threlfall

attackers should think more about ML systems and using them to their advantage - the 'Adversary Flywheel' i look at the ways in which attackers can address bottlenecks in ML usage and also act in a more sophisticated manner using data science: 5stars217.github.io/2024-04-23-adv…

@nnwakelam “Pls join our session to discuss mythos’ impact on security “ (none of us have used it or have access)

People that built careers commentating on bug bounties/zero day research but actually can't do either are now seamlessly pivoting to how AI changes the same subject matter they never did in the first place. What an industry.

This is a clear sign that they are thinking of exiting the conflict very soon and are already adjusting the list of objectives to claim victory. However, this will be more complicated than it seems. 1. The destruction of Iran’s Air Force
Of the modern combat aircraft, such as the more than 20 MiG-29s and Yak-130s, only 6 have been destroyed or damaged with visual confirmation. Iran still operates between 14 and 18 of these aircraft. 2. The destruction of their navy
Once again, checking the list of destroyed or damaged equipment from Elmustek with visual confirmation, Iran still operates between 20 and 30 patrol vessels, 20 submarines, and more than 300 missile-equipped fast boats. 3. The severe diminishing of their missile launching capability
This is the only point that is really true. Iran is indeed launching fewer missiles and drones than in the first days. However, it maintains a sustainable rate of 80–100 launches per day for more than three weeks now. 4. The destruction of their factories
This point is only partially accurate. A large part of Iran’s assembly lines are underground. Rebuilding what was destroyed on the surface will cost money and time, but none of the underground factories have stopped production. Moreover, a good portion of the supplies continues to arrive from China via the railway that connects the two countries. (I checked the Elmustek website and compared it with Iran’s pre-war inventory.)

I have been doing bug bounty since 2011 and ran a program for a multinational bank. Put everything I've learned into bugbounty.info. Target selection, recon pipelines, chain patterns, report templates, the business side. Free, no paywall, no course upsell.

@0x_ultra Incredibly important development thank you

@TomHartleyjnr Fucking hell that’s awesome

Ride onboard with me in my 1973 British Grand Prix winning McLaren M23. I promise you it felt a lot faster than it looks!

@TheMotelMan tyvm

Costar sources this by having an army of callers calling brokers and property owners for that. Then, sell this data back to you. Now, you have that army of callers in your pocket to call the brokers and property owners. To your point, you’d have to build your call list over time through Google searches and skip traces.

PSA: You can cancel your Costar subscription. It was just replaced by OpenClaw. Tonight my OpenClaw built a voice agent in 5 minutes. Tomorrow it will start secret shopping my team and my competitors once a week to check pricing, amenities, and grade quality of customer service. Also has the ability to follow up with texts, emails, and keep a CRM & file structure. If you’re a retail broker, multifamily operator, investor, storage bro, or warehouse gal….you should probably be having your OpenClaw negotiating leases and building you real time leasing data.

@TheMotelMan the property feed data, owners, off market info, comps, etc. It's usually not readily available outside of paid feeds right?

@WHITEHACKSEC As in phone numbers to call? Or what?

tickets for cackalackycon are now available: eventzilla.net/e/cackalackyco…

Everyone's AI agents (or openclaws...) still need great context. We recently published an article sharing various lessons in Context Engineering while building Dash at @Dropbox. We still believe building an index across all your 3rd party apps gets you much higher quality context. I also touch on - Using knowledge graphs for cross-app intelligence - Challenges we faced with MCP tool calling - Promising wins using DSPy at scale - Heavy use of contextual LLMs as a Judge Any areas I can help clarify? dropbox.tech/machine-learni…

@ThinkAppraiser I have a blog on this topic w/ active modelling of an RE engine working, failing, and doing 'ok': You can click through the live results and see how it all works, including riskiest years, etc. dealstrike.app/blog/opportuni…

Google AI Ultra has to be the worst AI service I've experienced so far. They state it has features that it doesn't, that it makes things it can't. There is no working feedback mechanism to address this misleading situation, and when you cancel they don't even ask why lol.

when an agent exhausts its token limit in club penguin gastown, it is eaten by a giant sealion.

just over 2 weeks left on the Cackalackycon CFP - Please submit your talks! It's a fantastic event cackalackycon.org/cfp

Welcome to multiplayer gastown club penguin. Repos are 'igloos' and the penguins (Agents) are assigned to them, it tells you when they're idle etc. Now your whole team can collaborate in club penguin like you always wanted.

i liked the idea of a AoE GUI for gastown/swarms. But what I really want to play is club penguin. Next step, multiplayer lol

@joeybaum13 yeah, i made a series of agents that adversarially challenge and analyze a deal, they have access to market data, your assumptions, and other forms of intel. dealstrike.app saving folks lots of time.

Anyone using Claude to underwrite real estate deals in excel?

How well can AI-based monitoring detect when an agent is covertly pursuing a side objective? In early work, we find clear trends: more capable models (in terms of time horizon) are better able to detect covert behavior.

@dom_scholz the long term vision for these sorts of things gotta be multiplayer for sure. Teams managing the same projects 24/7 etc.

Cursor is back on the menu, boys!

The PasteReady browser extension was sold and the new owner pushed malware immediately. PasteReady was put up for sale on extensionhub.io May 7th 2025. The ownership transfer happened December 27th. Version 3.4 with malware was pushed December 30th. It was removed from the Crome Web Store for malware January 14th.