ControlZ

751 posts

ControlZ banner
ControlZ

ControlZ

@ControlZ_1337

@immunefi Elite All Star | Security Researcher @_blockian | #21 all-time whitehat @immunefi | #8 all-time whitehat @hackenproof

Katılım Mart 2023
256 Takip Edilen2.2K Takipçiler
Sabitlenmiş Tweet
ControlZ
ControlZ@ControlZ_1337·
Another milestone on our @immunefi journey! But I’m not settling — most whitehats at this level have already hit $1M. We still have work to do to earn this spot truly, and we will get there. Mark my words 🫡
Blockian@_blockian

Just reached rank 30 on @immunefi all-time! This also marks the halfway point on the road to $1 Million! ▓▓▓▓▓░░░░░ $527k / $1M

English
7
3
78
13.5K
Tammy.eth
Tammy.eth@jvst_tammy·
@ControlZ_1337 this actually makes me want to ask you a couple of questions about how you think about auditing vs building trade-offs. cool if i dm?
English
1
0
0
5
ControlZ
ControlZ@ControlZ_1337·
Why did no one tell me building an open source project is this much work? With an internal tool, you know the users. It can be a little weird, opinionated, and full of shortcuts - as long as it works for you. With open source, you have to think about every edge case, every way someone might shoot themselves in the foot, every confusing UX decision, every missing feature, every undocumented assumption... and then realize someone will still use it in a way you never imagined.
English
4
0
33
2.4K
ControlZ
ControlZ@ControlZ_1337·
In the competition? The workflows performed really well. If anything caused us to miss issues, it was me - not the workflows. There was a delay between a workflow finding a vulnerability and me actually reporting it on Immunefi. I intentionally didn't automate the reporting process because I wanted to manually verify every finding and make sure we only submitted high-quality reports. The downside was that it created a backlog of vulnerabilities waiting to be reviewed. By the time I got to some of them, they had already been patched - either because another researcher reported them first or because the project's team found and fixed them internally. So I ended up missing the reporting window on quite a few issues. If every finding had been reported the moment the workflow discovered it, I'm pretty confident we would have ended up with significantly more valid reports.
English
0
0
2
27
ControlZ retweetledi
Blockian
Blockian@_blockian·
Confession time: @ControlZ_1337 didn't manually review a single line of code in this competition. Everything was done through custom AI workflows that we built and orchestrated using our own platform: open·kritt. And as the name suggests, we're open sourcing it. @Kritt_AI We're planning to release it this week (hopefully), so if you don't want to miss it, go follow @Kritt_AI for updates. Our hope is that open·kritt helps more researchers build powerful AI-assisted security workflows and ultimately makes the Web3 ecosystem more secure :)
Immunefi@immunefi

🚀 The @jump_firedancer Audit Competition is a wrap! 🔥 $500k in reward pool has been paid out! 🏆 Top Winners: 🥇 @_blockian - $78,150 🥈 @al_f4lc0n - $57,778 🥉 @Haxatron1 - $57,558 4⃣ @innertia_jp - $39,485 5⃣ @pks_eth - $27,535

English
15
6
244
28.6K
ControlZ
ControlZ@ControlZ_1337·
Great question! Regarding motivation: I'm aiming for more than just bug bounties in the long run. I don't plan on being a bounty hunter forever - I want to build products as well, and this is a great opportunity to gain experience while creating something useful. If, on top of that, it helps the community and makes the Web3 ecosystem safer, that's a win for everyone. As a user and member of the community myself, I benefit from a more secure ecosystem too. I can't personally defend every protocol at once, but hopefully this can help others do that. Regarding our edge: We have a long list of internal workflows that we use today. We won't be open sourcing all of them, because we do want to preserve some of our competitive advantage. That said, we're also not going to publish low-quality or only examples. The workflows we do release are ones that have already proven themselves - they've helped us land multiple five-figure bounties and even a six-figure bounty. Some of our more advanced workflows will remain private, but we think what's being released will still be genuinely valuable to the community. Hope this answers your question :)
English
0
0
1
41
ControlZ
ControlZ@ControlZ_1337·
@jvst_tammy This is what makes auditing fun and development hard if you ask me 🤣🤣
English
1
0
1
18
Tammy.eth
Tammy.eth@jvst_tammy·
@ControlZ_1337 this is basically what makes auditing hard too. anticipating the user who will use it in a way you didn't design for
English
1
0
2
30
ControlZ
ControlZ@ControlZ_1337·
Small correction 😅 Looks like I wasn’t 100% clear. open·kritt isn’t available just yet! We’re putting the finishing touches on it and fixing the last few bugs before release. (Should be in a couple of days) In the meantime, you can join the waitlist by leaving your email and we’ll notify you as soon as it’s live.
Kritt@Kritt_AI

We’ve noticed that many of you clicked the GitHub link on our website only to be greeted by a 404. Sorry for the confusion! The repository isn’t public just yet. We’ll be releasing the first public version within the next 5 days. If you’d like to be notified the moment it goes live (and receive future updates), join our mailing list here: kritt.ai/github

English
1
0
40
2.6K
ControlZ
ControlZ@ControlZ_1337·
Here it comes @Kritt_AI
Blockian@_blockian

Confession time: @ControlZ_1337 didn't manually review a single line of code in this competition. Everything was done through custom AI workflows that we built and orchestrated using our own platform: open·kritt. And as the name suggests, we're open sourcing it. @Kritt_AI We're planning to release it this week (hopefully), so if you don't want to miss it, go follow @Kritt_AI for updates. Our hope is that open·kritt helps more researchers build powerful AI-assisted security workflows and ultimately makes the Web3 ecosystem more secure :)

English
1
0
43
3.2K
ControlZ retweetledi
ControlZ retweetledi
CertiK
CertiK@CertiK·
Today, we're excited to announce the launch of CertiK Hunt - our new invite-only platform connecting elite security researchers with trusted Web3 projects. CertiK Hunt brings together bug bounty programs, audit competitions, and AI security challenges in one place. 🧵👇
CertiK tweet media
English
27
65
256
41.8K
Savant.chat
Savant.chat@savantchat·
@ControlZ_1337 Please tell me the false positive filtering is in there and not just the bug generation side
English
1
0
1
172
ControlZ
ControlZ@ControlZ_1337·
@onebusinessclub Yeah it is a concern, I believe we will figure something out
English
0
0
1
174