Golang and Weak Skill Scanners
A cryptographic look at the encrypted reasoning blobs that get passed back and forth when using the OpenAI and Anthropic APIs. I like this because it does what good security research should do: explain why the mechanism exists, build realistic threat models around it, and then actually test them instead of stopping at speculation: Let’s talk about encrypted reasoning.
Once again, elttam delivers! I’m a huge fan of little programming-language gotchas because they give you an edge as a code reviewer. These are exactly the kinds of details that turn "looks fine" into "wait, what actually happens here?". If you’re writing or reviewing Go, make sure you read this one: Golang code review notes II.
Trail of Bits bypassed multiple scanners with the kind of tricks every supply-chain security person should already be worried about: hidden files, bytecode, prompt injection, and "trust me bro" explanations. The good news is that they published the skills on GitHub, so get ready for vendors to claim they can now detect them all: The sorry state of skill distribution.
Last week @PentesterLab
📬 Never Miss Quality Security Research
Get these curated picks delivered to your inbox every week:
- Hand-picked vulnerability research
- Practical security insights
- CVE deep-dives worth your time
- No fluff, just signal
Want to build these skills hands-on?
PentesterLab has 700+ real-world labs on web hacking, code review, and vulnerability analysis. Start with a free account.
