Aviad

@0x_shaq Cool! Apatchy means what? Would love to use it

@_0xffd The screenshot says LibFuzzer but yes there’s also support for AFL++

It’s coming soon :) 🐉 working on last touch ups before going open source. Context: I wrote a ‘build system’/fuzzing framework that lets you compile, link, analyze and profile your harness/mutators for Apache fuzzing. I’ll post more details when the time comes.

@yo_yo_yo_jbo @0x_shaq

@_0xffd @0x_shaq That's so correct! 😪😪😪

Friday: omg my exploit is almost working rawrrrr! Claude also agrees, we are really close! Saturday: I prove nothing works, Claude cries with me.

@0x_shaq @yo_yo_yo_jbo *cries in tokens*

@yo_yo_yo_jbo Been there. Never trusting this mf again. Stay strong. It’s great for frontend design/React apps though. So far it didn’t let me down, not even once in this field. x.com/0x_shaq/status…

שם המבצע: ״עם חתוליא״

@cherkaskyb גילוי נאות - אני עובד בחברה :)

@cherkaskyb הייתי ממליץ לעבוד מעל OTEL ולייצר לעצמך קולקטורים וכו.. מה שלוקח זמן...וקסטומיזציה... ומתוך זה אנחנו באודיגוס (odigos.io) עושים את הכל אוטומטית ועם eBPF :) ויש גם גירסאת open source שבגדול מקימה לך הכל לבד ושולחת את המידע לאן שתרצה. חינם כמובן ;) דבר איתי לפרטים

אתם מקימים סטארטאפ, גייסתם 16מ דולר, וצוות הקמה של 2 תותחים, ו 4 מפתחים ״רגילים״. יש POC עובד עם כמה דיזיין פרטנרס. איזה פלטפורמת o11y אתם בוחרים לחברה החדשה שרק הקמתם?

1 hour into debugging

--dangerously-skip-permissions 🦧

@thedawgyg but then what if exploitation is not trivial? ie requires special heap grooming etc So even if the exploit devel is difficult or non-trivial, it doesn't cancel the vuln. What happens in these cases?

@_0xffd it depends on the target. ASan is enough for some. Others you have to show a poc, others you have to have an actual exploit (for like google).

4 High / Critical vulns reported in the last couple of days for my target(s). Have 7 more unique crashes of lower severity (mediums, or maybe low end of high if lucky) so gonna give them time to look at the others before submitting more to avoid overwhelming them. but the fuzzing is going exceptionally well this week <3 #bugbounty #bugboutnytips #fuzzing #hacking #0day #hunting0days

@thedawgyg @Virdoex_hunter then I'd add that I'd be happy to read about your work and the infra below it!

@Virdoex_hunter i am using AFL, with custom wrappers written in C for my targets, with custom dictionaries and setup. currently using a macbook m4 max, macbook m1 pro, and an x86_64 gaming desktop in a swarm working together

So as some noticed, I am now doing alot of fuzzing. (11 0days found in the last 8 days between 3 major tools/libraries). Currently working on getting a UAF RCE triaged now. Would people find it helpful/useful if I were to blog about how I found them? #hacking #hacker #bugbounty

מתנצל וגאה

Oh, Rosetta, you beautiful liar

@0x_shaq [let's join forces]

@0x_shaq lmk if u wanna join forces :D

locked in, we're so back gonna try my luck at zeroday.cloud

@0x_shaq Got delayed today again

we got ai & layers feature in mspaint.exe before gta 6

@stuxnet_vt @intrnationalman @ThePrimeagen What a great thread! Great explanations! Cheers

@intrnationalman @ThePrimeagen Building bridges is also key. You need to create genuine connections and relationships with others that can advocate for and talk about your professional skill and work. This extends beyond technical skill, particular for Staff or higher. Trust is everything.

Hi! I’m a Staff Engineer at Riot Games. This is hilariously incorrect.

oh-my-dc

@spectronixtuba 💔💔💔 כאסעמק.

אוי בוזגלו, חבל חבל חבל