Claudio Criscione

@jasvir Less is more :)

Funny seeing insights rediscovered. The second most interesting insight I had building at Google (this with the awesome @paradoxengine) was if your fuzzer finds far fewer bugs but with executable, replayable test cases - more bugs got fixed. AI will get there too. Eventually.

This is just... I barely even know what to say. This has to be one of the absolute worst (meaning: most incredibly ridiculous) vulnerabilities in a major vendor product in the last decade. Cisco's devs literally just forgot to invoke the authentication check.

I appreciate everyone dropping linux privesc 0days in the current AI renaissance, but to really make it feel like the good ol days someone needs to drop a weaponized pre-auth SMB or RDP RCE. We haven't had a good Windows worm in AGES.

Fragnesia: universal Linux LPE github.com/v12-security/p…

In our first week we wrote about a RCE @XBOW found in Exim. What thought would be a deep technical write-up, became something more personal. 1/🧵

@GuifreRuiz Yeah, I intuitively understand that and have seen tentative examples. I've also seen good outcomes on scanning runtimes. Code-level analysis though, not so much.

@paradoxengine imho Mythos and newer models are getting very good at finding interesting business logic issues. Doing intra/inter-file analysis and reasoning about workflows in a way we didn’t have automated technology for before.

All the AI vulns I've seen so far - the confirmed ones, not the ones where you cheat to get an exploit - were egreppable. I've not seen many yet and maybe a library of greps Is fine. We'll see. OTOH agentic attackers are very real.

Except that this httpd pre-auth “RCE” exploit does not work. A real exploit requires an infoleak, and the author conveniently supplied a “helper” that reads addresses directly from /proc//mem. We also found this bug in early April, submitted it, and were told it's a dup. Then we burned to develop an exploit, to no avail. Need an infoleak. It's interesting that AI struggles exactly where humans struggle too.

Human in the loop has strong "don't click on untrusted links" vibes..

A rogue DHCP server can inject arbitrary dhclient.conf directives via malicious DHCP options and get RCE as root in systems running dhclient: freebsd.org/security/advis…

@ShaneHuntley @halvarflake This is not an overstatement of ai capabilities, this is an understatement of how annoying Halvar is

@halvarflake Prediction: We will reach AGI well before LLMs are successful at the types of problems that @halvarflake finds intellectually interesting. This is no way reduces my optimism around AI capabilities.

This

That’s true, but not every company can realistically afford security by default. The real shift is that, before Mythos and similar players, the assumption was that, economically, these exploits would only be used against high-value targets. That assumption has now fundamentally changed.

@mikispag @nic_amadio That's only because you are from the north and your taste buds are suitable for bagna cauda, my friend.

@nic_amadio I would personally put San Gennaro above many Tier 1 hyped pizzerie in Naples.

Btw price of getting 2 normal/good pizzas (but excellent for Swiss standards) delivered to the lake 😂

CISO goes to doctor. Says he's depressed. Says cybersecurity is harsh and cruel. Says he fears Mythos and needs to patch all vulnerabilities in the CISA KEV catalog immediately. Doctor says, 'Treatment is simple. Great CISO Pagliacci is in town tonight. Go and see him, he can help patch all vulnerabilities in the CISA KEV catalog immediately.' Man bursts into tears. Says, 'But doctor...

I pointed claude opus at chrome and told it to build a full v8 exploit for discord. A week of back-and-forth pulling it out of dead ends. 2.3B tokens. $2,283 in API costs, and it popped a shell. hacktron.ai/blog/i-let-cla…

Revolut is launching GlobalHire in the UK today. It's Revolut's Employer of Record (EOR) service. The product lets companies hire talent in 160+ countries from within Revolut without needing to set up local entities. All the complexity – local cross-border payroll, benefits, HR, tax, and local compliance – is handled, so customers can focus on what really matters: growing their businesses. This is huge - the employment is the largest marketplace on earth, and Revolut decided to transform it.

@securityweekly We got a pretty significant investment in Tsunami in default and bruteforceable testing over network scanning. Not great, but very useful. Other stuff too, but this one is open sourced :)

I believe we do not pay enough attention to default and weak passwords. What's your solution?

@moyix Being able to just pop out exploits for EOL and specialized software will definitely have its operational uses...