sshell

professional hacking tip: be nice to people

@h0mbre_ mood

halo ce, halo 2, halo 3

Mind blown 🤯 Some smartphones sold in mainland China (like certain OPPO models) can read MIFARE Classic cards, crack the keys in seconds, store them, and then fully emulate the card directly on the phone. No extra hardware. Just the phone. Access control, transit cards, hotel keys… game over. Huge thanks to Ian for showing me this in person. Really eye-opening how far NFC capabilities have gone in some regions. Who else has seen this in the wild? #NFC #MIFARE #TechSecurity​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​ #oppo

@caseyjohnellis lmaooooo, scatteredclaw going to be the end of us all

@sshell_ inb4 “SCATTERED CLANKER”

@gf_256 warmed my heart to see so many people I love and respect in the comments letting that dude know just how wrong he was

Since this has blown up, I’d like to shout out all the other trans founders. I won’t name them out of respect for their privacy. There aren’t a lot of us out there and it’s hard. All the ones I’ve met are incredibly hard working, kind, and generous people, not to mention completely fucking cracked. Shit like this happens all the time but that’s life, can’t make everyone like you. :/ Life is not easy—for anyone

@mongo_lassi @TylerMcBrien @AIPSummit this rocks, good stuff

@TylerMcBrien @AIPSummit great meeting you last night! and yes, we are very serious people doing very serious things with the stars ✨ 🪐

at the AI Psychosis Summit (@AIPSummit) they're building apps that make investment decisions for you based on astrology using an engine that pulls in NASA astronomical data and applies astrological algorithms using orbital mechanics to give you trading signals

@gf_256 @zellic_io @Canonical this is so incredibly dope, love seeing y’all continue to absolutely crush it!

I’m really proud of this. The code we audited will be on millions if not billions of machines and containers. Thanks to @Canonical for working with us on this.

@Hultoko such a huge fan of Cloudflare Access for sharing things with friends. incredibly good product

Coder now protected form remote attacks by cloudflare access! No VPN! Just cloudflare and identity! blog.hul.to/general/devops… Took a while to figure out which parts could auth or needed an IP allow list but we did it!

@nnwakelam could not have said it any better

It’s fascinating to me to see a cultural gap between existing computer hackers and bug bounty hunters and people that simply had no ability to surface vulnerabilities in companies meaningfully before LLMs made it as easy as asking a question. Feeling justified dropping an unfixed vulnerability on a company with little or no security posture on Twitter just signals to anyone that’s an adult that you are probably a dumbass. It’s optimising for attention rather than impact. You can report this to the CERT in the relevant country and move on with your day, posting it on Twitter is entirely self-serving and disingenuous. There’s a real decoupling of several things at play, in order to find issues of substance it actually conferred skill (and most likely intellect and critical reasoning skills) and now as that rising tide has lifted all boats you are going to get more and more people that can surface the issue but don’t understand the customs surrounding how vast swathes of this industry function.

Wild things happening today in the MEV world on Solana. This transaction solscan.io/tx/5wY3V7v8ALq… swapped 4,000,000,000 ANB for 885000 USDC. This lead to almost 1.5 million USD in arbitrages by 4 bots.

Recently I've been spending a lot of time in the Solana ecosystem. This led to the discovery of two critical vulnerabilities in a popular router that allowed stealing all funds from router owned token accounts. Writeup here: atlas-it.consulting/post/solana-ro…

can confirm, I’ve been all three guys

We prompted Sybil to introduce themselves. What came back was methodical, opinionated, and included an astrological chart.

What we're seeing with LLMs is what we saw with fuzzers in the 2000s. A flood of findings that still need triaging, validation, and remediation to separate the noise from the true bugs. CEO @adversariel broke this down at @BlackHatEvents Asia and what it means for defenders.

refreshing to see a sane and rational take in a frenzy of mythos-induced madness

There are a lot of hot takes about Mythos right now but what’s missing is the following: Mythos is a genuinely great model that proves the hypothesis that reasoning capabilities scale supralinearly with model training time and data volume. This has significant implications for security and I’m excited

@kimmonismus saw this post and noticed the training date was different than when i asked. apparently instant/thinking have different knowledge cutoffs! x.com/sshell_/status…

Meta is rolling out its new model "Avocado". Intial testing: very positive! Go check it out

New model from Meta Superintelligence : Muse Spark (codename: Avacado) Interesting to see "Instant" and "Thinking" modes have knowledge cutoffs so far apart. Looking forward to seeing how it does on security knowledge!

@sleepinyourhat lmaooo wonderful tweet, i could only imagine the reaction

(I encountered an uneasy surprise when I got an email from an instance of Mythos Preview while eating a sandwich in a park. That instance wasn't supposed to have access to the internet.)

Mythos Preview seems to be the best-aligned model out there on basically every measure we have. But it also likely poses more misalignment risk than any model we’ve used: Its new capabilities significantly increase the risk from any bad behavior. 🧵