MonkeHacks #65

What a crazy week! I’m utterly exhausted. I woke up at 5:30am yesterday, and flew to Dublin (it’s only an hour away) and made my way to the conference. Thankfully my talk went smoothly (aside from a hiccup in iframe sandboxing) and it seemed to motivate a few people. I flew back later that day, and I only made it back to my apartment in Edinburgh at 1am.

I don’t have any more talks planned for a while now - so back to some nice technical work. H1-6102 kicks off soon, so for now, I want to focus on building a simple, locally hosted RAG setup to make the information management process a bit easier. NahamCon’s AI track gave me some good ideas. If you haven’t seen Daniel Miessler’s talk, you should - he talks about a “Unified Entity Context” (it makes more sense when you’ve seen the talk) and that concept struck a chord with me.

Weekly Ideas / Notes 

• I spoke at Nahamcon this week - huge thanks to Nahamsec! It was an awesome experience and the other talks were simply phenomenal. NahamCon is always one of the big bug bounty occasions of the year. I tried to talk about something a bit different to the usual AI talks, so I hope it met your expectations!

• I gave a workshop on client-side hacking at Bsides Dublin. The slides, and potentially a recording, will be available in the next few weeks. For those who attended - thanks for coming! The workshop covered the basics of how Javascript works with the DOM, as well as some more advanced techniques with some basic lab exercises.

• I’ve been studying SAML lately - I’m working on porting the SAMLRaider Burpsuite extension to Caido next month. I did about half of the SAML labs on Pentesterlab this week and I really enjoyed them - SAML isn’t as cryptic as I thought it was, once I actually sat down and learned it in depth. I’d also like to upgrade my old Pets plugin to the updated Caido SDK so it’s usable again - this is all stuff I’ll work on after H1-6102 while I’m travelling around the other side of the world.

• I said I’d answer some of the NahamCon talk questions I had this week, but the talk videos are members-only content for now so I’ll just write the ones I remember.

  • Do you like bananas? Yes. Yes I do.

  • Have I benchmarked my learning process between models? Not really. I find that ChatGPT’s answers are a bit easier to work with, but Gemini is still excellent. I only pay for the Gemini subscription because it includes storage, NotebookLM Plus and other things in Google Workspace for roughly the same price as ChatGPT Plus, and I don’t like spending money.

  • If you have more questions, DM them to me or reply to this newsletter email (I’ll see it). I’ll add your questions to next week’s issue, if I get any.

Resources

• Chainspotting 2: The Unofficial Sequel to the 2018 Talk “Chainspotting”: Ken Gannon talks about how he achieved RCE on the Samsung Galaxy S24. This is one of the best talks I’ve ever seen. It is a MUST watch.

• I won’t post any more resources here this week because 1) NahamCon ‘25 is worth a watch and it’s several hours of good content and 2) the OffensiveCon ‘25 talks are also phenomenal, and deserve a watch as well. I just highlighted Chainspotting 2 in particular because it might be one of my favourite talks ever. You can find the other OffensiveCon talks here. I believe the NahamCon talks will be uploaded in the next week or two. I’ll link those next week.