Perri Adams

2.1K posts

Perri Adams

@perribus

@Dartmouth ISTS Fellow & @SAISHopkins Adjunct Prof., inter alia. Former @DARPA, @DEFCON CTF, etc. @DistrictCon, @hexacon_fr, @LABScon_io CFP Review Boards

From one Washington to another Katılım Mayıs 2011

989 Takip Edilen6.6K Takipçiler

Sabitlenmiş Tweet

Perri Adams@perribus·20 May

Back in 2023, the assessment of the pre-authentication vulnerability in SSH was that it wasn't exploitable on Linux. For my OffensiveCon 2025 keynote, I wrote enough of an exploit to show, with the right heap groom and stabilization, it's likely exploitable. Then I tried to have AI do it. Up to @taviso whether that merits switching to Windows 98 :) youtube.com/watch?v=Y1naY3…

YouTube

Tavis Ormandy@taviso

If someone get a working OpenSSH exploit from this bug, I'm switching my main desktop to Windows 98 😂 (this bug was discovered by a Windows 98 user who noticed sshd was crashing when trying to login to a Linux server!)

English

245

51.1K

Perri Adams retweetledi

Claude@claudeai·20 Şub

Introducing Claude Code Security, now in limited research preview. It scans codebases for vulnerabilities and suggests targeted software patches for human review, allowing teams to find and fix issues that traditional tools often miss. Learn more: anthropic.com/news/claude-co…

English

1.9K

5.8K

50K

26M

Perri Adams retweetledi

Sean Heelan@seanhn·16 Şub

What mathematicians call "literature review" should be familiar to you as "vulnerability research". Or, put another way: erdosproblems.com is currently the best benchmark for LLM capabilities in finding 0days.

Dmitry Rybin@DmitryRybin1

Recently I gave a talk on LLMs for Math Research (mostly to an audience of pure and applied mathematicians) I tried to compile the latest progress in one presentation pdf and video recording: drive.google.com/drive/folders/…

English

172

29.8K

Perri Adams retweetledi

[email protected]@Zardus·13 Şub

Hello security researchers! Like it or not, agentic AI is here. It’s time to explore its impact on novel, academic research in cybersecurity. To this end, we’re launching the Conference for Synthetic Security Research (synsec.org). Researchers, start your agents!

English

407

36.2K

Perri Adams retweetledi

Richard Johnson@richinseattle·2 Kas

Literally the other half of AIxCC that no one paid any attention to

Justin Elze@HackingLZ

So the missing step here is AI writing patches

English

12.3K

Perri Adams@perribus·18 Eki

Great example of what a game changer AI is for lit review (in and of itself a critical capability but should not be conflated with creating novel solutions)

Mark Sellke@MarkSellke

Update: Mehtaab and I pushed further on this. Using thousands of GPT5 queries, we found solutions to 10 Erdős problems that were listed as open: 223, 339, 494, 515, 621, 822, 883 (part 2/2), 903, 1043, 1079. Additionally for 11 other problems, GPT5 found significant partial progress that we added to the official website: 32, 167, 188, 750, 788, 811, 827, 829, 1017, 1011, 1041. For 827, Erdős's original paper actually contained an error, and the work of Martínez and Roldán-Pensado explains this and fixes the argument. The future of scientific research is going to be fun.

English

1.8K

Perri Adams@perribus·16 Eki

@yo_yo_yo_jbo @DistrictCon Send outreach@districtcon.org an email or just submit the bug! The team is currently working on AV support for presentations but there should be a way to accommodate!

English

131

Jonathan Bar Or (JBO) 🇮🇱🇺🇸🇺🇦@yo_yo_yo_jbo·15 Eki

@perribus @DistrictCon Is there a way to share remotely? I have an OOB from a 90s DOS game! 😅

English

199

Perri Adams@perribus·15 Eki

Have a Furby 0-day? A Juicero exploit? A bewitched 🪄PoC for some cursed, End-of-Life 👻 product that your friends keep begging you to stop reverse engineering & touch grass? We see you: your real friends are at @DistrictCon Junkyard. 9 days to submit your most unhinged bugs!

