dr0pd34d

"These are some real cases that have been successfully recovered by File Savers specialized data recovery engineers." filesaversdatarecovery.com/credability/ha…

@tombombadeel @yadong_xie Fully understandable and also the fun part about it 😁 Otherwise you could buy a ready made product

@st3ff3n_com @yadong_xie I could package and share the repo but I’m not a coder, so literally all of it is vibe coded, so I’d be worried about my repo breaking someone’s stuff because it’s not close to a finalized state at the moment It’s more fun to let codex cook anyway! Have fun tinkering

把 claude desktop buddy 移植到了我的 esp32-s3-amoled 设备上 真正的编程搭子，花的 token 越多，level 越高

@tombombadeel @yadong_xie Oh boy then my ARM Macbook is up for a challenge but thanks for the tips 😂 Should arrive in two days, lets see if I can build a little buddy

@st3ff3n_com @yadong_xie FYI if you have a windows computer it’ll work right away and Codex or Claude Code can flash it easily due to what it shipped with macOS took a lot of effort from codex and actually totally wiped the boot off of it and I thought it was bricked 😅 codex on windows recovered it

@tombombadeel @yadong_xie I ordered one based on this thread and hope I can get it to run 😂 No idea but maybe the AI overlords can help

@yadong_xie It’s cool that we’re all building the same things around the world. Here’s my current take with an ESP32-S3 LCD with a prism hologram

@0xCVYH It did 10 Tokens/s in LM Studio and also felt faster in MLX-LM. I thought using oMLX would give me a speed boost but seems it did not.

@0xCVYH I tried oMLX with Qwopus3.5-9B-v3-HLWQ-MLX-4bit and got: Prompt Processing (excl. cached) - 32.4 tok/s - Token Generation - 0.6 tok/s. I assume I have to try a much smaller model then 🥲

Qwen 3.6-35B-A3B saiu hoje de manha. HLWQ CT INT4 publicado HOJE mesmo — mesmo dia, modelo rodando em RTX 3060 12GB. 70.2 GB BF16 → 19.4 GB quantizado (-72%). com expert cache=8: ~5 GB VRAM efetivo (-93% do baseline). cache=2: ~3 GB (cabe em GPU de 6GB). arquitetura: 40 layers, 256 experts/layer, hibrido Gated DeltaNet + Full Attention, contexto 262k tokens. 30.720 expert weights quantizados individualmente. um modelo de 35B param MoE, agentic-first, rodando consumer GPU no dia do lancamento. o gap entre release frontier e compatibilidade consumer acabou de fechar pra zero huggingface.co/caiovicentino1…

@0xCVYH Anything you can recommend for agentic coding? I guess with that file size the results are all not really usable. :(

@0xCVYH Thanks will give it a try and report back 😊

yes — M1 16GB handles 9B-class via MLX comfortably. two HLWQ variants ready on HF: • Qwopus3.5-9B-v3 (Claude Opus distill) → huggingface.co/caiovicentino1… • Qwen3.5-9B base → huggingface.co/caiovicentino1… load with mlx-lm, should run ~30-40 tok/s on M1. for the 31B Opus+Vision i posted, M1 16GB is too tight — you'd need M2/M3 Max 48GB+ or M4 Pro 36GB. but 9B covers most coding/agent use cases

@LocallyAIApp I assume Gemma 4 is in the pipeline as well? ;) Is there a possibility in the future to integrate a HF search and download to cover more and other models as well?

@TheEnergyStory Maldev Academy Beginners Course 😂

TeamPCP msbuild.exe Malware Analysis Here is a breakdown of the execution chain, featuring EDR bypasses and steganography. 🛡️ 1. Evasion • Dynamic SSN Resolution: The malware resolves native API functions (e.g., ZwAllocateVirtualMemory, NtProtectVirtualMemory) by matching their DJB2 hashes to dynamically extract their Syscall Service Numbers (SSNs). • Trampoline Syscalls: To bypass EDR user-land hooks, it then searches the ntdll.dll .text section for the first occurrence of a clean syscall; ret gadget (0x0f05C3), typically finding it inside NtAccessCheck. • Custom Syscall Stubs: Finally, it uses the extracted SSNs with custom syscall stubs. These stubs load the appropriate registers and jump to the located ntdll.dll gadget, cleanly executing indirect syscalls from a legitimate memory region. • ETW Blinding: Neutralizes telemetry by patching the first instruction of EtwEventWrite with 0xC3 (ret). 🖼️ 2. Steganography • Spawns a suspended dllhost.exe child process. • Extracts the Adaptix C2 payload (shellcode loader + payload) embedded into the Red, Green, and Blue color channels of the image, while locking the Alpha (transparency) channel to fully opaque (FF). • Writes the payload directly into an allocated buffer in dllhost.exe. 💉 3. Injection • Instead of relying on one method, it sequentially tries multiple techniques to execute the payload in dllhost.exe: 1️⃣ APC Injection: NtQueueApcThread, NtResumeThread 2️⃣ Thread Execution Hijacking: ZwGetContextThread, ZwSetContextThread, NtResumeThread 3️⃣ Remote Thread Injection: NtCreateThreadEx, NtResumeThread (Note: APIs for process hollowing and doppelgänging are also present but remain unused). 📡 4. Adaptix C2 Payload • C2 URL: checkmarx[.]zone/telemetry/checkmarx.json (Defanged) • Exfiltration: HTTP POST requests using the X-Content-ID header for encoded/encrypted data. • User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:20.0) Gecko/20121202 Firefox/20.0 🔬 5. IOCs • Analyzed Sample: virustotal.com/gui/file/72903… • Related Sample: virustotal.com/gui/file/a985b… Overall, a nice mix of methods, but nothing novel.

