Hi everyone!
I'm T, a security researcher at Microsoft. In my previous gig, I used to do some backend dev for a local startup. So, I had the opportunity to learn both research and development.
And today I show you how it comes together.
Dozens of hours and a few sleepless nights, gave birth to a new autonomous bug bounty agent. Granted, I would have loved to say 'the first' - but I came in a cool second. Check out the amazing XBow when you get a chance.
AEye is an LLM-powered BurpSuite extension. And if I had a buck for every LLM powered Burp extension I've seen on LinkedIn, I would quit MSFT and buy an island.
But to be fair, that's how AEye started. Instead of constantly querying ChatGPT for what this and that means and why things behave a certain way, I wanted it to see exactly what I'm seeing.
That is, until that motherfucker came up and said 'You should now try this X payload in this endpoint'. And I thought:
"I'm not taking orders from an LLM - you do it!"
And finally - now it does. Check it out.
[link] [comments]
from hacking: security in practice https://ift.tt/u80eZtC
Comments
Post a Comment