Time for another #LastWeekInAppSec for 12. Aug 2025: ChatGPT-5 system prompt leaked, CISA supports CVE, and AppSec Village completes
π§
OpenAI released GPT-5 in its ChatGPT platform, but researchers almost immediately discovered and published the ChatGPT5 system prompt, reminding us that system prompts should not contain anything critical or sensitive.
π
οΈ CISA (US Cybersecurity & Infrastructure Security Agency) pleged continued support of the CVE program, an important message after Aprilβs de-funding scare.
π
The AppSec Village at DEFCON33 ran, with many engaging and educational talks. Keep an eye on the YouTube channel, but be patient β it can take a few months.
More details and links: https://checkmarx.com/zero-post/last-week-in-appsec-2025-08-12/
@willasaywhat@infosec.exchange nah weβre going to reboard at 3 and hope for the best.
@willasaywhat@infosec.exchange success! Hope it goes well for you soon!
@willasaywhat@infosec.exchange weβve been on the tarmac for over an hour, but at least havenβt been sent back.
@willasaywhat@infosec.exchange ha! I lied. Back to the gate we go.
Man, it's been ages since I've seen Dual Core perform; it's good to see people actually out on the floor too #defcon #defcon33
Trying to flash the hackers.town #meshtastic node badge at #DEFCON33 under Linux? Use the command-line esptool option, but first add udev rules and make sure youβre in the group
lsusb to find vendor and device ID
add a rule in /etc/udev/rules.d
sudo udevadm control --reload-rules
You should have a /dev/ttyACM* make sure your user is in the same group as it.
esptool chip-id
(Not chip_id!)
When all that works you should be able to download the right firmware and flash
Oh! And another note: the Boot button has to be held down when plugging in to get the thing in JTAG mode. Itβs on the main board (the one that has the USB-C), itβs a tiny-ass button with a βBβ label.
Trying to flash the hackers.town #meshtastic node badge at #DEFCON33 under Linux? Use the command-line esptool option, but first add udev rules and make sure youβre in the group
lsusb to find vendor and device ID
add a rule in /etc/udev/rules.d
sudo udevadm control --reload-rules
You should have a /dev/ttyACM* make sure your user is in the same group as it.
esptool chip-id
(Not chip_id!)
When all that works you should be able to download the right firmware and flash
Day 2 of our Pod at #DEFCON33 is going well! (Photo taken and used with permission)
You know your #DEFCON village pod is going well when participants are happy to let you take and share their pics! #DEFCON33 #AppSecVillage
(And weβre doing this again tomorrow! 1pmβ3pm. Come say hi!)
Attributions under test are fairly reliable, but not perfect. β Estep & M #BHUSA #LivePost
Trained an XGBoost model per application, only 93 out of 500k were incorrectly attributed for worst case (Box) β Estep & M #BHUSA #LivePost
Behaviors to look for: unusual DNS, weird repo access, large external data transfers. Over 185 signals in total, including request completion times, interval between requests, sequences and patterns, HTTP methods used and codes in responses, file types being transmitted β Estep & M #BHUSA #LivePost
Attributions under test are fairly reliable, but not perfect. β Estep & M #BHUSA #LivePost
Darren Meyer :donor: