RNemes 🏖️ 💻

1.1K posts

RNemes 🏖️ 💻 banner
RNemes 🏖️ 💻

RNemes 🏖️ 💻

@rnemes4

Dev turned security auditor. Hunting bugs on @HackenProof + @immunefi. @auditifu is what a career of finding and fixing bugs looks like as a product.

UK Katılım Nisan 2020
991 Takip Edilen573 Takipçiler
Vid Repar
Vid Repar@vidrepar·
Duplicate detection got a sibling today. Known issue matching is live in Studio Review. Programs keep a list of issues they already know about. Match one and your report gets closed like a dupe. So the review now checks that list before you submit. Tag your role model researcher in replies and I'll get you both access.
GIF
English
20
9
42
5.1K
Kai
Kai@hqmank·
My bet: Fable 5 will stay in the Claude subscription plan. Give it 24 hours.
Kai tweet media
English
206
38
2K
306.8K
HackenProof
HackenProof@HackenProof·
What is the best day of the week for a bug bounty?
English
14
1
33
4.2K
RNemes 🏖️ 💻
RNemes 🏖️ 💻@rnemes4·
What does this week have in store for my @immunefi SR Summer, well I'm going deep and even more determined to up my game
English
2
0
13
639
Whitehat Bandit
Whitehat Bandit@banditx0x·
I won $12.5K and 9th place in the @immuneFi Firedancer audit contest! I used a completely AI based approach for both finding and validation as I don't understand the C programming language the codebase was written in. Despite this, ~50% of submissions were valid. It's great to see that the winners (@ControlZ_1337, f4lcon, @Haxatron1 ) were researchers who had deep human Layer 1 expertise, even if they used AI alot for the competition.
Whitehat Bandit tweet media
English
10
4
182
4K
RNemes 🏖️ 💻
RNemes 🏖️ 💻@rnemes4·
Built a tool that pulls a deployed contract's historical txs, replays each one on a fork, and ranks the risky interaction patterns into a leads file. Static review finds the bugs you thought to look for. This finds the ones you didn't.
English
1
1
6
929
Immunefi
Immunefi@immunefi·
SR Summer started 12 days ago. There’s still plenty of summer left to change your life.
Immunefi tweet media
English
3
1
53
4.7K
GiuseppeDeLaZara
GiuseppeDeLaZara@windhustler·
I’m 100% for using AI. We’re using it internally with great results @burraSec. I’m just against outsourcing thinking and judgment to AI. And this happens if you rely on it too much and you want 10x output. The golden rule of quoting was 200 - 250 nSLOC / day. If we have all these tools does it mean we can now process 500 or 1000 nSLOC per day with high coverage? I don’t think so. The mental overload of processing so much information is simply too big.
English
1
0
8
466
GiuseppeDeLaZara
GiuseppeDeLaZara@windhustler·
this looks deeply troubling > Can AI find a lot of bugs? Yes > Can AI find bugs auditors miss? Yes > Can AI find 100% of bugs? No > Even on a small scope, can you be sure AI has found all critical and high-severity bugs? No > Does any of the AI auditing tools rn measure coverage? I don't think so AI tools can't be a complete replacement for a human being in understanding the codebase and reaching a certain confidence that there are no serious issues left. It's surely a revolutionary tool, but outsourcing reasoning and judgment sounds dangerous.
pashov@pashov

Security researchers, what is your current vulnerability discovery technique when it comes to AI vs manual:

English
5
0
48
5.1K
KNNi
KNNi@kenniscotz·
@rnemes4 @immunefi Congratulations I really need to learn your strategy
English
1
0
1
77
dawgyg - WoH
dawgyg - WoH@thedawgyg·
Could this end up being the 3rd LPE in less than 24 hours?!
dawgyg - WoH tweet media
English
6
1
45
4.3K
RNemes 🏖️ 💻
RNemes 🏖️ 💻@rnemes4·
A long day of spinning up devnet chains might have been worth it
RNemes 🏖️ 💻 tweet media
English
0
0
7
350
LonelySloth
LonelySloth@lonelysloth_sec·
I cant see the future but let me make a wild contrarian prediction for the next few years. ***Humans will get exponentially better than LLMs in economic relevant tasks.*** Reasons: 1. Humans will focus on whatever LLMs cant do, which will become clearer with time. Those will be the things with most economic value. What LLMs can do reliably (whatever it is) will be commoditized. 2. LLMs won’t catch up because of fundamental limitations. Lack of data being a major one. We cant keep adding human generated data exponentially and synthetic data isn’t a panacea **even in verifiable domains**
English
6
4
69
3.6K
DAVIS LUXURY
DAVIS LUXURY@davis_luxury·
Hey @grok what’s the hidden meaning behind this hand gesture?
DAVIS LUXURY tweet media
English
710
825
4.1K
3.4M
RNemes 🏖️ 💻
RNemes 🏖️ 💻@rnemes4·
Single agent beats multi-agent for a narrow task. "One chef is fine for breakfast." You add agents when the problem spans domains, not to look sophisticated. Most "multi-agent" systems I see are one job wearing five hats.
English
0
0
2
251
sashko.eth🇺🇦
sashko.eth🇺🇦@d0rsky·
Please meet a new face on our team 👀 @nem0thefinder joining us as Triage Team Intern! You’ll start seeing him a lot in your tickets soon, so please be patient, supportive, and kind. And on the bright side, our security team just got stronger. Happy to have you with us!
sashko.eth🇺🇦 tweet media
English
12
2
56
7.2K