Faisal Tameesh

Recently, it was necessary to write an RCE exploit for a remote UAF N-day vulnerability (ZDI-17-836). This post goes through root cause analysis and exploitation. Also, I present a tool / methodology to avoid heap sprays. primalcerebral.com/blog/egregious…

Great history lesson and a good take re: mythos / AI

One AI anti-pattern I keep seeing: People are trying to use AI to automate things that should have been solved with ordinary software. Not every problem is a reasoning problem. If the transformation from input to output is already known, then the problem is solved. And if it is solved, the right answer is usually code, not an LLM sitting in the middle of the execution path. AI is best used as an intelligence amplifier, as I've mentioned before. It helps you deal with ambiguity. It helps you think. It helps you break down messy problems, connect ideas, and get to a solution faster. But once the solution is known, keeping AI in the loop is often the wrong move. That is the lesson behind something as simple as counting the R’s in strawberry. The system should not “reason” about it every time. It should execute a procedure. Currently, most AI models will write a short script to do just that. When it comes to huge projects, the AI models won't necessarily know when to start scripting big stuff out! So, use AI to solve the unsolved problem. Then automate the solved problem with software. For example: Wrong fit: “Use an LLM to transform a known CSV schema into another known schema every day.” Right fit: “Use an LLM to interpret messy vendor invoices, discover field patterns, and help design the extraction logic.” Use AI where judgment is needed. Use traditional software where the answer should be the same every time, because the problem itself is solved. Otherwise you pay premium prices for the wrong properties: - non-determinism (great for reasoning) - weak repeatability (also great for reasoning) - significantly added cost IMO, the future is not necessarily replacing software with AI. The future is using AI where judgment is needed, and software where certainty is needed.

"it's hyper-efficient compression revealing unseen connections in the data distribution" ...this is beautiful technical poetry. Such an elegant description of one of the deepest mechanisms behind intelligence.

@HackingLZ I am seeing (and practicing) the same pattern. I think of it as "IA" an intelligence amplifier, rather than "AI".

My observation from working with a large group of people on various LLM offsec things the last few months LLMs mostly amplify existing focus areas. The % of folks branching into entirely new niches seems low, most go deeper where they already have context. Lowered the execution barrier, not the direction barrier.

Lately I’ve been questioning the term "Artificial Intelligence". Watching the spread of outcomes people get, from useless noise to genuinely high-leverage work... perhaps the label may be wrong. Perhaps it's not "AI". That label feels like a relic, a term inherited from decades of ambition about what computers should become. A more precise term for what humanity has recently built may be "IA": an "Intelligence Amplifier". People use the same model. Same tools. Same access. But they get radically different results. Why? I think this is because the system doesn’t create structured thought out of nowhere. It amplifies the operator’s ability to decompose problems, form precise questions, recognize signal vs noise, and iterate toward better internal representations. Broadly speaking: If your thinking is vague, it scales vagueness. If your reasoning is sharp, it scales sharpness. LLMs are very good at compressing and reconfiguring patterns based on the structure you feed them. The QUALITY of that structure over time determines the quality of the output. In that sense, AI isn’t quite replacing intelligence, it is amplifying it. So when I use it, I often ask myself: "Is this system amplifying a well-structured mental model or an under-specified one?"

Welcome to the Claude era. Code hasn’t disappeared, but intent has moved up a level. English is now the dominant programming interface.

