gln

It is obvious, but: when you give somebody advice, you're giving it to yourself

Week 2: rest-day log to keep myself accountable. Rest = recharge. It’s deliberate. Breathe deep. Reflect. Give your mind some space. The ideas will simmer unspoken.

read to your kids!

When working with ICON codebase, i've spent large amount of time trying to bypass their java bytecode validation and achieve RCE ;-) Found a lot of bugs which allowed to generate unlimited amount of STEP (basically gas) in smart contract, but no RCE.

There’s no excuse to stealing user funds. It doesn’t matter how badly the project team treats you. If you want to work in security, decide once and for all that you will never exploit a vulnerability.

You think you always have a choice, but you don't. There are only select moments when real change is possible. Outside these, you're bound to inertia. When those rare road-forks arrive you must recognize them and choose carefully. Those moments mold your whole life.

Moarrr shipping for Immunefi Security Researchers: We cleaned up the navbar and made all the frequently used pages and links super easy to find. Now you can spend less time reporting, and more time bughunting.

Come hell or high water, we will break the conditioning afflicting Security Researchers everywhere. It’s time to be set free.

Moarrrrr shipping: We are deploying more tooltips throughout Immunefi Magnus, so you have expert guidance for every workflow. This one explaining Primacy of Impact.

We're underestimating AI... 🤖

From the recent hacks, the "informative" findings or "recommendations" are exploited. Protocols must work thoroughly with their "Security Partners" and implement fixes and recommendations. It's just the matter of bad state which could get you exploited!

The proper use of the internet is as channel for your best possible self. It gives you everything you need to self-perfect. Use it to: 1) Find great resources 2) Engage the best teachers 3) Meet the right friends 4) Automate everything else Let it help you live more, not less.

@0xpessimist dont report these if i find bugs with no funds or dos risk i just keep them the tweet by storm above the qt is correct. lows stack into a crit.

The Paradex Network Invite-Only Program has officially concluded, with $45,000 in rewards distributed by @paradex to top security researchers! 💸🎉 🥇 Top Researchers: 1. @shaflow01 – $17,842 2. @ma1fan – $8,421 3. @prolikegln – $4,401 4. @kalogerone – $2,336 Congrats to all the winners! 🏆 Leaderboard and results here: immunefi.com/audit-competit…

Reactive decisions feel productive but slowly murder your dreams. You think you're choosing but fear and doubt choose for you. Your real goals die while you chase phantom urgency. Break the cycle through painful deliberation. Agency grows like muscle: one challenging rep at a time.

@hrkrshnn of course it will

Do you think AI will ever get to the level of an 80 percentile security researcher? What about 99 percentile?

Master one thing, simplify everything else, and you'll become GREAT. The world's top performers share a dirty secret: they're lazy about 99% of life; I certainly am! Noobs juggle complexity everywhere, masters cut ruthlessly to protect their high agency attention; they're hoarding mental bandwidth and you should too. Think of attention battery. Every decision drains power. Each micro-choice bleeds focus from what actually drives results. And it takes a whole night of sleep to recharge it. Sou need to pick your fights VERY CAREFULLY. Make everything unnecessary a solved equation. Your workout? Same time, same exercises. Your work setup? Always the same. Your evening routine? Scripted and habitual. Decide now: what will you solve once and forget forever? Simplify your life and you'll get to spend your attention on what you love most.

RT @MitchellAmador: Security researchers are the immune system of the onchain economy, keeping us all safe and secure. So when you ask for…

It is ok to feed an LLM with bug patterns and ask it to audit the code. But it is like getting rid of the most interesting part of audit process.

Blocksec's near-future is first strike victory, second strike defeat. Mitigation or hack, all decided within seconds of tx deployment. Being second is being last, and last gets exploited. Attackers are using increasingly polished attack runs, with no errors or opsec gaps. They understand they have an infinite amount of time to peruse your code and optimize their exploit. They are leaning into their natural advantages, so that their hammer blow lands as crushingly and lucratively as possible... entirely at your expense. The only solution: to detect, to intercept, to act, to mitigate FIRST, at every level of the stack and before the exploit-chain can fully unfold. That requires technology moving at the speed of bits, not agonizingly slow thought. Every protocol needs first-strike security to survive. Immunefi Magnus embodies first-strike security. We are unifying every best-in-class security tool onchain today, optimizing every implementation and maintenance process thereof, and combining it all with instantaneous threat mitigation at every level of the stack. We named ourselves blockchain's immune system for a reason. Lazarus Group has been an extremely capable foe, highly skilled, disciplined, and infinitely patient. But they are about to discover what it looks like to compete against the security community when it brings its best technology, dedicates its most unwavering spirit, and when it is fully united. Lazarus will not win. The age of first-strike blockchain security has arrived. Attackers are about to discover what happens when defense moves at the speed of computation. Prepare yourself for the impending new age of blockchain security, and get on Immunefi Magnus now.

Master complexity by mastering simplicity first. Specialists who dominate one field win by keeping everything else dead simple. Pick a problem, settle on how to solve it once, and move forward forever. Never think about it again! Master this and you will feel liberated.