Sabitlenmiş Tweet
0K
5.3K posts
0K
@ZeroK_____
@immunefi All Stars | A carefree cyber sailor. Solves security challenges. Secures protocols.
Multiverse Katılım Mayıs 2022
546 Takip Edilen2.3K Takipçiler
Otherwise it’s expensive gambling.
At 3/10 success rate + $600–1.5k per run, most people would pass — it’s negative ROI unless you hit high-severity bugs (RCEs, auth bypasses) that pay big.
I’d only run it if:
Hit rate improves to 5–6/10
It can chain exploits automatically
Or targeting bug bounty programs with over $10k payouts
English
@ZeroK_____ Good idea is to execute on a forked env first and see if the exploit generated profit or causes damage.
Review the exploit and take decisions accordingly .
English
@ZeroK_____ for context, the average user point and clicks A.I at these programs. these LLms are small in size. mine is over 55 GB since my last post. Thats how much i train it
English
@ZeroK_____ I think if the user has enough money to play around with / burn, and the agent is built correctly such that it can target these "actual exploitable issues", then sure, why not.
Otherwise, no, as it is more than likely to be a perpetual negative ROI, and/or too risky.
English
@adeolRxxxx I thought you say there is a contest currently running, congrats sir 🫡
English
playboi.eth@adeolRxxxx
I am happy to say i topped 6 out of 500+ participants in the Move contest on @sherlockdefi > I didn’t touch the code once. > I built an algorithm from absolute scratch. > It found 4 out of the 6 issues that made the top 6. > I never opened the source > I and @Pelz_Dev only wrote the reports and submitted the findings. > I’ve been building this in silence. No clout. No noise. > Because I don’t talk about shit I can’t prove. > This isn’t here to replace auditors. > It’s here to show the beauty of hacking live contracts on-chain in real time. No lowballing. No shortcuts. Just straight, undeniable proof of work, exactly how black hats are already using AI. > I built this because I’ve been cheated on, played, and ignored too many times. It runs in 3 phases: 1. Contests: This was my backtesting ground. 2. Bug bounties: where I show real results. 3. Live chains: Instances deployed on mainnet, auto-targeting protocols that push unaudited commits straight to chain. Currently at 50% complete. still building and implementing. One of its features is that when it hits a protocol with closed-source code on-chain, it automatically decompiles the bytecode back into clean, human-readable source, then throws its entire knowledge graph and reasoning engine at it. It systematically breaks down every layer until the protocol is fully reverse-engineered and every vulnerability is exposed. This is just the beginning.
QME
@ZeroK_____ I have built a tool that can run a full exploit end to end.
I’m just testing it out currently on contest which is the main deal, which is giving me amazing progress.
So why won’t one take a risk because the ROI more.
English
this can work too, but you need to be too careful of what you give and ask for in your prompt, and each time for each project you need to change many things, and i don't think it costs $200 only, if you need good result then you need different model(e.g openAI and AnthropicAI models) which you can't get in one place with 200 bucks until you use tools like cursor which i don't recommend for bug hunting tbh.
your method work really well if you know how to use it, but its risky and not automated at all.
English
@ZeroK_____ you build the full idea into maybe a skill, a plugin for full package, then run it all through already built agent harness like codex cli or app, and the likes, then you just spend 200$ per month instead 600 plus per run.
English
@ZeroK_____ Why not build on current harness instead of spending that much
English
I built AI, and it passed a test I gave it, it found 3 out of 4 bugs that I already knew existed.
Thinking a bit like a blackhat, it’s around 90% automated and 10% guided by me. No hype for now, it’s way too early to celebrate such a small success. But I genuinely hope I’m building something that can help prevent even 0.1% of the hacks happening today.
If it works the way I want, I’ll share the full process and everything I learned along the way. If I win, all of you here should win too. We’re fighting blackhats, not each other.
Don’t be too optimistic about this post(yet!) 😄 I just enjoy sharing small progress with the community.
English
I’m genuinely curious why this guy still hasn’t found good offer that he look for!?. Seriously, don’t miss him, you’ll definitely regret it!
Adrian ⛩️ Hetman 🐺 | 📓+🖋️+☕️@adrianhetman
If anyone is hiring for a lead security position or looking for vCISO role, I’m open for work.
English
@JJS_OnChain Many projects have done all these, but unfortunately, they get hacked too! I believe there’s a missing layer, but I’m not sure what it is yet. I was working on an idea and tested it multiple times, but it failed to achieve what I wanted to fix. So, I’ll keep trying.
English
I think the notion of doing security as a checkbox is an issue. Thinking that doing an audit means you’re safe is no longer valid. BBPs are great because it means continuous security but just not guaranteed as you don’t actually know if people are looking at your code or not.
So integrating security at any point and on as many layers as possible (smart contracts, opsec, monitoring etc)
English
@ZeroK_____ "Admin is trusted..."
80% why the hacks have been happening all comes down to that
English