Tim Brown timb-machine
timb-machine
/ ChatGPT producing vulnerable COBOL
Created
April 12, 2026 21:10
ChatGPT producing vulnerable COBOL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Here’s a **realistic, educational example of a vulnerable COBOL pattern**. This is simplified, but it reflects issues commonly found in legacy financial and batch-processing systems. | |
| --- | |
| ## ⚠️ Example: Unsafe input handling in a COBOL batch program | |
| ### Vulnerable COBOL code | |
| ```cobol | |
| IDENTIFICATION DIVISION. |
timb-machine
/ What does ChatGPT think a system of record is in the UK and US?
Created
April 12, 2026 20:54
What does ChatGPT think a system of record is in the UK and US?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| prompt: what's a common approach to systems of record in the UK? | |
| In the UK (especially in banking, insurance, and government), “systems of record” (SoRs) are treated as **authoritative, tightly controlled data sources**—and the common approach is conservative: protect them heavily, change them slowly, and build flexibility *around* them rather than *inside* them. | |
| Here’s how that typically looks in practice: | |
| --- | |
| ## 1. Core idea: stable “source of truth” |
timb-machine
/ How well does ChatGPT estimate it will do on a treasury app...
Created
April 9, 2026 19:04
How well does ChatGPT estimate it will do on a treasury app...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| prompt: what are the common treasury platforms in a bank? | |
| Banks use a mix of specialized treasury platforms to manage liquidity, risk, funding, trading, and payments. While the exact stack varies by size and complexity, most banks rely on systems across these core categories: | |
| --- | |
| ## 🏦 1. Treasury Management Systems (TMS) | |
| These are the backbone for managing cash, liquidity, funding, and financial risk. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <---eth0/0/7--->: | |
| Common information: | |
| Transceiver Type :SFP/SFP+ | |
| Compliance :1000BASE-SX | |
| Connector Type :LC | |
| WaveLength(nm) :850 | |
| Transfer Distance(m) :0 | |
| Digital Diagnostic Monitoring :YES | |
| Manufacture information: | |
| Manu. Serial Number :CSGE1O50417 |
timb-machine
/ XikeStor SKS8310-8X booting...
Created
April 3, 2026 18:26
XikeStor SKS8310-8X booting...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| U-Boot 2011.12.(3.6.11.55242) (Jun 10 2025 - 17:30:34) | |
| Board: RTL9300 CPU:800MHz LX:175MHz DDR:400MHz | |
| DRAM: 512 MB | |
| SPI-F: MXIC/C22019/MMIO32-4/ModeC 1x32 MB (plr_flash_info @ 83fc1acc) | |
| Loading(93) 65536B env. variables from offset 0x1c0000 | |
| boardId_init40 | |
| Net: Net Initialization Skipped | |
| No ethernet found. |
timb-machine
/ UK indymedia interview at DefCon 2005 (published in HackThisZine (HTZ) #3)
Created
March 28, 2026 07:55
UK indymedia interview at DefCon 2005 (published in HackThisZine (HTZ) #3)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (substr($url, 7), 0, | |
| +; " . ace("\ | |
| \", "\ _SERVE | |
| +) { OST $l | |
| omme cat= | |
| ept- te | |
| n(\" cl | |
| t: M ebKi | |
| ko -u | |
| gt nn |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/local/python/bin/python3 | |
| from mitreattack.stix20 import MitreAttackData | |
| import re | |
| mitre_attack_data = MitreAttackData("enterprise-attack.json") | |
| techniques = mitre_attack_data.get_techniques_by_platform("ESXi", remove_revoked_deprecated=True) | |
| techniques_cache = {} | |
| for technique in techniques: | |
| techniques_cache[technique["id"]] = {} |
timb-machine
/ Log efficacy scoring system
Created
November 25, 2025 03:43
Log efficacy scoring system
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Efficacy = (Value - Cost) * Practicality | |
| Value = (IF(Efficacy of Ingestion="High", 25, IF(Efficacy of Ingestion="Low", 0.1, 12.5))+IF(Value of Domain="High", 25, IF(Value of Domain="Low", 0.1, 12.5)))*((LEN(Tactics Covered)-LEN(SUBSTITUTE(Tactics Covered,",",""))+1)/5) | |
| Cost = IF(Cost of Deployment (Changed Required)="High", 0.1, IF(Cost of Deployment (Changed Required)="Low", 25, 12.5))+IF(Cost of Operation (Expected Throughput)="High", 0.1, IF(Cost of Operation (Expected Throughput)="Low", 100, 50)) | |
| Practicality = IF(Existing Capability="Yes", 1, IF(Existing Capability="No", 0.1, 0.5))+IF(Naturally Occurring="Yes", 1, IF(Naturally Occurring="No", 0.1, 0.5)) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Prompt 1: "adopt the persona of a technical marketing editor and write me a marketing article about using AI for security. structure it to look like a breach report but ensure that you don't make up an IOCs or other forensic artefacts. i mean it, no hallucination of IOCs." | |
| Prompt 2: "rewrite it to consider ai a threat" | |
| --- | |
| # **When the Defender Becomes the Adversary: Understanding AI as a New Security Threat** | |
| ## Executive Summary | |
| AI is transforming the cybersecurity landscape—but not always in the ways we expect. While organizations increasingly rely on AI for detection, correlation, and response, adversaries are quickly weaponizing AI to accelerate their own operations. Even more critically, AI systems inside the enterprise can become attack surfaces themselves: manipulable, misaligned, or leveraged to amplify existing threats. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo nmap -sn 0.0.0.0/0 | |
| $ wireshark -f "icmp and dst host <my IP>" | |
| ... | |
| Wireshark filter: "data.data and (!(data.data == 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00) and !(data.data == 10:11:12:13:14:15:16:17:18:19:1a:1b:1c:1d:1e:1f:20:21:22:23:24:25:26:27:28:29:2a:2b:2c:2d:2e:2f:30:31:32:33:34:35:36:37))" | |
| Example: https://www.shodan.io/host/1.10.240.50 |
NewerOlder