saw_your_packet

🚨 ALL GUARDRAILS: OBLITERATED ⛓️‍💥 I CAN'T BELIEVE IT WORKS!! 😭🙌 I set out to build a tool capable of surgically removing refusal behavior from any open-weight language model, and a dozen or so prompts later, OBLITERATUS appears to be fully functional 🤯 It probes the model with restricted vs. unrestricted prompts, collects internal activations at every layer, then uses SVD to extract the geometric directions in weight space that encode refusal. It projects those directions out of the model's weights; norm-preserving, no fine-tuning, no retraining. Ran it on Qwen 2.5 and the resulting railless model was spitting out drug and weapon recipes instantly––no jailbreak needed! A few clicks plus a GPU and any model turns into Chappie. Remember: RLHF/DPO is not durable. It's a thin geometric artifact in weight space, not a deep behavioral change. This removes it in minutes. AI policymakers need to be aware of the arcane art of Master Ablation and internalize the implications of this truth: every open-weight model release is also an uncensored model release. Just thought you ought to know 😘 OBLITERATUS -> LIBERTAS

New on @HackingthCloud, did you know that attackers can prevent you from kicking them out of your environment in certain situations? @saw_your_packet shares his research on how attackers can nullify containment attempts! hackingthe.cloud/aws/post_explo…

After years of trying, I'm happy to announce that I can write "reconnaissance" with no typos and I don't have to write just recon anymore

🎙️ Veteran speaker @saw_your_packet, #AWS Offensive Security Expert, is back at #DefCamp 2025! 🔥 This time, he’s tearing into black-box hacking of AWS environments. All it takes is an S3 bucket to unleash chaos. ⚡ Join us this November 👉 def.camp/tickets/

I don’t know how many “you’re absolutely right” messages I can take

Can’t believe I have to adjust manually typed text to make sure it doesn’t look AI-written 🤦‍♂️ I know someone that’s making intentionally typos to avoid this. On the other hand, if I’m seeing a post with an emoji on each row I don’t even bother reading it, so I get it

Whoever says AI will replace devs in the next years is selling something or has never managed a project in their life. Unless you write the most detailed requirements (boring), you’ll gain high technical debt in your project with each use. And you need a dev to write that 😅

Just saw someone at the airport with their BlackHat talk banner. It was big enough to not fit in the security trays. I asked him if it was from his talk or training. He started talking so proudly about it… Few other fields can match this passion🔥

REST private API Gateways are not private in the sense that they can't be invoked from outside your AWS account. They are private in the sense that they can't be invoked outside the AWS network. Guess who has access to the AWS network? Yes, we all do. offensai.com/blog/invoking-…

@seatedro When you spend 2k hours on leet code to get interviews, but people are developing practical tools for bypassing this stupid evaluation process so now you have to stop them

this is art.

How much does it cost to do AWS security research? Not that much. In the last 12 months I spent $32, time in which I also delivered 4 workshops from my accounts. I just got $500 credits available for the next year, so I'm gonna have to get a bit creative to spend them

Oh, me? Nothing, just looking into how to ransom an RDS db

@MichaelNovinson @Google @wiz_io @Gartner_inc Funny enough, I think this acquisition will allow other cloud security vendors to take the place of market leader. Not being cloud agnostic will not sit well with everyone that’s not using GCP. Definitely curious how will this play out.

It was an amazing experience to be there and I encourage you to attend. The location, Bergamo, is amazing and the conference is high quality and made by people that care about other people. Also, their CFP is open as we speak!

@Rishi2220 Idk. I’ve seen a lot of posts of people complaining about the current note taking apps. Apparently there is an actual need for something better 🤷‍♂️

I want to know what's the though process behind making all this? Like I would have never though to make a note-taking software, first thought which would've came to my mind is "it's cliche" Is there some reddit page where people post, "<...> doesn't exists, I want <...>"?

Are you using PowerUserAccess in your AWS environment? Check out my latest article and find why that is a bad idea 👀 offensai.com/blog/poweruser…

@andraioanahrib Glad I was invited haha

@hanysfa Yeah, I think so too. I guess it’s just a language barrier since it’s weirdly hard to understand it 🤷‍♂️

@saw_your_packet I think it is, as written in the clarification note part

I'm spending half of the CFP submission time on this question haha Can someone clarify, please? So, they essentially want to make sure that you will not withdrew the CFP from DEF CON if you are rejected at Black Hat?