conduit

@S1r1u5_ @udunadan @malltos92 P2o mostly being a place to show off your firm’s technical capability to build a brand rather than a realistic full time end goal for all work product

@S1r1u5_ Maybe missing option 3 which is the economics of it all? If brokers and vr firms are assuming shorter lifetimes and fewer bugs, why drop it at p2o if you can get more mileage privately. Similar sentiments to @udunadan ‘s choice quote from @malltos92 also apply.

0 chrome submissions(?), 3 firefox renderer, 1 edge, 2 safari renderer, and exchange/sharepoint each. devcore still showing up with multiple submissions in the hard targets, including exchange, sharepoint, and edge, from known names. so why are we not seeing a huge amount of submissions? i think, either: 1. defense got stronger with llms, and software like chrome/firefox is fixing a ton of bugs before they ever reach pwn2own or 2. hacking of complex software is still bottlenecked by a small number of top-tier researchers. i would guess it’s the latter(?). there is no denying the fact that, llms are probably closing some defense gap, but i think that doesn’t mean the asymmetry moved to the defense side and making defense stronger, i still think it’s the usual attacker-favored game. and looking at pwn2own submissions, it seems pretty obvious to me that llms are still only as good as the operator using them. there are only a few people good enough to point them at hard targets properly and use them to actually accelerate research. cuz, if llms were actually giving everyone exploit superpowers to "anyone", you’d expect more people showing up with chrome/exchange/browser-class bugs. instead, what we’re seeing is still mostly people with skin in the game hitting the hard targets. zerodayinitiative.com/blog/2026/5/13…

@ajdinre @solardiz @Xyrem256 Thanks for clarifying! Appreciate you aggregating some interesting reads but definitely good to link credit : )

@ajdinre @solardiz Correct me if I’m wrong, it seems like people are getting confused about you being the paper author? The paper can be found here arxiv.org/abs/2408.00500 , fairly certain @ajdinre is just reviewing a collection of interesting ones and not the author.

@chompie1337 @thatjiaozi Yep it does, afaik they’ve not updated that page since it became available though, iirc somewhere else in the rules it says no decompilers explicitly Not sure what they’ll do to mitigate that, having spoken with Morten one issue they have is finding technical enough invigilators

@conduit0x00 @thatjiaozi doesn’t Ida free have a cloud decompiler though?

I kindof understand why paid versions of sw is not allowed, but why ghidra tho

@thatjiaozi @chompie1337 No shade at all with the second bit btw, just a generalisation. I think the main problem they have is people with a wide range of backgrounds do the cert and it’s hard to build a curriculum to meet that need and fairly certify by making sure people don’t try to sidestep stuff

@thatjiaozi @chompie1337 Pretty sure it’s just to ward off the possibility of someone using the decompiler and the invigilator not noticing or knowing the difference AWE allows whatever tools you want, for OSED I think it’s more a case of they want to force newer people to interact with assembly

@Octoberfest73 @sapientflow @0xTriboulet Other points aside, there is probably some value in keeping logic off target and streaming calls. It’d make it a lot harder to follow/reverse unless you captured a session (probably a marginal benefit over BOF). That said, trading time in target memory for noise on the wire.

@sapientflow @0xTriboulet Yeah and I think that is where part of my question lies. I'm wondering how much of the advantage against AV/EDR comes from it being a closed-source, proprietary C2/agent as opposed to the 'send APIs over the wire' methodology that is the new/novel thing here.

My first ever blog post is out: @sapientflow/finding-pastures-new-an-alternate-approach-for-implant-design-644611c526ca" target="_blank" rel="nofollow noopener">medium.com/@sapientflow/f… Happy for any constructive criticism or anyone that just wants to engage on the topic.

@moyix @yacineMTB Right now I'd say hypergraph based transformers are probably a better avenue, however even then there is probably no one size fits all answer for the same reasons above. An expert system putting together a few wildly different approaches would for sure yeild the best results

@moyix @yacineMTB Definitely nail on the head here. Another big thing is context - any given vulnerability will have its own various peculiarities relating to where it is situated and what can viably and beneficially be done with it, many of these come in forms that LLMs are ill equipped to handle

wait, why are people *not* working on fine tuning a SOTA LLM to generate exploits?? wouldn't that just make software in the world more secure? shouldn't google/apple be pouring all of their resources into their sec labs to build the exploit generators before someone evil does?