A few random notes from claude coding quite a bit last few weeks. Coding workflow. Given the latest lift in LLM coding capability, like many others I rapidly went from about 80% manual+autocomplete coding and 20% agents in November to 80% agent coding and 20% edits+touchups in December. i.e. I really am mostly programming in English now, a bit sheepishly telling the LLM what code to write... in words. It hurts the ego a bit but the power to operate over software in large "code actions" is just too net useful, especially once you adapt to it, configure it, learn to use it, and wrap your head around what it can and cannot do. This is easily the biggest change to my basic coding workflow in ~2 decades of programming and it happened over the course of a few weeks. I'd expect something similar to be happening to well into double digit percent of engineers out there, while the awareness of it in the general population feels well into low single digit percent. IDEs/agent swarms/fallability. Both the "no need for IDE anymore" hype and the "agent swarm" hype is imo too much for right now. The models definitely still make mistakes and if you have any code you actually care about I would watch them like a hawk, in a nice large IDE on the side. The mistakes have changed a lot - they are not simple syntax errors anymore, they are subtle conceptual errors that a slightly sloppy, hasty junior dev might do. The most common category is that the models make wrong assumptions on your behalf and just run along with them without checking. They also don't manage their confusion, they don't seek clarifications, they don't surface inconsistencies, they don't present tradeoffs, they don't push back when they should, and they are still a little too sycophantic. Things get better in plan mode, but there is some need for a lightweight inline plan mode. They also really like to overcomplicate code and APIs, they bloat abstractions, they don't clean up dead code after themselves, etc. They will implement an inefficient, bloated, brittle construction over 1000 lines of code and it's up to you to be like "umm couldn't you just do this instead?" and they will be like "of course!" and immediately cut it down to 100 lines. They still sometimes change/remove comments and code they don't like or don't sufficiently understand as side effects, even if it is orthogonal to the task at hand. All of this happens despite a few simple attempts to fix it via instructions in CLAUDE . md. Despite all these issues, it is still a net huge improvement and it's very difficult to imagine going back to manual coding. TLDR everyone has their developing flow, my current is a small few CC sessions on the left in ghostty windows/tabs and an IDE on the right for viewing the code + manual edits. Tenacity. It's so interesting to watch an agent relentlessly work at something. They never get tired, they never get demoralized, they just keep going and trying things where a person would have given up long ago to fight another day. It's a "feel the AGI" moment to watch it struggle with something for a long time just to come out victorious 30 minutes later. You realize that stamina is a core bottleneck to work and that with LLMs in hand it has been dramatically increased. Speedups. It's not clear how to measure the "speedup" of LLM assistance. Certainly I feel net way faster at what I was going to do, but the main effect is that I do a lot more than I was going to do because 1) I can code up all kinds of things that just wouldn't have been worth coding before and 2) I can approach code that I couldn't work on before because of knowledge/skill issue. So certainly it's speedup, but it's possibly a lot more an expansion. Leverage. LLMs are exceptionally good at looping until they meet specific goals and this is where most of the "feel the AGI" magic is to be found. Don't tell it what to do, give it success criteria and watch it go. Get it to write tests first and then pass them. Put it in the loop with a browser MCP. Write the naive algorithm that is very likely correct first, then ask it to optimize it while preserving correctness. Change your approach from imperative to declarative to get the agents looping longer and gain leverage. Fun. I didn't anticipate that with agents programming feels *more* fun because a lot of the fill in the blanks drudgery is removed and what remains is the creative part. I also feel less blocked/stuck (which is not fun) and I experience a lot more courage because there's almost always a way to work hand in hand with it to make some positive progress. I have seen the opposite sentiment from other people too; LLM coding will split up engineers based on those who primarily liked coding and those who primarily liked building. Atrophy. I've already noticed that I am slowly starting to atrophy my ability to write code manually. Generation (writing code) and discrimination (reading code) are different capabilities in the brain. Largely due to all the little mostly syntactic details involved in programming, you can review code just fine even if you struggle to write it. Slopacolypse. I am bracing for 2026 as the year of the slopacolypse across all of github, substack, arxiv, X/instagram, and generally all digital media. We're also going to see a lot more AI hype productivity theater (is that even possible?), on the side of actual, real improvements. Questions. A few of the questions on my mind: - What happens to the "10X engineer" - the ratio of productivity between the mean and the max engineer? It's quite possible that this grows *a lot*. - Armed with LLMs, do generalists increasingly outperform specialists? LLMs are a lot better at fill in the blanks (the micro) than grand strategy (the macro). - What does LLM coding feel like in the future? Is it like playing StarCraft? Playing Factorio? Playing music? - How much of society is bottlenecked by digital knowledge work? TLDR Where does this leave us? LLM agent capabilities (Claude & Codex especially) have crossed some kind of threshold of coherence around December 2025 and caused a phase shift in software engineering and closely related. The intelligence part suddenly feels quite a bit ahead of all the rest of it - integrations (tools, knowledge), the necessity for new organizational workflows, processes, diffusion more generally. 2026 is going to be a high energy year as the industry metabolizes the new capability.

When using AI for long-running tasks, don't forget to slow down and really enjoy this technology. At any point, you can ask it exactly what it's thinking, diagram it multiple ways, what roadblocks it's currently facing, and really learn A LOT from it. You might learn something completely new from intermediary steps AND you can then direct it better. :)

Fantastic article - one comment regarding this caption, "Most of people holding such beliefs end up relying on immigrants for their own 'better life', unless their definition of 'better life' has nothing materialistic in it." I think there’s a cultural gap here. In many U.S. conservative circles, “better life” isn’t primarily defined by material consumption. It’s often about stability, family, faith, or preserving traditions. So the assumption that opposing immigration must conflict with the pursuit of a “better life” (because immigrant labor underpins material comfort) doesn’t quite map onto how many conservatives actually think about the good life. Another thought: this may reflect technological saturation. We’ve already built most of the tools that make life materially easy and efficient, so the next frontier is addressing the cultural debt accumulated during that period of financial growth, and this is how it manifests. TL;DR: many would take less money in exchange for a better quality of life as they define it.

I just published The World in Which We Live medium.com/p/the-world-in…

I've had extremely dumb things break on my Plaid and it always takes at least a month out to fix them. The most recent one was the passenger side door handle (an issue they couldn't reproduce the first time it happened because it was intermittent). The main thing keeping me from switching is FSD but I'm over it. A 100k car needs a higher minimum standard for dumb things breaking.

