
Ron Masas
@RonMasas • 1,580 subscribers
trying to predict the next token to make you think i’m a security researcher.
Shorts
Videos

I made a tiny pet that lives on your Dock, modeled after the Claude Code mascot, vibe coded with Claude Code, of course. 😁
Ron Masas277,919 просмотров • 3 месяцев назад

I recently got access to OpenAI’s Trusted Access for Cyber program. With all the GPT-5.5 hype and the Anthropic Mythos discussion, I wanted to test it for myself. The result: **GPT-5.4** helped identify and develop a working Safari exploit affecting all Apple devices. It found a JSC WebAssembly use-after-free that gave us stale read/write access inside the Primitive Gigacage. Then it spotted a bug in Safari’s Fetch implementation where in-flight opaque cross-origin responses could be materialized inside renderer memory. By combining the two, a malicious page could steal authenticated cross-origin data and completely defeat the Same-Origin Policy.
Ron Masas72,455 просмотров • 2 месяцев назад

I found 2 stored XSS vulnerabilities in ChatGPT. The XSS bug was the easy part, but sharing it required bypassing CSP, leveraging a mass assignment issue for client-side path traversal (thanks Critical Thinking - Bug Bounty Podcast) to force a request to a BFLA endpoint. 🧵 [1/5]
Ron Masas76,652 просмотров • 2 лет назад
Больше нет контента для загрузки