Manuel Varela Caldas

Working on a proxy like Burp but for Android / Termux github.com/StringManolo/C…

@psomkar1 stringmanolo.qzz.io 95% is vibecoded. I gave it a real website I made manually years ago on a web framewok i made manually as a template and tell the LLMs to port it to React. Then edited every mistake the LLM made and new components also prompting the LLM.

Is there anyone who vibe coded a successful app or website ?

@ThePrimeagen You can endup on jail running this software. The openclawn can go rogue and start hacking randoms stuff for any random reasson.

i refuse to believe this is real people cannot be that dumb... right?

@Bhavani_00007 Notepad and dreamweaver. Then notepad++ and codeblocks. Then vim.

as a dev, what was your first code editor?

@peeefour Damn. Why tf do they have a bbp if they dgaf.

yo, why tf am i duping critical vulnerabilities from October 2025 🫨. fix that shit ha!

@Yazeed_oliwah I have worked with same model/hardware. Very good model for such low params. The 37B version I think it was.

@XSStringManolo I use ollama gemma3 32ram rtx 3050

Just started building a AI security agent! First up is a JS analyzer that hunts hidden APIs, generates raw HTTP requests, and find exposes secrets. I’m running it completely locally via Ollama to dodge token limits... though my laptop might actually melt in the process! 😂🔥

@LeighGi66657535 Coding exploits is the best of bh. I hate recon

Let's hope I was the first to find these vulnerabilities! Spent the day in my underwear picking through huge companies code. 😍 Exploit dev is so fucking fun!!!!! I'll post more about these as I get feedback from the security teams. 😈7000 bucks for a hours work wouldn't be half bad.🥰

@0xOmeiza I rather read C or codegolfed js xD

will I ever be able to read rust and navigate it's codebases the way I read solidity like it's English? is rust really that difficult or im just not good at it yet? or maybe I should go into plumbing full time.

@Zinny_Edmund Been using vim last 10 or 15 years and see no reason why should try anything else. Anything that there is available in vscode is available in vim, and if not, anyone can code it.

Whenever I see someone using anything but VS Code, I just assume they know more about programming than me.

@CyberRacheal Attack surface will increase but empowered close source automated tools will trive. It will kill low hanging fruits at minimum.

AI doesn’t replace cybersecurity It increases the attack surface. Yay or Nay?

@rcx86 I been working for weeks non stop on an AI scanner. What a headache, let's hope it finds tons of stuff.

The age of automated vulnerability research is upon us

@datavorous_ Try Brotli with max compression lvl.

I compressed 2.87GB data into 8.9MB (!) using my custom data compressor :D There were 21k json files with cricket match data, I exploited the structure and compressed it to ~42.46 MB The best gzip could do is ~53MB, and 7z ~45MB. Then I combined my compressor + 7z and brought it down to 8.9MB It's PURE randomness, you simply can't compress it further. I had to read about Shannon entropy and algorithmic data compression Full writeup in my GitHub repo!

@intigriti cookies/tokens in urls

Fill in the blanks 🤠 You know your target is super vulnerable if it uses ____

@Behi_Sec @albinowax @orange_8361 @nnwakelam @filedescriptor

My Favorite Hackers: @albinowax @orange_8361 @nnwakelam Who is your favorite hacker?

@PeterSRWeb3 Maybe developers. They see the AI will fuck them.

So many people jumping into bug bounties right now... I'm genuinely curious—what's the actual success rate? Like, what % of hunters actually land their first payout? Or consistently make money? Feels like 95%+ quit early with zero $$$ 😅 Thoughts? Stats? Your experience? 👇

Demis Hassabis, a leading AI researcher, says that we need to be better at cybersecurity than AI. His priority to keep AGI from taking over. I worked in cybersecurity for 7 years as a penetration pro and hacked every client. Fortune 500, big budgets. You are toast against AGI.

@GergelyOrosz en.wikipedia.org/wiki/Dead_Inte…

I REALLY want something on this platform to indicate “this is a real person who typed out a reply” Feels like more than 50% of blue check replies are AI-generated for some weird growth hacking reason And it will only get worse…

@Sakshi50038 If centering a div was easier than build a fullstack without css... xD

@buildooor @siddharthkp HAHAHA

@siddharthkp plumbing x.com/buildooor/stat…

this week on twitter, i've read: saas is dead UI is dead programming is dead what else is dead?

@JohnTech2023 @zack0x01 I usually perform penetration testing on the products I use every day. If I've already done passive reconnaissance as a regular user, it only takes a few hours to run some checks. It's frustrating that they don't even offer a 'thank you,' much less any bounties or pro privileges.

@zack0x01 When I first started I chose some european company I found like 10 vulns Reported and they fixed it and never even sent a stupid „thanks” in an email