Sick.Codes

Playing Doom on a John Deere tractor display (jailbroken/rooted) at @defcon

vibe coded a fuzzing ai agent last month and let it run for a week using my $200 claude max. it then found 21 high/critical vulnerabilities in Chrome.

🚨BREAKING: SUPER MICRO CO-FOUNDER ARRESTED FOR SMUGGLING $2.5B IN NVIDIA GPUs TO CHINA >SMCI co-founder Yih-Shyan "Wally" Liaw arrested today >personally holds $464 MILLION in SMCI stock >charged with smuggling BILLIONS in Nvidia servers to china >used a southeast asian shell company to funnel $2.5B in servers to chinese buyers >$510 million worth shipped in just THREE WEEKS in spring 2025 >built thousands of fake dummy servers to fool U.S compliance auditors >caught on surveillance camera using a HAIR DRYER to swap serial number stickers >coordinated the whole thing over encrypted group chats >SMCI down 12% after hours >faces up to 30 years in federal prison ITS SO OVER…

oh my god

Last year, a human trafficking victim trapped in a crypto scam compound in the Golden Triangle region of Laos contacted me. He proceeded to leak a huge trove of the compound's internal materials. Then he had to get out alive. This is his story. 🧵👇 wired.com/story/he-leake…

May I present to you; a full copy of doom, running inside of a Rollercoaster Tycoon 1 save game exploit ✨ Thanks for everyone that came to check out our @DistrictCon Junkyard talk! We had a lot of fun putting it together. (check the thread for slides / exploit)

So Sony just sold the majority of its TV business to TCL. Truly the end of an era. I don’t think younger generations today (can) understand what it meant to walk into someone’s house and see a Sony TV.

I just found this in my son’s room is he doing drugs?

@octal Where I live, outside is hot, but I also try to keep CO2 <1000-1500ppm at night. Gotta sacrifice the perfect temperature for good air flow sometimes. Or at least get CO2 down to 500 by opening everything up before you’re ready to sleep.

My current struggle: hotel room feels stuffy and co2 >1000 with just me in it. Running fan or heating/cooling hvac at any temperature doesn’t help. Opening the 200yo massive windows helps a lot, but outdoor temp is 0 degrees C, a bit nippy. This man is mocking me.

AI-powered pre-workout powder…

Biggest web scraping company in the world is suing a web scraping company for web scraping its content obtained through web scraping.

i have never failed a phishing test because i always raise a ticket directly with the cyber team pointing out that an email signed + passing DMARC & SPF from our domain AND bot addy with 0 mailtrace results means that the attacker already pwnd our exchange server n its too late

@mrkspflr I saw it, just updated to 26.1 😆

found the redhat exec

Sometimes Linux developers are M0R0NS. Ubuntu 22 LTS, apt upgrade to kernel 6.8, rebooted, networking is gone, no interfaces ... why? Because some IDIOT decided to move a huge amount of network drivers to the linux-modules-extra package, not installed by default. Once you reboot, without networking, you can only install it via USB drive ... if you manage to figure out WHY your network interfaces are all unclaimed. Who the hell thought this was a good idea?

Fuzzing and vibe hacking is addicting like gambling: 1. Spend cash to buy token credits or compute 2. Hope to get bugs 3. Repeat

Great Natto read by @MeiDanowski on a key event that preceded China’s 2021 regulations mandating vulnerability disclosure to the state, featuring excellent research by @sickcodes :) (link in thread)

Researcher @sickcodes found a vulnerability in TCL TVs and reached out to TCL. What happened next became a masterclass in what NOT to do-eventually, what TO do. New analysis from Natto Thoughts - how a single disclosure reshaped China’s approach to cybersecurity and control.

the capacitor is doing the job outside his job description

As the operator of a soup kitchen, I don’t see why I should be expected to fix health code violations people report. After all, we are run almost entirely by volunteers

hot take: maybe instead of reporting vuln and getting cves, security nerds should just sell exploits that way devs won't need to bother with too much reports, only critical one that got exploited would need to be fixed. neat!