Security Researcher, Learning & Fuzzing! (somelab.ai/)
Joined June 2015
- Tweets 587
- Following 136
- Followers 3,361
- Likes 19,225
126 Photos and videos
Apr 19
Model quality matters but context is king. While everyone’s hyped about Mythos finding a 27-year-old bug, I tried a similar workflow with current available models.
somelab.ai/openbsd-ftpd
#infosec #AI
1
3
7
558
May 8
FFmpeg DFPWM: a 4-year-old integer overflow hiding behind eight samples
somelab.ai/ffmpeg-dfpwm-inte…
#infosec #AI
1
1
201
May 15
Windows Terminal SIXEL: when a good prompt met a stubborn OOB write
somelab.ai/windows-terminal-…
#infosec #AI
113
AI teams and security teams should be finishing each other's sentences.
Join @RandomDhiraj, Security Manager at @Derivdotcom and @czech_pawel, @lablabai Co-Founder & @Surgexyz_ CEO as they share exactly how to make it happen LIVE.
1
3
7
1,502
Dhiraj retweeted
May 6
AI teams and security teams should be finishing each other's sentences.
Tune in live with Deriv's Security Manager @RandomDhiraj and @czech_pawel, Co-Founder of @lablabai and CEO of @Surgexyz_, as they share exactly how to make it happen.
They'll get into real breaches, shadow AI, the risks of moving fast, and what tech leaders can do this week to close the gap.
🗓️ Thursday, May 21st · 12:00 PM CET · Live here on this page!
ALT Promotional banner for "The AI Advantage, Secured" livestream, a LabLab × Deriv collaboration. Host Pawel Czech (Co-Founder of LabLab, CEO of Surge.xyz) and guest Dhiraj Mishra (Security Manager at Deriv) are featured with their photos. The event takes place on Thursday, May 21st at 2:00 PM GST, live on LabLab AI and Deriv social channels.
1
3
5
557
Apr 16
Part-2, Here is the write-up for my recent work RCE in AWS Kiro IDE (CVE-2026–5429).
medium.com/@dhiraj_mishra/pa…
#infosec #AI
2
8
688
Apr 12
.@p1ngfl0yd & me would be running 2-day training program on fuzzing at DEFCON this year.
Sign-up for the early bird discount - (training.defcon.org/collecti…)
#infosec #fuzzing #defcon
3
6
400
Apr 1
Found command injection via `file://` URI handling in VIM.
Fixed Commit - github.com/vim/vim/commit/3e…
#infosec
1
1
4
484
Apr 1
Not from AI, just read the existing advisory/patch from VIM (github.com/vim/vim/security/…) replaced `scp://` URI to `file://`.
1
1
220
Mar 19
Identified a vulnerability in dtprobed (DTrace) where a crafted USDT provider names lead to arbitrary file creation outside intended paths, leading to LPE.
linux.oracle.com/errata/ELSA…
#infosec
3
9
965
Mar 15
The red team tradecraft behind hard-to-detect AI phishing.
derivai.substack.com/p/red-t…
#infosec #redteam
1
2
201
Mar 11
Here’s my write-up on a code execution in Google Gemini CLI.
medium.com/@dhiraj_mishra/co…
#infosec
8
74
3,982
Feb 28
I found a uXSS in DuckDuckGo Browser and here is the write-up. medium.com/@dhiraj_mishra/du…
#infosec
9
78
5,526
Feb 15
Through libFuzzer, Integer overflow when processing specially crafted ICO image files, leading to memory corruption in GIMP.
github.com/inputzero/Securit…
#infosec #fuzzing
1
318
Feb 8
GH response via H1 - This is an intentional design decision. If you're able to gain a token and access contents outside of your repository's scope, we would certainly be interested.
1
277
Feb 8
I am sharing it, as this also affects self-hosted runners, usually enterprise servers aren't hardened enough so you can test this during RT/PT. (docs.github.com/en/actions/r…)
240
Feb 7
GH response via H1 - This is an intentional design decision. If you're able to gain a token and access contents outside of your repository's scope, we would certainly be interested.
1
185
Feb 7
We are sharing it, as this also affects self-hosted runners, usually enterprise servers aren't hardened enough so you can test this during RT/PT. (docs.github.com/en/actions/r…)
149