r3st

I got my first bug bounty today! 🐛 #TogetherWeHitHarder

@datalocaltmp @CarloMara1 mandatory

@CarloMara1 I would like to personally thank you for reminding me of the date

@HeapSmasher @olivier_boschko i can’t do it because i am not verified

@_r3st @olivier_boschko sure!

Nice find by @HeapSmasher ggwp. was sitting on this for a good while now. really cool bug go check it out! github.com/ggml-org/llama…. ive already written up a 8k+ technical writeup on this RCE ~ might still publish? on vacation, Idk, when I saw ba38f3b last week my heart sank lol

@HeapSmasher @olivier_boschko thanks for the info! can we dm?

@_r3st @olivier_boschko For huntr you need to provide a full RCE PoC if it's for file format parsing. Not sure if it's worth it. They tend to pay but are very slow.

@olivier_boschko @HeapSmasher please let me know. i need to sleep

@olivier_boschko @HeapSmasher did you use huntr? is it legit?

@impost0r_ nice!!

Found an incredible zero in macOS. SIP + AMFI bypass.

@moyix how does one learn to see

There are verifiable rewards everywhere for those with eyes to see

@eternalsakura13 @offensive_con finally i’m coming for you @guhe120

It's time to reveal the secret of how I made it into the MSRC Top 10. @offensive_con

it this point i’ve come to believe ill never get one lol real learned helplessness

i just submitted a bug report. everyone please offer your prayers so i can get a bounty lmao

@kaijieguigui how’d you learn how to do this

Bad news... :/ Burned an all-nighter and $100 on Claude to find exactly zero bugs Good news... :D Found a fresh 0day the old-fashioned way Bad news... -_- It might be dead on Win11 Good news... :P It completely melts every Win10 build in existence

@ahmtbrt07 you will succeed

i feel pain :( #zeroday #EthicalHacking

@techspence you can ask claude to one shot you a python script to run a local model like whisper

For all the people out there using voice dictation on windows for interacting with AI coding platforms/IDs what are you using?

@mitchellh how do you fuzz zig?

I'll write more about this later, but I've spent the past few days hooking up libghostty with AFL++ and fuzzing various parts of it and agents make the full path of fuzz => verify with test case => minimize => fix VERY efficient and enjoyable.

@LowLevelTweets @RedHatPentester qemu

@RedHatPentester VMware pre Broadcom acquisition. Today, virtualbox.

Let settle this. Virtual box or VMware?

@spikedoanz @kepano snacks.nvim

@kepano can it render latex / image embeds? these are the only things i use obsidian for instead of nvim.

Anything you can do in Obsidian you can do from the command line.

@ahmtbrt07 @2ourc3

@ahmtbrt07 that’s my boi

This is one of the best fuzzing articles I've read. bushido-sec.com/index.php/2025… #bugbountytips #zeroday #EthicalHacking #CyberSec

I am fuzzing math itself B = Γ(⅓)·Γ(¹¹⁄₁₂) / (Γ(¼)·√(1+√3)) = AGM(1, √2) / 12^(⅜)

@yacineMTB > not in neovim theres your problem

reflecting a little bit on the coding models, as they self improve rapidly at the one thing that actually really matters - programming. none of what i have done in the past 6 months would have been even remotely possible. the amount of labour i would have had to pour in just to get started would have made it unreasonable. i would have had to hire tonnes of people, something I know I wouldn't enjoy, and would have never done. but as it gets faster, as it gets smarter, i find myself bottlenecked by the same thing over and over again. as the laborious, low intellect tasks get automated out in an instant, the high level decision making falls on me. i'm staring at a piece of python instantly generated by codex-macaroni-and-cheese-spark-42.69. it produces optical flow from a simulated shitty mono camera, using one of the standard algorithms. i'm testing it, watching the flow of pixels change, reading the code, trying to reason about it. trying to think about how i could make my simulator simulate it well enough, which parameters i could randomize, so that the real world lives somewhere in that distribution. i'm thinking about how to save a single render to double my simulation speed, which needs to run at over a million frames per second per gpu. i'm reasoning about the tradeoffs of basing off of geometric flow, or if i should take the hit and just render two frames and apply the same algorithm. i'm not even in nvim anymore. i'm in a google doc. when did i start coding in a google doc?? coding has never been harder. i can't relax anymore, and rely on the mechanical skill of writing code quickly to take a break from thinking. i have to think. i can't make any progress until i understand and think. this time might be fleeting. but i'm going to enjoy it while it lasts. the models are fast enough to knock out the tasks beneath me. and their UX/context capacity still doesn't support automating my harder thinking, my taste and direction. Eventually, it will. But until then, programming has gotten harder. So much harder man