The @Tesla service has gotten me to a breaking point. Been a Tesla owner since 2014 and have always loved the cars. Took a month and a half to get an appointment. Dropped off my car Monday for a recall, said it would be ready next day - changed it to Wednesday. No problem. Then they said Friday or next week. Picked it up today and zero work done on it. Nail in coffin for me, going to move on from Tesla after this one. Sucks, really loved the cars. @elonmusk

@HackingLZ then: ppl didn't know how to make hacking highly economically viable. now: ppl know how. author: upset but in chatgpt.

"The Hacker's Renaissance: A Manifesto Reborn" 🔥 #article" target="_blank" rel="nofollow noopener">phrack.org/issues/72/19#a…

Hierarchical instability increases with depth. Deception, in the form of two-faced behavior or face-saving signaling between levels, acts as a dampener that keeps the structure from blowing apart. (By “hierarchical stability” I mean the capacity of a layered organization to sustain alignment, trust, and reliable information flow across its levels without devolving into dysfunction, conflict, or fragmentation.) I’d argue this dynamic isn’t tied to work type (blue vs. white collar) but to vertical depth. (Aside: number of people in a hierarchy isn’t the driver, though larger orgs often end up deeper.)

Sincerity is incompatible with (non-blue collar) employment.

I forgot to mention flashing yellow lights, which is a common thing in Michigan. You’re supposed to just drive through those without really slowing down, but FSD will sort of spaz out between slowing down and accelerating. Doesn’t do it for all of them though, so might be a flash duration thing.

@primal0xF7 @Tesla Same.Mine also seems to “stutter” now.. like I’m tapping on the accelerator ever so slightly.. it’s strange.Also,how about stopping for school busses, that is a pretty big one. One stopped in front of me, it’s stop sign comes out & lights flashing-my car attempted to go around🤦🏼‍♂️

Autonomy, at scale, makes cities more livable & gives you back the most important thing in life: time

I like FSD a lot, I’ve had a Model S Plaid for almost a year, but there are still a few legitimate issues that haven’t been fixed, or have even regressed, from my perspective in Michigan. - highway lanes on the left that end: FSD awkwardly merges at the last second into the lane to its right. Awkwardness is amplified if there’s traffic in the lane to merge into. - city roads that go from 2 lanes to 1 lane (in 1 direction): again FSD merges awkwardly at the last second. Issue is amplified if there’s traffic. This is especially the case if there’s a long line of cars that already know the other lane will end. FSD will just jump into the lane that will end and try to cut back in. - awkward indecision when approaching yellow lights at the right moment: decide to either go or stop and stick to the decision. - after coming to a complete stop, if there’s no traffic around and a red signal, it will randomly either WANT to run the red light by slowly creeping forward or just completely run it. (this is recent and also WTF) - “Michigan lefts”: very awkwardly executed, unless the light is already green. FSD needs to learn how MI drivers do these turns. - turn planning: in some city street configurations, it will reliably miss the turn it needs to take if there’s a long line of traffic already lined up for that turn, because it’ll try to take the faster route and cut back in awkwardly. FSD is effective for what mentally feels like ~95% of situations. While it may have a safe outcome regardless, the execution of that last 5% of scenarios is incredibly awkward. It has less issues on highways with end-to-end. I think city driving needs a bit more specific work, perhaps more training in different locales outside of Cali, TX, FL, etc.

You can get a glimpse of that today: although FSD Supervised currently does require your supervision, you will still notice that your commute or long drives are suddenly so much less taxing. No constant micro-adjustments in rush hour traffic. No frustration. Car does it all for you. Now imagine how you’d feel if not having to supervise at all, while still getting from A to B in comfort & style & for very little $ That’s Robotaxi. And it’s coming.

@HackingLZ This will become a thing only when there is finally a way to objectively measure the quality of a pentest or RT. Till then, soft skills will fill all and any quality gaps.

I'm interested in how many more years before offensive security returns to being niche. Low end pentests will get washed out by automation and higher end stuff is going to require R&D and talent.

I had the pleasure of speaking with Zac Davis on the War Stories podcast recently. We went through some fun war stories from my journey as a hacker: youtube.com/watch?v=oOhBPl…

Hey folks, hope you're all doing well. :) Part 1 of my DUALITY blog post, written during my time at Aon, is now publicly available on Aon's website. Using the following link on my personal blog, you can find links to part 1, the song, and the talk. primalcerebral.com/blog/duality.p…

Probs when folks try to get into modern malware and/or exploit dev - need lots of background knowledge about target OS, mem allocators, how EDR works, mitigation bypasses, being fluent with debuggers, along with decent programming skills to pass around data structs, interacting with OS, networking, etc. Basically when you need lots of background info in a bunch of tangential fields, no longer straightforward. Same with more advanced web attacks, or advanced hardware hacks, etc.

For folks interested in watching my DUALITY talk from @_BSidesKC, it's now available on YouTube: youtube.com/watch?v=DM23uv… Blog post(s) coming soon!