English

11.9K

Perri Adams retweetledi

Dino A. Dai Zovi@dinodaizovi·15 Eki

This is not that much different than server-driven UI for mobile apps, where server-side logic controls layout, actions, and flow in mobile app UI. It was created to allow changes faster than a client code release could support. Software is software and good patterns re-appear.

dreadnode@dreadnode

Can we eliminate the C2 server entirely and create truly autonomous malware? On the Dreadnode blog, Principal Security Researcher @0xdab0 details how we developed an entirely local, C2-less malware that can autonomously discover and exploit one type of privilege escalation vulnerability. A future where fully autonomous red team assessments are powered by nothing more than a pre-installed local model and a Lua interpreter may be closer than you’d imagine. Read about it here: dreadnode.io/blog/lolmil-li…

English

1.9K

Perri Adams@perribus·15 Eki

x.com/perribus/statu…

Perri Adams@perribus

We believe in paying responsible security researchers for their hard work! 🤑

ZXX

812

Perri Adams@perribus·15 Eki

districtcon.org/junkyard

ZXX

797

Perri Adams@perribus·15 Eki

We believe in paying responsible security researchers for their hard work! 🤑

Ryan Speers@rmspeers

We still have some spots open for DistrictCon junkyard speakers! Not only do you have a chance to show off your awesome work on an end of life target that needs attention – or laughs – but also we are giving out cash prizes to winners!!!

English

Perri Adams retweetledi

chompie@chompie1337·15 Eki

bring your eol exploits to @districtcon junkyard! now’s the time to flex yr cute demo

English

101

14.7K

Perri Adams retweetledi

RE//verse@REverseConf·9 Eki

RE//verse 2026 CFP is open! Got research? Prove it: sessionize.com/reverse-2026

English

5.9K

Perri Adams retweetledi

kuzushi@kuzushi·7 Eki

This might actually be one of the best panel talks I've ever attended. @OffensiveAIcon

English

2.7K

Perri Adams@perribus·7 Eki

Had a great time doing a keynote panel with Rob Joyce and Dave Aitel at @OffensiveAIcon… and love the creative engagement from the audience Photo credit to @caseyjohnellis

English

3.2K

Perri Adams retweetledi

Adam Chester 🏴‍☠️@_xpn_·7 Eki

Watching @daveaitel @RGB_Lights and @perribus trade friendly blows during the Keynote Panel at Offensive AI Con is too good!

GIF

English

Perri Adams retweetledi

Offensive AI Con@OffensiveAIcon·7 Eki

OAIC Day 1: Complete ✅ The conversation and idea sharing from yesterday's sessions have been bar-none. Plus, a full moon for last night's rooftop party! On deck this morning: --> Breakfast from 7-8:45 AM --> Kickoff at 9 AM with our keynote panel, featuring @RGB_Lights, @perribus, and @daveaitel. #OAIC2025 #OffensiveAICon

English

2.4K

Perri Adams retweetledi

Xinyu Xing@xingxinyu·7 Eki

🚀 From DARPA #AIxCC to SWE-bench! Team 42-b3yond-6ug’s small coder model is now: 🏆 #1 on SWE-bench (lite) 💡 #6 on SWE-bench (verified) All while using far less compute than the giants ahead. Big thanks to #AIxCC for fueling this journey!

English

3.4K

Perri Adams retweetledi

Rob T. Lee@robtlee·6 Eki

Excited to be here at #OffensiveAICon for the next two days. 200 people focusing on offensive capabilities surrounding AI in the cybersecurity world. This team is top-notch and couldn't have brought together a more spectacular bunch of people to speak and to be able to participate in the event. I’m hoping to learn a lot. Interact with all the wonderful offensive AI minds. @RGB_Lights @daveaitel @mbazaliy @joshua_saxe @perribus @cyberphor and many more Shoutout to @dreadnode and RemoteThreat for putting the event together. @OffensiveAIcon @SANSInstitute @SANSOffensive

English

1.2K

Perri Adams retweetledi

Katie Paxton-Fear@InsiderPhD·3 Eki

I've spent a lot of time thinking about the best way to teach API security from the ground up for beginners. Today, I'm excited to launch the result: My brand new API Hacking course on JHT. It's built to give you a deep, foundational understanding of how to test modern APIs. 🧵

English

474

50.4K

Keşfet

@yo_yo_yo_jbo @DistrictCon @OffensiveAIcon @caseyjohnellis @daveaitel @RGB_Lights @mbazaliy @joshua_saxe