Sabitlenmiş Tweet
Per popular demand, here are my 30 reversing tips all together in one blog post 🤩
blog.vastart.dev/2020/04/guys-3…
English
mav
980 posts
mav
@MavLevin
0day security researcher sharing my work. prev: anthropic, unit 8200, stanford, trail of bits
San Francisco, CA Katılım Mart 2018
829 Takip Edilen3.2K Takipçiler
@thsottiaux and codex team: can you allow changing Permissions/yolo mode during a turn? geminicli has ctrl-y shortcut to disable/enable yolo mode
English
My tolerance for slop is slowly but surely increasing as my confidence in coding models increases!
English
Stop using software built by people who don't read the code they ship.
depthfirst.com/post/1-click-r…
English
![Ray [REDACTED]](https://pbs.twimg.com/profile_images/2020833070715154432/kaOg1Zon.jpg)
It is trivial to find RCE exploits when OpenClaw has privs and access to both Chromium and non-Chromium browsers.
I am a bit more interested in popping OC/RCE on Calendar or MacOS Shortcuts.
And Handoff.
International Cyber Digest@IntCyberDigest
‼️🚨 An ex-Anthropic engineer just published a 1-click remote code execution exploit for OpenClaw (formerly Moltbot and ClawdBot). The attack occurs in milliseconds after the victim visits a webpage, giving the attacker access to Moltbot and the system it's running on. The victim does not need to type anything or approve any prompts.
English
@theonejvo @theonejvo thanks for highlighting my work and explaining the benefit!!
English
Nice! Regardless of what people hype, this is actually a good thing. The project needs more contributions like this.
International Cyber Digest@IntCyberDigest
‼️🚨 An ex-Anthropic engineer just published a 1-click remote code execution exploit for OpenClaw (formerly Moltbot and ClawdBot). The attack occurs in milliseconds after the victim visits a webpage, giving the attacker access to Moltbot and the system it's running on. The victim does not need to type anything or approve any prompts.
English
Massive security update necessary for EVERYONE that is using clawdbot. It's a backdoor that bypasses EVERYTHING.
It even bypasses locally hosted set-ups with auths stored in sandbox containers. 💀💀
If you are using OpenClaw / Moltbot / Clawdbot, this update is NON-NEGOTIABLE!
International Cyber Digest@IntCyberDigest
‼️🚨 An ex-Anthropic engineer just published a 1-click remote code execution exploit for OpenClaw (formerly Moltbot and ClawdBot). The attack occurs in milliseconds after the victim visits a webpage, giving the attacker access to Moltbot and the system it's running on. The victim does not need to type anything or approve any prompts.
English
@trapsticles @IntCyberDigest thanks for kind words @trapsticles ! I hope the post was an interesting read
English
‼️🚨 An ex-Anthropic engineer just published a 1-click remote code execution exploit for OpenClaw (formerly Moltbot and ClawdBot).
The attack occurs in milliseconds after the victim visits a webpage, giving the attacker access to Moltbot and the system it's running on. The victim does not need to type anything or approve any prompts.
English
we @depthfirstlabs found 1-Click RCE in OpenClaw (aka MoltBot / ClawdBot) !
full vuln & exploit details 👇
English
English
@cakrami @depthfirstlabs thanks @cakrami! looking forward to presenting in the next “Mav in the lab” ;)
English
depthfirst found a 1-Click RCE in Moltbot from a logic flaw. Read the walkthrough to see how we understand codebases to find complex vulnerabilities.
DM us if you’d like a demo
mav@MavLevin
we @depthfirstlabs found 1-Click RCE in OpenClaw (aka MoltBot / ClawdBot) ! full vuln & exploit details 👇
English
@Federico_tar @depthfirstlabs @Jason @DavidSacks @chamath please patch to the latest version! and keep patching, because I'll be reporting more security vulnerabilities
English
@MavLevin @depthfirstlabs FYI @Jason since you’re running clawd bot. @DavidSacks @chamath were rightly concerned about security
English
Theory, Tradecraft, TTPs, Threat actor — who knew cyber had so many T’s?! Had so much fun at @SANSInstitute Cyber Threat Intelligence summit this week in DC! 🏛️ shared a behind the scenes look at the evolving threats and defenses we’re building at A\!
#cyber #anthropic
English
my latest blog post is out!
I share a race condition vuln I found in blockchain infra moving $billions/month
mavlevin.com/2026/01/18/fla…
English