0day security researcher sharing my work. prev: anthropic, unit 8200, stanford, trail of bits, calif
Joined March 2018
- Tweets 984
- Following 860
- Followers 3,204
- Likes 5,981
216 Photos and videos
Per popular demand, here are my 30 reversing tips all together in one blog post 🤩
blog.vastart.dev/2020/04/guy…
12
262
634
I recently got access to OpenAI’s Trusted Access for Cyber program.
With all the GPT-5.5 hype and the Anthropic Mythos discussion, I wanted to test it for myself.
The result: **GPT-5.4** helped identify and develop a working Safari exploit affecting all Apple devices.
It found a JSC WebAssembly use-after-free that gave us stale read/write access inside the Primitive Gigacage. Then it spotted a bug in Safari’s Fetch implementation where in-flight opaque cross-origin responses could be materialized inside renderer memory.
By combining the two, a malicious page could steal authenticated cross-origin data and completely defeat the Same-Origin Policy.
17
67
471
72,403
mav retweeted
The US rescued a downed fighter pilot in hostile territory while simultaneously sending astronauts to the moon.
One air frame loss per 12,000 combat sorties and they immediately found and rescued the guy while sending astronauts to space.
“LE DYING EMPIRE”
78
754
6,842
121,865
We asked Claude to find a bug in Vim. It found an RCE. Just open a file, and you’re owned. We joked: fine, we’ll switch to Emacs. Then Claude found an RCE there too.
Full story: blog.calif.io/p/mad-bugs-vim…
25
202
1,337
217,002
hey mom look i’m in the news
‼️🚨 An ex-Anthropic engineer just published a 1-click remote code execution exploit for OpenClaw (formerly Moltbot and ClawdBot).
The attack occurs in milliseconds after the victim visits a webpage, giving the attacker access to Moltbot and the system it's running on. The victim does not need to type anything or approve any prompts.
18
2,636
we @depthfirstlabs found 1-Click RCE in OpenClaw (aka MoltBot / ClawdBot) !
full vuln & exploit details 👇
6
24
119
13,763
1
1
11
1,421
321
my latest blog post is out!
I share a race condition vuln I found in blockchain infra moving $billions/month
mavlevin.com/2026/01/18/flas…
1
3
16
1,038
prediction market inception!! vote for your favorite prediction market hackathon projects ➡️ win $$ if those projects win. GL @hitcastor you got my vote!
24 Dec 2025
Hitcastor x @BNBCHAIN x @SeedifyFund
@hitcastor has been shortlisted as a Top 20 finalist at the Seedify Prediction Market Hackathon!
We need your support to help us bring music charts predictions to life.
👉 Go to the Seedify website and vote for @hitcastor
Early supporters won’t be forgotten.
1
2
615
Mav’s Vuln Deep Dive, Day 1/30
Can you find the bug? you, the attacker, controls b64_data content (and length)
this is CVE-2018-6789. preauth rce on exim, which runs 60% of the internet’s mail servers, installed on every debian ubuntu.
vuln hint, answer, and deep dive in🧵
1
6
601
attack chain overview:
1. grooming: send specific commands to arrange memory so a free chunk sits right where we need it.
2. the trigger: send the malicious base64 string. the overflow modifies the size of the next chunk, making it look larger than it is.
3. overlapping: trick the allocator (glibc) into thinking a memory region is free when it’s actually in use.
4. execution: overwrite exim's acl (access control list) strings in memory. inject a command like ${run{/bin/bash...}}.
next time exim processes a mail, it executes your shell command as root.
1
292
this has been day 1/30 of vuln deep dives. lmk what you think!
vuln deep dive day 2 is tomorrow.
full CVE-2018-6789 details in og writeup by the finder, Meh: devco.re/blog/2018/03/06/exi…
1
287
people ask me how to get into vuln research. my answer: read more bugs.
so i’m making it easy for you.
for the next 30 days, i’m spoon feeding you daily vulnerability breakdowns. i'll show real vulns, real code, real exploits. i'm sharing bugs that excite me: code that looks safe, until you spot the one edge case attackers can exploit to hack in.
this is for everyone who wants to think like an attacker. class is soon in session
2
11
762