bug-bounty529
xss292
rce162
google143
account-takeover122
bragging-post118
facebook107
exploit105
privilege-escalation102
microsoft95
authentication-bypass94
open-source94
malware92
csrf88
cve76
stored-xss75
access-control75
ai-agents66
web-security65
reflected-xss63
phishing60
writeup57
input-validation52
sql-injection52
information-disclosure51
ssrf51
cross-site-scripting49
reverse-engineering49
smart-contract49
api-security48
defi48
apple47
tool47
privacy47
ethereum45
vulnerability-disclosure42
web-application40
ai-security39
opinion38
responsible-disclosure37
llm37
burp-suite37
browser37
web337
automation36
race-condition36
remote-code-execution35
lfi34
dos34
credential-theft34
0
7/10
Comprehensive technical comparison of FreeBSD's Capsicum and Linux's seccomp-bpf sandboxing models, analyzing their opposite architectural philosophies (capability subtraction vs. syscall filtration) and demonstrating why Capsicum's structural approach is immune to bypass vulnerabilities like CVE-2022-30594 that affect filter-based systems.
sandboxing
capsicum
seccomp
freebsd
linux
process-isolation
capability-based-security
syscall-filtering
privilege-restriction
ambient-authority
tcpdump
architectural-comparison
cve-2022-30594
FreeBSD
Linux
Capsicum
seccomp
seccomp-bpf
Robert Watson
Jonathan Anderson
Andrea Arcangeli
Will Drewry
CVE-2022-30594
USENIX Security
tcpdump
BPF
PTRACE_SEIZE
0
5/10
Agent Safehouse is a macOS-native sandboxing tool that enforces kernel-level deny-first access controls to restrict LLM agents (Claude, Codex, Gemini, etc.) to specific project directories, preventing accidental or malicious access to sensitive files like SSH keys and AWS credentials outside the target workspace.
sandboxing
macos
local-agents
llm-security
access-control
kernel-enforcement
privilege-restriction
ai-agent-safety
tooling
Agent Safehouse
Claude
Codex
Gemini
Copilot
Cursor
Cline
Aider
eugene1g