𝖽𝖺𝗎𝗌

Got my first Chrome CVE! This was surfaced by my agentic pipeline, though the PoC was put together with a bit of manual work, AI, and a lot of digging through similar older reports and commits, since it was my first time and I honestly did not understand much of the codebase or how a PoC was supposed to be done for this case initially. I’ve also had a few other CVEs surfaced by my pipeline over the past few months, and I might write about those some other time

Had too many AI tokens, so I vibe-coded a Malaysia Web Defacement Observatory. It visualizes scraped Malaysian web defacement data, with the entire pipeline running on GitHub: - GitHub Actions -> data processing - JSON metrics generation - GitHub Pages -> dashboard Check it out: observatory.kampung.digital/malaysia-defac…

Dissecting a GenesisStealer Campaign Hiding Behind Indie Game Branding badrulmunir.com/posts/analysin…

Noticed a qr phishing trend on threads aimed towards local Malaysians and did a quick analysis on the situation : notion.so/3ch0/Analysis-…

@farhanhelmycode Maceh boss 🙏

@vicevirus2 mantapp boss

Thank you carisurau @farhanhelmycode Looking forward to v2!

@atanudin_ @takeptoto Onz, dakwah di trec

@takeptoto @vicevirus2 @farhanhelmycode Makan pizza kat trec jom

Dope design btw

@overflow_kaizen Mantap, dah pergi bulan ni dan biasa g main awal bulan. Hujung bulan nnt akan ku roger semula

@vicevirus2 jom

The prize pool we have collected so far is MYR600. If anyone wants to add to it or sponsor by adding their logo, please let me know. The CTF starts tomorrow at 9PM GMT+8. We have ~140 players going to compete (solo/duo)

Parallel Pulse @nanosec_asia is excited to 👏 welcome Jason Phang and Robbin Ooi to our panel of speakers, presenting "Following the Breadcrumbs: MacOS Unified Logs & FSEvents." Read abstract here: linkedin.com/feed/update/ur… Watch this space for registration - opening soon!

@warlocksmurf bro wen detect my malware

We will be presenting a really niche topic that is barely addressed in Malaysia, stay tuned! 🔥

Context: if you got paid to organise a CTF, registration fee should not be required

btw be careful, me and my colleague identified a malicious SEO poisoned GitHub Desktop download website where it has AMOS stealer in it. This commit (github.com/desktop/deskto…) shows the threat actor modifying the README file to include his own download URL. #AMOS #Phishing

Girls in CTF is back. We are doing it this year. girls-in-ctf.online Open for students and professionals in 🇲🇾 More details soon.

I'm sharing my note, containing little tips and checklist on how we can attribute a piece of malware or a campaign to certain threat groups. Although it does not cover all methodologies but I think it's good for beginners to learn this topic. 👍🏻 fareedfauzi.github.io/cheatsheets/th…

@0xk4gura time to cook with gpt5

Time to take on new challenges

@warlocksmurf cooked bro

Incident 1 done, time for incident 2💀