Anyone need a @cactuscon.com ticket? I think I have a spare
The #ShmooCon 2025 talks have been uploaded
youtube.com/playlist?lis...
That was fun, glad to see you after all these years.
See all you fabulous nerds at ShmooCon
This is an impressive holiday celebration. Happy blowtorching.
It's that time of year again! We are excited to reveal our top 10 most read blogs of 2024 ๐ฅณ
trustedsec.com/blog/top-10-...
That sounds pretty fucking awful, hope it worked man.
