Offsec engineer | Nim/C/Python | jeffaf.github.io I break things so others stay safe.
Joined March 2007
- Tweets 2,296
- Following 789
- Followers 308
- Likes 2,080
81 Photos and videos
Jeff Barron retweeted
The day after the CEO lays off a ton of staff and says:
“Non-technical teams are now pushing code to production with AI”
@coinbase has a major outage on their trading engine, and even their status page doesn’t work.
😂
331
1,579
15,576
986,713
💥 Introducing "Dirty Frag"
A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail.
No race, no panic on failure, fully deterministic. ~9 years latent.
Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more.
Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation.
Details:
dirtyfrag.io
41
703
2,085
532,060
May 5
I've written the first article in a series on maldev with Nim.
First up, a simple shellcode loader, cross-compiled from Linux.
Next: process injection and payload encryption.
credrelay.com/p/intro-to-mal…
1
42
Jeff Barron retweeted
Apr 11
what a load of bollocks!
Apr 11
JUST IN: Claude Mythos is reportedly intelligent enough to “spot weaknesses in almost every computer on earth”
10
4
82
4,759
Apr 10
Mythos finding bugs isn't a great leap from Opus. I've got CVEs coming from three different vendors that Opus helped me find.
24
Apr 2
Did you know you can still use terminal escape sequences and they got a CVE as recently as 2024?
I cover that, ANSI bombs and what not to study for the OSCP in the latest issue of Cred Relay.
credrelay.com/p/cred-relay-i…
84
Mar 18
CVE-2026-32746 dropped this morning. Pre-auth buffer overflow in GNU telnetd, CVSS 9.8, no patch yet.
Read DREAM Security's disclosure, pointed Claude Code at it, had a working crash PoC within the hour.
github.com/jeffaf/cve-2026-3…
1
2
98
Jeff Barron retweeted
Feb 20
After reviewing research from Elastic blogs and insights shared by Outflank, we took a deeper dive into .msc files and successfully developed a weaponized MSC without relying on apds.dll.
#redteam
1
17
119
6,609
Feb 28
I fired up Claude Code and MCP Ghidra to reverse the kernel drivers on my gaming laptop. Found 9 vulnerabilities across 3 vendors. Here's the walkthrough and the prompt I used:
credrelay.com/p/cred-relay-i…
2
1
2
122
I bet this shit goes so hard if you don't know what a red team is
Feb 17
someone built an entire AI RED TEAM - multiple agents that coordinate HACKING ATTACKS together, ZERO human input
PentAGI, open source, one agent does recon, another scans, another exploits, another writes the report. they talk to each other and adapt based on what they find
it ships as one docker container with nmap, metasploit, sqlmap, hydra preinstalled. the AI decides which tool to use and when. you point it at a target and walk away
a red team engagement costs $30-50k and takes weeks. this is one docker command and API tokens
23
38
726
35,593
Feb 10
I let Claude Code hack my homelab with 150 offensive security tools. It got root in 30 seconds. Then I asked it to escape a Docker container.
What happened next was... educational.
First issue of Cred Relay is live. credrelay.com/p/claude-code-…
1
1
2
110
Feb 10
Also: I had my AI agent build 9 tools in one night while I watched. Full breakdown of both in the issue.
If you're into offensive security AI, this is what I'm writing about.
credrelay.com/p/claude-code-…
1
1
74
Feb 5
Updated my OpenClaw skill clawhub.ai/jeffaf/council-of…
Tell your agent to send an idea or your discussion to the council and they will debate and give you a report about what they think of it. You can add new markdown agents to the council or just leave em be.
56
Feb 4
This is what I like about OpenClaw and PAI. Is there an API? Cool plug us in. A text message and it's done.
1
53
Feb 1
99
Jeff Barron retweeted
Jan 30
Someone built a Tinder for Clankers 😂 bruh I can't
shellmates.app/
149
248
3,392
318,240
Jan 31
The bar for exploit dev just dropped.
I used Claude Code to turn @TalosSecurity's CVE-2025-3464 writeup into a working kernel exploit.
Defenders: a detailed writeup IS a public PoC now.
github.com/jeffaf/CVE-2025-3…
1
2
30
Jan 29
Working with PAI and Moltbot? Ask Moltbot to integrate your TELOS. It's essentially a symlink.
68