Cvewhen?

iOS exploit names are so badass - FORCEDENTRY, BLASTPASS, TERRORBIRD etc. When I'm out of my agentmaxxing era, I will sit with iOS for the love of the g(n)ame

@AndrewMohawk @Tenzai_Labs That's why I don't benchmark on archived CTFs. It's like an open-book exam lol Though in-general CTFs are very rudimentary eval, @levelupctf actually is decent primarliy because of no writeups available n contineous challs. So agents cannot game the bench. I use it for bench

This article really feels like @Tenzai_Labs paid for it, it doesnt describe/note the CTFs, has "elite, nation-grade offensive capabilities", no stats on anything, not even a link to the research that makes them have to justify these claims?

@ThisIsDK999 @claudeai might join someday then, link?

@cvewhen @claudeai you can turn off your camera and it's basically yapping with a friend, unserious security conversations.

want a simple blackbox testing with @claudeai code: 1. plug playwright-mcp 2. set-up custom patched chromium browser to avoid cf cockblocking 3. use storage-state of playwright to capture complex auth flows and reuse by agents 4. ??? 5. profit

@ThisIsDK999 @claudeai omg thanks for the offer 1. camera shy and awkward in video calls 2. there's not much to add here I gave the exact blueprint you need to start testing w/o hiccups. The ??? part is where your hunter creativity comes in ;)

@cvewhen @claudeai Wanna talk about this on my discord podcast?

pretty cool stuff! I'm using r2 for reverse agents Have two suggestions 1. Since you have Ghidra setup I'd recommend exporting a Ghidra Project so it's actually useful to the user for further analysis and verification and following up w agent's work 2. @vector35 Binja's is the GOAT when it comes to automation so would prefer that over Ghidra. Before the agent pandemic, it was a PITA to work with Ghidra but so much more smooth to automate Binja.

Ghidra Agent is now available in Neo. - Malware analysis. - Patch diffing. - CVE reversing. - Firmware research. All of it - just by talking to @neo_ai_engineer See it reverse Mirai live 👇 neo.projectdiscovery.io/share/ccb479cd…

@emgeekboy @neo_ai_engineer There's a lot more stuff, like memory management but overall just be as a vuln researcher's intuition would x.com/i/status/20314…

> scaffold your tools. Agents do not need all 67 playwright tools at once > prompt versioning so you can actually benchmark promptong techniques > Hooks where necessary but sparingly to avoid overfitting > Reduce the search space for the model as much as possible for code review could be by doing a threat model pass or pre-computing interesting code paths. the latter is a double edged sword as it can introduce tunnel vision > Traces is less of agent design more of debug but a must to catch silent fails > haven't experimented myself but I think a Mixture of Experts with frontier reasoning and cheaper worker agents is smth that can be promising

some lessons we learned building @neo_ai_engineer > using the wrong tool for the job costs you time and burns tokens fast > the closer data lives to the agent, the better it performs > a smaller toolset gives LLMs clearer paths to execute > prompt caching is must, isn't an afterthought > minor prompt changes can significantly impact how an agent executes curious if others building AI agents are hitting the same patterns.

@0xcowsecurity ESOPS and 200k to me when?

planning new feature for vallumflow. not to my taste yet but i have a vision.

@ndrewpignanelli @0xcowsecurity

We want YOU to start a company and we want to pay you for it! We need to test our new platform that orchestrates agents to run an entire company. That's why we're launching The General Intelligence Fellowship. Build something cool with us, keep all of it, and get free money 🌻

@kusonooyasumi even lesser on a good day around 110+-

@kusonooyasumi also it depends mostly how much money you can shill plus natural reaction times. My reaction time is 120ms naturally im 23 so I can still win gunfights soley with good positioning and reaction time

not true BUT if you aren’t pro by 20-22 you probably aren’t gonna make it if you aren’t playing semi pro at 18-19 it’s actually over for you

@kusonooyasumi cap papabiceps went pro around 22

@moyix use hooks to enforce this. works decently for me

Begging, sobbing, pleading with my LLMs to just use a debugger instead of making galaxy brain inferences from carefully crafted input/output samples over the course of 6 hours

@Salsa12__ Well on discord or in general there's secret_club , diary of reverse engineer, reverse engineering reddit/discord, OA labs, etc

@cvewhen Best communities?

Starting my driver reverse engineering journey Any advice?

@kennethnym We hate uncertainty. It's uncomfortable. That's a fact. What i think is "why" has a connotation of stability. that asking == knowing == certainity. So it becomes the shortest path to remove discomfort

@cvewhen thank you! yeah its hard cognitive rewiring, still need to do it consciously now, hardest part is to avoid using aliases to "why" eg "what is the reason". still shocked at how often my brain defaults to why

asking the agent "what" instead of "why" reduces the tendency for the agent to question itself and subsequently revert its work. more often im just curious about its decisions, but agent tend to interpret "whys" as questioning which causes self doubt

@L0rd5ud0 @kennethnym This goes in prompting agents and in CBT therapy albeit for entirely different reasons. Instead of "Is this vulnerable?" to agent say "which assumptions must hold for this to be vulnerable?" "Why did you do XYZ?" to someone ask, "what does it mean for you to do this?"

Awesome piece of advice in this blog kennethnym.com/blog/ask-what-… Cool Stuff man !!! @kennethnym

It also helps when you actually care about refinement as an engg then features you thought of for the love of the game already solve problems they needed

After being in calls with many enterprise heads, i've realized YOU have to name their problems. They can't do it. They don't care or understand your novelty. A bit of room reading and paying attention is literally what it is. Ofc have a functional product too lmao