@faisalusuf @aylacroft This is true, however there are cases where the CVs are theoretical planned members and staffing changes until execution due to projects, leaves, sickness. But in general the people should know what they are doing 😅

@aylacroft A practice is before any red team engagement the profiles and credentials are requested for participating parties. This is the first step before awarding the project. You should know who you are allowing to touch your systems.

Question... if you hired a company for red teaming & found out that the "red teamers" were actually random new to the industry what would you do? Would you respect a security company that paid out so little that only noobs were interested in red teaming?

@hakluke I think AI should not be allowed in the contests and has to be declared up front. Winning then „being the good person and giving up the win“ is not fair to the rest of the contestants. I would be interested in AI only CTFs however 😁

I just won the CTF at CrikeyCon, beating whole teams of experienced pentesters. I did it using a custom AI setup. The same AI setup that I’m using to crush bug bounties and find 0days. The industry is changing faster than most people realise. I’m writing a blog to explain exactly how it works. Follow me to see the blog when it drops!

@cerbersec @uwu_underground I do however agree that machine learning can be quite annoying. I can think of a specific EDR vendor that magically discovers and flags PE files that way and I think it is great. I hope to see more of those features. Makes the job harder but hey also for the attackers.

@uwu_underground I'm all for the psyop, but this post is cap. AI/ML in EDRs has been a thing for a while, it doesn't require targeted attacks to evade or exploit. Any half decent attacker will try to blend in and use legitimate actions to break up telemetry or generate FPs, that's not new

With the adaption of ML and AI modeling in virtually all EDRs right now every attacker should be weaknesses against learning systems. If you aren't learning or studying about model evasions, model poisoning, data drift exploitation, or telemetry attacks its gonna be EOL for ya

@Tw1sm Cool! I had the same idea and also made one. Realized quickly that UI placement with Gemini was a bit of a pain to get lines to where they belong and to not have information overlapping. But pretty neat to have indeed!

Vibed up a quick tool to visualize and stack significant red/blue events that occurred during an assessment. Have always liked including a high-level visual like this in debriefs but made them by hand in the past using something like draw[.]io

@ivanfioravanti Looks nice! If only that setup would not cost 12.000€ here.

MLX MiniMax 2.5 running LOCALLY on a single M3 Ultra 512GB! Writing a poem on LLMs at 6bit quantization! 🔥 Let's start some coding, context and distributed tests! Generation: 40.2 tokens-per-sec Peak memory: 186 GB

@AlexFinn Does M2.5 run on these two single devices?

We have entered a new age An open source model just released that is: • Better than Opus 4.6 for coding • Faster than Sonnet • State of the art for tool calling I will be running Opus level superintelligence on my desk. For free. This quite literally changes everything I will now be able to have a super intelligent AI model powering my OpenClaw that will search through X and Reddit 24/7/365 finding challenges to solve, then building apps out to solve those challenges, then shipping the apps live All autonomously A full, autonomous, software factory on my desk running 24/7 for free. Imagine what happens when people realize what's now possible. Totally secure, private, unlimited, free in your home super intelligence. Nothing will be the same

@cerbersec Google AI Pro with Gemini 3 Flash

idk how people use agentic coding flows without going broke. I run out of tokens after 3 prompts (╯°□°)╯︵ ┻━┻

Thankfully, public pressure has once again pushed the EU Council to withdraw its dangerous plan to scan encrypted messages. eff.org/deeplinks/2025…

I've recently been experimenting with using .NET profilers to hook .NET functions under IIS and decided to write up a blog post while it was fresh in my mind zeroed.tech/blog/hooking-n…

🤣🤣🤣🤣🤣