LiveOverflow 🔴

Where to find me: 🔴 Hacking Videos: youtube.com/LiveOverflow 📜 Articles: liveoverflow.com 💻 Start Hacking? liveoverflow.com/start-hacking 🥰 Support: liveoverflow.com/support 📹 2nd Channel: youtube.com/LiveUnderflow 🤳 Instagram: instagram.com/liveoverflow

when react2shell hit last year, i think vercel handled it brilliantly. to protect their users, they paid $50,000 for every bypass researchers could find. we decided to participate, and ended up earning $170,000. read how we did it here: hacktron.ai/blog/react2she…

If I could buy Gemini 3.1 Flash Lite as an ASIC, I would be so happy. Heck, I’d even buy Gemma 4 ASIC.

Biggest L take I have seen in a while. If they knew how cracked @gf_256 and team is they would know how embarrassing this take is.

@Szpadel0 thx will check out

@LiveOverflow A lot of open source harnesses like opencode or codex offer just any openai endpoint you configure. So you should be able. For vscode you can use cline lub any fork of it too. (Copilot often gets bad results from the same models that are working well elsewhere)

Hase been a while since I looked at local models. I was using voideditor, but it's outdated now. What is a good local agent harness right now? Ideally usable within vscode. I checked copilot, but it only supports ollama, not vllm.

Should have maybe added a legend. green shade represents the probability that a model finds a bug of a certain complexity. So the more complex a bug, the less likely to find it. Up to a capability ceiling where the model can never report it.

@Szpadel0 That's basically true, but Copilot for example expects an ollama API specifically

@LiveOverflow What's special about vllm? Aren't they all providing openai compatable API?

At the moment there is a lot of money just thrown at tokens. And if you are Mozilla getting free tokens from Anthropic, just run agents. But at 10x-100x cost difference, with similar results, the market will optimize for cost effective solutions eventually.

Here is the relative cost per model to find them reliably. Opus and Gemini 3 are very good, but running GPT-5.4 Mini several times gets us similar reliability at ~20% cost. And this is not measuring pure agents. That could be another 10x or more.

I am a bit late to the "Mythos" clickbait. But here we go: Why Mythos doesn't matter (for us) hacktron.ai/blog/why-mytho…

We spent a century writing sci-fi about AI wiping us out. What do you expect the model will do if you instruct "you are an AI" 🙃

... building the future of Vulnerability Research! Captain Obvious here: vulnerability research isn't gonna look the same in 5 years than how it looked 5 years ago. We are in the middle of a transition that is helping us scale vulnerability research in new ways! 2/🧵

Big changes to Android and Chrome VRP: - focus on high-impact, reproducible bugs with low/no reward for lower impact - big prizes for full chains with some annual limits - PoCs required It’s the end of an era, but the start of a new one. bughunters.google.com/blog/evolving-…

Testing social image when sharing a @hextreeio course link app.hextree.io/courses/server…

Applied Fault-Injection by @LiveOverflow & @ghidraninja dives deeper into the hardware, using fault injection to alter execution or dump firmware from devices that implement better hardware security features. Sat/Sun: #applied-fault-injection-51157" target="_blank" rel="nofollow noopener">blackhat.com/us-26/training… Mon/Tues: #applied-fault-injection-511571770322432" target="_blank" rel="nofollow noopener">blackhat.com/us-26/training…

Introducing Hacktron Review: an AI security reviewer for your pull requests. It understands your whole codebase, builds a threat model, takes your feedback, and catches exploitable vulnerabilities before they reach production. Try for free: app.hacktron.ai

lol this crashout by @hankgreen youtu.be/kSgDdHRs_xY?si… "HAVE YOU NEVER BEEN AROUND A GRAPH????"