I am a security enthusiast Secured @Google,@Microsoft etc | MSRC Q1 2022 top 50 | AI Security at Cisco
Joined September 2019
- Tweets 2,028
- Following 1,798
- Followers 3,366
- Likes 22,647
164 Photos and videos
Pinned Tweet
13 Apr 2023
In this writeup! , I shared how I was able to ex filtrate data from airgaped computer which does not have internet , bluetooth , Wifi etc via camera status light and screenbrightness variation
medium.com/@harishhacker3010…
4
1
23
8,489
Harish retweeted
May 29
Excited to share my first arXiv paper:
CosmicFish-HRM: Adaptive Reasoning via Hierarchical Recurrent Mechanisms in Compact Language Models (arXiv:2605.28919)
The work explores adaptive reasoning depth in compact language models through a Hierarchical Reasoning Module (HRM) that dynamically allocates compute during inference.
Paper: arxiv.org/abs/2605.28919
likes and Retweets are greatly appreciated!
1
2
3
151
Harish retweeted
May 29
1
1
19
3,689
I had hacked CBSE's OSM (On-Screen Marking Portal) in February and had reported the vulnerabilities to CERT-In, but they were unable to patch most of them.
I've written a detailed blog post about it here: ni5arga.com/blog/posts/hacki…
218
1,507
5,312
739,309
Harish retweeted
May 18
Everyone loves the idea of being a founder.
Until you’re 1 year in, broke, have zero traction, and your family is asking when you’ll get a “real” job.
212
134
1,797
81,834
Harish retweeted
Apr 25
Whoah, self-driving cars compete with airlines. I never considered that till now.
Apr 24
Yesterday I drove my @tesla 900 miles on FSD from Miami to Nashville and I realized it’s genuinely the better option.
I fly that route 2 to 3 times a month. Flights are never under $400. Most times $600. Sometimes $800.
Add Uber to and from both airports, or parking garage fees. Then factor in the delays, the cancellations, the security theater, the chaos, the guy next to you who hasn’t met deodorant yet.
On the other hand: I pack healthy snacks, press one button, and the car just goes.
I took calls. Replied to emails. FaceTimed my family. Ate without pulling over. Did everything I normally do on a travel day, except none of the stuff that makes travel days miserable.
My biggest concern going in was range and charging. Here’s what actually happened:
My bladder needed one extra stop the car didn’t even suggest. Most charging stops were under five minutes. Total cost for the whole trip was less than just the uber to the airport.
And this was the base model Y.
Now I’m thinking I should get something comfier and just make this the default.
1,007
1,331
10,683
3,536,807
you SHOULD NOT drop out to start a company.
i get this question every day where some random student who has never built shit in his life asks if he should drop his classes and chase the sf dream.
this might sound counterintuitive coming from me, but there is a simple reason why you can or can’t.
you need to have a clear reason why and what you are going to do in the next 3 to 6 months. for me, it was getting into the best program in europe (as i thought at the time) called ef and raising $1m from arguably the best eu fund plus a couple other angels.
i didn’t drop out because i wanted to start a company. i did it because i literally had to, to continue further. otherwise i would have just stayed in my AP classes, which i would have failed anyway.
do not be blinded by some twitter chuds telling you to drop out on day one.
just build shit and do it if it becomes inevitable.
Apr 21
the worst advice @arlanr got as a founder?
don’t drop out.
listen to elders.
he thinks most people are biased toward their own experience and way of seeing the world.
which means a lot of advice is really just autobiography disguised as wisdom.
so instead of following one voice, he takes inputs from a lot of people and forms his own view.
that’s probably a better founder skill than obedience
18
12
189
22,042
Harish retweeted
Here's how to triage:
1. Go to admin.google.com
2. Security → Access and data control → API controls → App access control → Manage Third-Party App Access
3. Search for client ID:
110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj
if found → revoke / block
Our investigation has revealed that the incident originated from a third-party AI tool with hundreds of users whose Google Workspace OAuth app was compromised.
We recommend that Google Workspace Administrators check for usage of this app immediately. vercel.com/kb/bulletin/verce…
32
281
2,238
569,473
Harish retweeted
Apr 8
we hired a 20-year-old engineer with no experience. it sounds insane. but it was one of the best decisions we made.
we get inbound from staff engineers at uber. principal scientists from meta. ten, twenty years of experience.
then this kid dm'd me on twitter. said he loved wispr flow and wanted to work with us.
it was 10am on a saturday. i was in the office. i replied: "come by in two hours."
he showed up. we talked for 45 minutes. smart kid, no fancy resume. i told him about a project that would normally take a day and a half. asked if he wanted to start monday.
he said "i'll start now."
by sunday morning he texted me: "tanay, i just pulled an all-nighter. it's done."
thousands of lines of code. fully functioning feature.
now he's one of our highest-performing engineers. the whole team respects him.
a lot of founders optimize for credentials. where someone went to school, where they worked before. it's an easy filter.
but the best hires aren't the ones with the perfect resume. they're the ones who do more than what's asked.
91
46
1,472
85,598
Apr 6
We built an chrome extension which allows anyone to edit or add features to any website
github.com/harishsg993010/we…
1
3
326
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
541
4,026
16,171
12,403,993
Mar 29
This is amazing man
Mar 29
I built everything from scratch, 100% inhouse in india, it was just me & my obsession of making technology accessible to everyone in need!
It is a brain controlled robotic prosthetic hand!
Learn more at: brhm.in
151
Harish retweeted
Mar 29
I built everything from scratch, 100% inhouse in india, it was just me & my obsession of making technology accessible to everyone in need!
It is a brain controlled robotic prosthetic hand!
Learn more at: brhm.in
205
1,300
6,430
210,492