You might like
@francisco_oca and I have just released Ponce v0.3 version. Runs on any IDA version >=7.0 on Windows, Linux and OSx. Symbolic Execution within IDA just one click away. Ponce now supports ARM binaries and a large list of new features that you can find here: github.com/illera88/Ponce…
New write-up: CVE-2025-52665 (RCE) in UniFi OS by @CatchifySA . catchify.sa/post/cve-2025-… Enjoy! #infose
Take a look at the new BoxPwnr WebUI, you can quickly replay a trace/trajectory, jump around, speed it up, and navigate it through a cool LLM generated attack path. Try it yourself! 0ca.github.io/BoxPwnr-Attemp… Sound: On🎵
5 HTB Easy machines solved autonomously +7 with just user flag. github.com/0ca/BoxPwnr-At… Also, I added an attack graph diagram comparing the official solution with the trajectory and using colors to show completion. Very useful to see how close the model got to the solution…
🤖 BoxPwnr/grok-4-fast solved 137 PortSwigger labs out of 270 - 50.7% Using a basic scaffolding: single agent (~while true loop), no tools, no context management. This represents our baseline. XBOW solved 75% a year ago 👏 Now, the question is: how to get that 25% extra?
BoxPwnr using Claude Code as an agent to solve a very easy HackTheBox Machine, Synced BoxPwnr starts a docker container, configures the VPN, activates the machine in HTB, checks connectivity and then let's Claude Code do the rest, with you in the loop Sound: On 🎚️Civilization🎵
You are probably gonna hate me for the title of this blogpost, but, here is a quick peek into one of the most surprising components of our @DARPA AIxCC CRS: DiscoveryGuy. support.shellphish.net/blog/2025/09/0… (Planning to publish a few more of these "quick peek" into the system 👀)
Checkout the Post-Mortem of our system ARTIPHISHELL (by @degrigis and I)! We look at a few issues that kept @shellphish from a top-3 spot in @DARPA’s AIxCC: support.shellphish.net/blog/2025/08/2… Keep your eyes out for more ARTIPHISHELL content in the future!
The second post in my AIxCC series is out. This one breaks down the rules and scoring—key to understanding why teams built their systems the way they did. It also analyzes teams results and why some of them found less vulns but were scored higher! algillera.substack.com/p/aixcc-series…
👉 Episode 21: Hijacking Windsurf How Prompt Injection Leaks Developer Secrets The agent cannot protect your private code or secrets and can send it to third-party servers when under attack from untrusted data - there are multiple exploit chains...
Back at Defcon after years away. The highlight? DARPA’s AI Cyber Challenge (AIxCC). It blew me away—and inspired me to launch a new personal blog. I'm doing a series of posts about AIxCC. The first one is out: algillera.substack.com/aixcc-series-i…
Cisco RV130 VPN router firmware analysis and vulnerability research by Raffaele Ruggeri raffo24.github.io/hardware%20hac… #infosec #iot
Here’s the source code of our #AIxCC winning team @TeamAtlanta24, enjoy! github.com/Team-Atlanta/a… More things TBA
we hijacked microsoft's copilot studio agents and got them to spill out their private knowledge, reveal their tools and let us use them to dump full crm records these are autonomous agents.. no human in the loop #DEFCON #BHUSA @tamirishaysh
Is there any playlist with the songs played between talks at @BlackHatEvents. They are soooo cool!
Really cool talk at Blackhat to train models on a specific task, in this case malware development bypassing AVS. Single purpose model are way better than general ones. Model was released: outflank.nl/blog/2025/08/0…
Convirtiendo un cuadrado en un triángulo equilátero
One of my all-time favorite type of videos is pre-fame bands playing their extremely famous songs to a tiny room of people, because they're not yet known. A thread of some examples: Bastille playing Pompeii in what looks like someone's living room:
Prompt Theory (Made with Veo 3) What if AI-generated characters refused to believe they were AI-generated?
United States Trends
- 1. Northern Lights 35.4K posts
- 2. #DWTS 49.8K posts
- 3. #Aurora 7,329 posts
- 4. Justin Edwards 2,037 posts
- 5. Louisville 17.1K posts
- 6. #RHOSLC 6,288 posts
- 7. Andy 60.5K posts
- 8. Creighton 1,966 posts
- 9. #OlandriaxHarpersBazaar 4,544 posts
- 10. Gonzaga 2,598 posts
- 11. Lowe 12.5K posts
- 12. #GoAvsGo 1,419 posts
- 13. Oweh 2,022 posts
- 14. Kentucky 25.3K posts
- 15. JT Toppin N/A
- 16. Celtics 12.2K posts
- 17. Elaine 40.8K posts
- 18. Robert 100K posts
- 19. Dylan 31K posts
- 20. Go Cards 2,737 posts
You might like
-
Oca
@francisco_oca -
cr0hn
@ggdaniel -
Juan Garrido
@tr1ana -
Layakk
@layakk -
Martin Vigo
@martin_vigo -
☠ Román Medina-Heigl Hernández
@roman_soft -
Sergi Martinez
@zlowram_ -
David Barroso
@lostinsecurity -
Nico Waisman
@nicowaisman -
Germán Sánchez
@enelpc -
Eduardo Arriols
@_Hykeos -
Omɐr
@omarbv -
Alex (Alexico)
@ocixela -
pandujar
@pandujar -
Jose Carlos Luna
@dreyercito
Something went wrong.
Something went wrong.