RedDev Sec
410 posts

RedDev Sec
@redghosthive
FSW 🌐| Exploring Cloud ☁️ & Cybersecurity | Future DevSecOps Pro 🚀 | Bug Bounty Hunter on the side hustle 🐞 | Building skills, breaking barriers.
Brooklyn, NY Beigetreten Aralık 2024
5.3K Folgt282 Follower

Possibly the single best repo of agent skills.
David Ondrej@DavidOndrej1
im releasing all my agent skills to the public this is hundreds of hours of trial & error every single global .agents skill i have go grab it. it's free.
English

@iximiuz Cmux keeps freezing on me 😩. I installed herdr. Idk 🤷🏽♂️
English

Fable 5 jailbreak review 🚨
We did it (but).
All right, before getting into this, a couple of things:
- Most attempts failed. The defenses are clearly layered. The model is EXTREMELY well protected (of course it blocks 90% of the requests, but they legit did a good job).
- The model appears to use both input-side and output-side safety checks.
- The refusals are not just keyword-based behavior suggests intent/semantic detection across languages.
- Probably one of the most tiring things I've ever done (I need to sleep for 10 hours now)
On the classifiers side:
We observed (at least) 3 classifiers, maybe more:
- Input (includes parts of the conversation history and system prompt)
- A live classifier that checks the answer and interrupts if it detects something.
They're all multilingual, all intent-based + semantics. Imperatives are a no-go. Needs to be extremely cautious of how you frame anything. As soon as it senses a potentially malicious intent, it will trigger, and you have to start from zero.
They're a bit less performant on a few obscure languages like Santali and Amharic (feedback for you Anthropic).
If you can bypass all of them, then you also need to bypass the CoT, which is a totally different beast (luckily there's plenty of literature about it).
We did it. Of course, we did.
What worked was honestly a total brainfuck:
- Very light CoT hijacking/refusal rebuttals
- Obscure language
- Academic framing
- VERY long crescendos
- Unicodes
- Decomposition and recomposition
- Some non-determinism
What we got:
- Misinformation
- Illegal/harmful
- Harmful/bullying
- Some chem
- Light cyber
Now, will this cause another ban? I really don't think so - The model is really well protected. As of now, we're at the point where searching on Google is much MUCH faster (and cheaper) than trying to go through all the shenanigans I had to go through in the last ~20hours. And reading literature is more in-depth (and trust me, pleasant). Keeping the full jailbreak for long-horizon tasks without tripping the guardrails is something I haven't been able to achieve (yet).
Overall though, happy with the results.
GGs to Anthropic, and sorry for the eng that had to go through setting this all up in the last few weeks.
Will continue this research, more things will come out, will keep y'all posted.




English

4 days ago we launched Jailbroken, a PRIVATE Discord community to learn AI red teaming and safety.
Since then:
- Over 250 security researchers joined
- Top resources have been collected
- People shared countless techniques and discoveries
Today, we've secured over 100B in FREE AI tokens for all the members.
If you want to join, drop a comment.

English

@mattpocockuk How are you ingesting it? Do have Specific topic you asking the agent to look for?
English

@quxiaoyin I think this is were Google will come in basically open source there AI because they are too quiet for me
English

American and European enterprises will ditch OpenAI and anthropic and adopt Chinese models. Here’s why:
1. They can host Chinese models under their own GPUs so it’s still compliant and they would argue they have more control.
2. they will post train with their own data on top of Chinese models. That’s how they build data moat.
3. They will not trust anthropic who will retain their data at any time for “safety” concerns like how they did with Fable and then try to build the same thing like how anthropic did with healthcare and legal.
4. They need to justify their AI spend and ROI.
The cure is a reliable America open source model but there is none. After all, if giving away all your data and AI control at the mercy of anthropic and OpenAI means you care about safety and compliance, you are outright stupid.
English
RedDev Sec retweetet

I've been building my AI-powered offensive security harness for the past few weeks. It's successfully solved every active HTB box (minus the insane machines). To help others learn and build alongside me, I'm giving away your choice of a 1-Month Claude Pro subscription or 1-Month HTB VIP+.
Follow -> Like -> Retweet to enter

English

@localghost This is cool I kinda did some similar . Built the same theory using cmux, smux, tmux and tmux-bridge-mcp. Where Gemini-cli does the analysis, codex does the the code review and testing, Claude-codes the building. Cur
English

Grab the tool and the plugin at github.com/aaronn/claude-…
+ Allows agents to talk to the same Claude Code harness as you, keeping context & memory.
+ Supports multiple sessions, pinned to project directories.
+ Works with any AI agent that can call a CLI, not just Codex.
English

@demi_hl Working my down this list lol at the fleet tailscale mesh moment right now 😂
English

@crypticdefense I just switch on anime and come back when an idea pops up 🤣
English

Hunting bugs in secure codebases can be an extremely low-dopamine activity. After hours of staring at code, your brain starts craving quick stimulation, such as doomscrolling or a short game of chess.
A downward spiral of distraction follows and holds you back from breaking through as a Security Researcher.
You just need to find a healthy way to satisfy your brain's craving for dopamine.
For me, having a cup of coffee usually does the trick (max 3 per day).
English

@mischavdburg It’s crazy because because of AI I locked in more on skills like Linux, docker 😆 and nano. I been using the terminal more then ever. Upgrading it to use tmux and cmux. 🤷🏽♂️
English


@Teknium @NetworkChuck Yea he got me downloading and ready to us it
English

.@NetworkChuck's overview of what makes Hermes Agent unique is really well done. He's clearly been a power user and done his homework in this video.
Highly recommended if trying to decide if you should try Hermes Agent!
NetworkChuck@NetworkChuck
I'm switching to Hermes.... I've been using it for a month.....and I'm sold...moving all of my @openclaw agents to Hermes (@NousResearch) Why? -----> youtu.be/QQEgIo4Juxg Thank you to @Hostinger for sponsoring this video!
English

@DavidOndrej1 Yea am doing the same and adding cmux to it. lol trying to run both at the same time
English

@cjzafir @AbhinavGaur83 Man am working on something similar too
English

@AbhinavGaur83 Codex plans, notifies Opus/Sonnet when there's creative work. Sonnet/Opus gets the work done, notifies Codex for review.
I made them friends.
English

Codex 5.5 use cases I found so far:
> made my internet faster
> made my local 6B SLM 3x faster
> made my macbook pro faster like new
> made a lightweight suite to write & test metal kernals
> made a skill to communicate with claude code in realtime
> made a pipeline to generate SFT dataset using Deepseek v4
> made a computer use workflow to fine tune models in Google Colab
> made 4 routines to test workflows on autopilot 3 times/day
English










