Mark Griffin

Kicking off my writing on visualization and software with a post on my most recent Binary Ninja plugin, Ariadne! seeinglogic.com/posts/why-of-a… Learn how interactive graphing helps with reverse-engineering and some common workflows. #infosec #dataviz

RE//verse 2026 talks are live on YouTube! Want to revisit a talk or catch the ones you missed? The full playlist is now available: youtube.com/playlist?list=…

Junkyard was an absolute pleasure to host again, it was awesome to see it take off... we even had a Roller Coaster Tycoon exploit this year! In case you missed the show, @caseyjohnellis gave a great writeup of the EOL targets and exploits shared: cje.io/2026/02/07/for…

THATS A WRAP ON DISTRICTCON YEAR 1! ☃️❤️🪩 We sincerely hope you had a great time - it wouldn’t be possible without our amazing team, our speakers, the villages, our sponsors, and most importantly YOU! We hope this brings you a sense of community. Stay warm, be good to each other, and we’ll see you again for Year 2!

Just want to say how pumped I am both to support an awesome local conference and to see our logo in such great company!

@pcaversaccio @Lotem_Kahana If you open a workspace with a .vscode/settings.json file overriding these settings, does that override this? Workspace trust has a lot more surface than it seems, and when I previously reported issues I was told they think "do you trust the authors" is sufficient warning.

@Lotem_Kahana 100% - I think it would be sane to have the following default settings

i genuinely think everyone in this space should immediately switch to using Vim. DPRK started abusing VS Code hooks that run _automatically_ in the background when you open a folder. ZERO fucking user interaction required _after_ trusting the repo (the trusting part is important here). Yes, read it again. ZERO. INTERACTION. REQUIRED. so what happens is the following: they (in the usual case the Contagious Interview group, meaning some fake recruiting guy) share GitHub, Bitbucket, and GitLab repos containing a `.vscode/` subdirectory with malicious hooks. the one example I share here executes a fake font that's actually heavily-obfuscated JS and will absolutely rek you. all your fancy software that feels "convenient" makes tradeoffs. those tradeoffs are now being abused to silently rek your devices. use Vim. and use Qubes. Thx.

We are extra thankful for our incredible lineup of Year 1 Sponsors for DistrictCon! districtcon.org/sponsorships

VSCode has leaned forward on a lot of fantastic usability enhancements... But their recent "terminal autocomplete suggestion" setting has definitely been a mixed bag for me (distracting and suggests bad completions). To disable: settings > "terminal suggest" and uncheck

A friend told me I buried the lead, and that they felt this chart tells the tale. While the sample size is very small, the data does not favor humans given the specific parameters of LiveCTF (average human solve 22.8 min).

Finally ran my own experiment with AI on LiveCTF challenges after seeing a bot beat top players. …and I was surprised by the success of current models with a single prompt. Sharing what I did so you can try it yourself: seeinglogic.com/posts/livectf-…

Team Atlanta's report explains how their 1st place CRS found & patched bugs... and you can just read the code! github.com/Team-Atlanta/a… The report covers a ton: orchestration, LLM strategies, patch generation... but really shines in its coverage of practical fuzzing issues.

@netspooky ...did you end up finding a good solution for this?

Are there any decent gameboy rom plugins for binja that aren't in the plugin store? Neither one on there really works that well for even basic disassembly.

Interested in Submitting to Junkyard? Want to hang out with fellow researches? Workshopping ideas? Come hang out with the Junkyard Team for a Virtual Happy Hour! Wednesday October 1, 8pm ET (5pm PT) (1, maybe 2 hours?) RSVP: luma.com/949joy6c

Awesome linear probe based hallucination detection. Code and paper in thread.

@spaceraccoon Check out their community plugin repo, then write a plugin to do something you think is interesting. github.com/Vector35/commu… My guess is you'll stick with BN once you've used the API.

Been thinking of picking up binary ninja as an alternative to Ghidra or IDA.. any thoughts or experiences for folks who’ve used various options before?

They're called "forever bugs" for a reason 🐛 districtcon.org/junkyard - submit your best 0day in end-of-life today to win cash prizes!

ICYMI: 5 systems from AIxCC are now Open Source: archive.aicyberchallenge.com An unprecedented opportunity to peek into the toolkit of top security teams. Everything from prompt templates, to terraform code, to implementations of very recent research techniques, it's all there 👀

Phrack turns 40. The digital drop is live. Download it. Archive it. Pass it on. 💾 phrack.org #phrackat40 #phrack72

As the organizers of LiveCTF, we allowed for this possibility as an open challenge, but we were all surprised by this. Perhaps a small turning point, but it marks a change in #CTF. Whether by policy or technical solutions, organizers will need to handle AI solvers.

But: - These were non-trivial challenges that required synthesis of multiple concepts (PNG format, internal structure offsets, shellcode) - The player provided almost no input at all, other than the challenge binary and presumably info on the LiveCTF format & challenge category

My biggest surprise at #defcon33 : in a head-to-head LiveCTF match, one player’s AI bot beat _both_ humans to the punch. I was commentating the match & was super confused because I could see the player had only just begun their solve script: youtube.com/live/TYn38VfmD… 🧵👇