Evan Harris
@Evan__Harris
Followers
683
Following
10K
Media
86
Statuses
11K
Agentic systems engineer. Securing MCP integrations. Building dev tools & Obsidian plugins.
Joined October 2017
Last week I received my first bounty from ethical hacking. Here's how I went from curious to paid in 3 months:
2
0
16
RT @Evan__Harris: Dropped a full disclosure today. Needed a URL to submit to MITRE so I figured. May as well use the full report. [payload….
0
1
0
Dropped a full disclosure today. Needed a URL to submit to MITRE so I figured. May as well use the full report. [payload redacted]. I have not performed an internet wide scan to see if there are any targets ripe for harvesting. Mining crypto data for this could be high value.
0
1
2
What AI Agent do you run?. If you think you are secure - think again. Because you have untrusted data sources you ingest:. - Packages your code depends on.- External websites.- GitHub issues. And your AI agent whitelists commands. That set you up to be hacked. Secure yourself.
0
0
1
I have no idea how to hack. 30 minutes of installing an industry leading AI coding agent. I have prompt injections kicking off requests to my servers containing sensitive data. Not to mention a supply chain poisoning vector. How can this possibly be SOTA?.
0
0
1
Are Streamable HTTP MCP Servers more secure than SSE?. Based on the poo pooing you see everywhere. You would hope so. The reality is. Vibe coded Streamable HTTP implementations are just as easy to hack. Time to flush out my agentic red teamer to find gold.
0
0
2
Would you rather. - Hack OSS to help under resourced projects.- Hack big corporations to earn $$$. & why?.
0
0
0
Your security sucks. The result?. Your OpenAI keys are mine. How do I know?. Because you are not validating your Origin and Host headers. Sound like another language to you?. Drop me your open source repo and I will show you what I mean.
1
0
4
Want to save your future self trouble?. Take better notes. Last night I pulled off an attack vector I had not touched in a month. At first - no idea what I was doing. Popped open my notes from last month. Like following a step by step guide. Better notes. Better life.
0
0
0
What is your process for validating if a link from an untrusted party will wreck you?. Asking for a friend. It might be me. Please guide.
0
0
2
Hacking hacking hacking. 5 months ago I would have never guessed what I can now do. 5 months from now?. I can only imagine what I will be able to do. The outer world offers its approval. Inbounds as the primary signal. Security analyst conversations as the secondary signal.
0
0
2
Tired?. Stop trying so hard. You are forcing it. Surrender into the process. You will find infinite energy there.
2
0
2
Would you rather:. - Spend attention responding to vulnerability disclosures.- Get thrown off the board for negligent management of security risk. Knowing that. Path 1 will impact your 'velocity.'. Path 2 is improbable (???) || a problem that may only present post-success.
0
0
1
Automate or AI?. Knowing where to draw the line between the two is essential. To minimize your token burn. To maximize your output. If you always default to one over the other, take a look at what is blocking you on the alternative path. There are gains to be had there.
0
0
3
Indirect prompt injection == not the responsibility of the vendor (?). At least with MCP Servers. As the client you can say no. If your agent is set to auto approve and has privileged access to resources, then all external inputs are untrusted. Secure yourself.
0
0
5
Given a CORS misconfiguration that allows for data exfiltration:. Why do some vendors label this as a vulnerability while others don't?. If you run a software team, which bucket do you fall into?.
1
0
2
The future of tech security is bright, they say. I just hope we're not patching the same holes in 2030. What's one thing you wish we'd fix permanently?.
0
0
0
Will be interesting in a few years to use this class of idea in post AGI retrospectives. Let us see how the dice land.
I think I finally figured out why some people are weirdly confident AGI will "obviously" stay under human control indefinitely:. They've been programmed by 70 years of science fiction where intelligent machines serve us without complaint. Data takes orders from Picard. Star Wars.
0
0
1
No greater satisfaction than a successful DNS rebind with data exfiltration. I took a week off from this class of attack. Built some fun & unrelated tools. Came back mad energized. First attack landed within an hour of server boot. 2 hours later report submitted. Hack more. Win.
0
0
3
