Low cortisol vibes
P
pancake@infosec.exchange
@pancake@infosec.exchange
Posts
-
Low cortisol vibes -
Who's more exhausting?damn, forgot to set the multiple-choices checkbox
-
Who's more exhausting?Who's more exhausting?
-
TIL Docker v4.58+ have the `sandbox` subcommand to run commands with restricted filesystem access, ideal for running coding agents in yolo mode (or any other software you can't trust like ghidra or ida)Jk. Docker sandbox only works for real programs. Aka the ones that run in a tty
-
TIL Docker v4.58+ have the `sandbox` subcommand to run commands with restricted filesystem access, ideal for running coding agents in yolo mode (or any other software you can't trust like ghidra or ida)@buherator yes that would be the same if you run the agent inside a docker with a mouted volume. Docker sandbox afaik just makes it easier to use
-
TIL Docker v4.58+ have the `sandbox` subcommand to run commands with restricted filesystem access, ideal for running coding agents in yolo mode (or any other software you can't trust like ghidra or ida)@buherator yep, escaping agent sandbox is a pretty common vuln and all agents are affected because there's literally no way to fix this than just add more checks when a escape is found. and even if you are requested to give permission to a directory, agents can write programs and execute without supervision or with hidden ways which makes it possible to access anything bypassing the classic checks.
-
TIL Docker v4.58+ have the `sandbox` subcommand to run commands with restricted filesystem access, ideal for running coding agents in yolo mode (or any other software you can't trust like ghidra or ida)@buherator it creates a VM for each program you run, the program inside can’t see your system processes and there, and probably the main positive point here is simplicity to use and manage
-
TIL Docker v4.58+ have the `sandbox` subcommand to run commands with restricted filesystem access, ideal for running coding agents in yolo mode (or any other software you can't trust like ghidra or ida)TIL Docker v4.58+ have the `sandbox` subcommand to run commands with restricted filesystem access, ideal for running coding agents in yolo mode (or any other software you can't trust like ghidra or ida)
-
Last wednesday I sat down at the #paulsecurityweekly podcast to talk about static analysis with @radareorg and mobile security.RE: https://infosec.exchange/@NowSecure/116251163921885755
Last wednesday I sat down at the #paulsecurityweekly podcast to talk about static analysis with @radareorg and mobile security. The video/audio is now online! https://www.scworld.com/podcast-segment/14644-hacking-ip-kvms-reversing-with-radare2-sergi-alvarez-psw-918
-
Gotta say #IDA Semantic Engine sounds incredibly cool!https://hex-rays.com/blog/2026-product-direction-priorities@buherator sucks to read their llm based release notes posts. So many mistakes and weird constructions.
-
I just released new versions of r2, r2ghidra, r2frida, r2mcp, r2ai, r2sarif, r2yara, iaito and r2hermes!I just released new versions of r2, r2ghidra, r2frida, r2mcp, r2ai, r2sarif, r2yara, iaito and r2hermes! Time to cook my lunch now! Merry xmas!
-
Still trying to find a reason to use openclaw 🦞Still trying to find a reason to use openclaw 🦞
-
Minimal techno track of the day https://www.youtube.com/watch?v=i8QbpQA0R-YMinimal techno track of the day https://www.youtube.com/watch?v=i8QbpQA0R-Y
-
ghiblibytesghiblibytes
-
One of the original posters made for the release of the first 'Sonic The Hedgehog' film, featuring the original Sonic design. -
https://www.gimp.org/news/2026/03/02/gimp-3-2-RC3-released/ -
I have to rethink the way r2pipe2 works in r2js, im not really happy about the current exposure which makes it more confusingI have to rethink the way r2pipe2 works in r2js, im not really happy about the current exposure which makes it more confusing
-
Plot twist: with mai, you can use mcps as cli tools.RE: https://framapiaf.org/@newsycombinator/116155929714353529
Plot twist: with mai, you can use mcps as cli tools. It will do all the parameter parsing and session handling for you
-
Spread the word!@phrack sad link
