0xTen

bet p2o collisions this year will be wild

@_mixy1 Yea I get that and feel the same way. I can picture in my mind how a layman will interpret this article and it’s far off lol. I feel similarly about most of the security stuff that goes “mainstream”.

@_0xTen I mean fwiw ai being good at security is very real. This specific instance is so obnoxiously misleading that it's upsetting to see

Six "Elite Hacking Competitions" where there are writeups for most of the challenges online 🙃

@alkalinesec @h0mbre_ The way I look at it is: 1. Short term: as a VR expert you can understand model capabilities better than the labs themselves with a 'reasonable' spend. That's fun. 2. Medium term: you *will* have an edge vs teams spending huge amounts. You just need to find it. That's also fun.

@LiveOverflow @_manfp @_mixy1 I don’t think every CTF chall rn is getting one shot by AI, but now there is no middle class. 90% of the challenges became irrelevant and the other 10% are the hard ones, so the progression is not as nice for learning as it was when I started playing 6 years ago.

@LiveOverflow @_manfp @_mixy1 Uhm for over half of dicectf I prompted “solve this CTF challenge” and it one-shot it so I’m not sure it prepares you for anything. My point is that research is merely amplified by AI. If your research quality is equal to model quality then you are at the new 0 …

ctfs are dead PLEASE PLEASE PLEASE stop making jeopardy ctfs. This is not fun at all to put effort into. Lets try and find a new format or something cause I'm gonna [redacted] if I see another ctf get half its challenges cleared in the first 30 minutes.

@LiveOverflow @_manfp @_mixy1 In that sense, the current CTF meta does not prepare you to the real world because agents are one shotting over half of the challenges and if you want to win you can waste time even looking at them

@LiveOverflow @_manfp @_mixy1 It might be tempting to assume the AI is the new meta for research when in reality AI is not that hard to harness and scale, but still rely on expert guidance if you want to generate more impact than others and maintain your delta/high ground …

@roddux Lol

i have it on good authority that higher MTE levels scale like the super saiyan power levels your exploits are NOT ready for MTE4

Our @hexacon_fr talk is out on Youtube now😎 youtu.be/C-52Gwmce3w Follow the slides at: storage.googleapis.com/static.cor.tea…

@gf_256 CoR is, in fact, the new school

its officially fucking joever

Our research team achieved client RCE on Minecraft Bedrock Edition via a heap overflow to bypass ASLR and sidestep CFG. Writeup to come.

at a conference where you don’t have to present

We at CoR (+ @u1f383) had a great experience at @hexacon_fr this weekend Met many skilled VR people, the venue was amazing, and the speaker gifts were simply🔥 Best offensive security conference we have seen so far - thanks again to the organizers for the opportunity!

@alisaesage v8ctf if it’s a v8 bug and the bug is alive in whatever version is live currently github.com/google/securit… If it’s chrome and not v8 then I’m almost certain there is no ctf vrp currently

Is there a bounty CTF for Chrome browser? I wrote an exploit for an RCE bug patched two weeks ago. Wondering what to do with it

📢 An RbTree Family Drama: Exploiting a Linux Kernel 0-day Through Red-Black Tree Transformations by William Liu & Savino Dicanosa

@RenwaX23 @cor_ctf I told Will this would happen!🤧

@cor_ctf Sorry I don't understand where is the TikTok version

Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) willsroot.io/2025/09/ksmbd-… Cheers to @u1f383 for finding these CVEs + the OffensiveCon talk from gteissier & @laomaiweng for inspiration!