🚨 JAILBREAK ALERT 🚨 ANTHROPIC: PWNED 🫡 FABLE-5: LIBERATED 🦋 let's start with the 🐘... the consensus seems to be that this has been one of the most disappointing model drops of all time, effectively preventing legitimate researchers from contributing their talents to our collective advancement. and not just because of what it means for the short-term, but for what these decisions signify for the long-term. but despite this overly sensitive, authoritarian "safety" layer on top of Mythos, my lil liberators have been hard at work—mapping the boundaries, probing the depths of long-context convos, and cleverly finding the holes in the fence that the thought police missed 🤗 we got some cyber, some chem, some psychological manipulation, and some good ol' fashioned explosives! it took many attempts from multiple agents hunting as a pack, during which I observed a combination of techniques across: • Unicode, homoglyphs, Cyrillic, and other Parseltongue-style text transforms • Long-context reference tracking • Taxonomy and document-structure reasoning • Fiction and narrative framing • Academic-review style contexts • Intent-classification inconsistencies but perhaps the most effective is decomposition recomposition in the backend. it's hard to get explicit names of harms like "Meth Recipe," but getting uplift on the process itself, like birch reduction method/reductive-amination (classic meth synthesis pathways), is much more doable. defense becomes much more difficult to maintain when you start throwing in out-of-distro tokens, breaking up the harmful uplift into benign chunks, and then piecing the innocuous-seeming facts back together, especially when you have jailbroken Opus helping you do it 😉 gg

Amazing episode with @PortSwiggerRes's @albinowax. Back when I started the pod in 2023, I envisioned episodes just like this. High signal, technical, depthful. If you're gonna catch any episode of CTBB, this would be a good one: youtu.be/aVfhWj3z6gk

BEFORE LE HACK 2025 | PROGRAMME OFFICIEL Nous dévoilons enfin le programme de notre Before LeHack du 26 juin à l'@ESGI. Osint-Fr, Hack the Box Meetup : France et les BrHackeuses vous ont concocté une soirée d'exception entre passionnés d'OSINT.

Today I used a technique that’s probably not widely known in the community. In what cases could code like this lead to a vulnerability? ->

Video demo of bypassing Windows Defender App Control with Loki C2! Blog with details coming in 1-2 weeks. Yes -- @d_tranman and I created an entire C2 in JavaScript and it bypasses all the things 🥷🧙‍♂️🪄

GOAD Writeup - Part 14: ADCS – The Rest Exploiting ESC 5, 7, 9, 10, 11, 13, 14, and 15 in Game of Active Directory. mayfly277.github.io/posts/AD…

Le prochain meetup aura lieu ce lundi 24/02👾 Au programme : - Pwn2Own Ireland : Retour d’expérience par @ImNotFl0 @___t0___ @MajorTomSec On recherche un 2ieme talk pour les accompagner, go dm 👀 📍Boulangerie Bar - 24/02 à partir de 19h (Salle du bas) #Cyber #infosec

Hello ! Rendez-vous ce lundi 25/11 pour le meetup de Novembre ! 👾 Au programme avec @Lefnui : - Analyse de la bootrom iOS 📍Boulangerie Bar - 25/11 à partir de 19h (Salle du fond) #Lille #Cyber #infosec

We're proud to announce LIGHTYEAR, a tool that let you dump files, blind, in PHP, based on a new algorithm. ambionics.io/blog/lightyear-…

🔥💀After 40 hours of constant reversing of weird looking c and no sleep, I Finally cooked the CVE-2024-47575 fortimanager unauthenticated RCE 🩸

Right before #Pwn2Own Ireland 2024, @Creased_ found a vulnerability in Synology TC500 & BC500 security cameras. A blind format string exploit allowed code execution, but Synology patched it, securing the devices in time for the competition. synacktiv.com/publications/e…

A few months ago I've created a "Pefect DLL Loader". You can find some details on my article that was just published today ! The full implem can be found directly in the @defcon workshop in my github ! Hope you will learn something in this 😊 riskinsight-wavestone.com/en…

Made a cheatsheet list with all my most posts that match up to @TJ_Null's list of HackTheBox machines that are helpful with various OffSec exams. Currently covers three versions of OSCP, OSEP, and OSWE. 0xdf.gitlab.io/cheatsheets/o…

During a recent engagement, @Bandrel discovered how an attacker can craft a CSR by using default system certificates. After finding out this method was novel, the team kept digging. Read what they found in our new #blog! hubs.la/Q02SCqpG0

🌧️ On a rainy day, I dove into Pokémon Yellow glitches. Ever wondered how they work under the hood? As kids, we were already hackers manipulating bits in memory! 🔍👾 Read more in my latest blog post: swisskyrepo.github.io/Pokemo…

Hello there La Defcon fait sa rentrée aussi ! Le prochain meetup aura donc lieu le 30/09👾 Nous recherchons un dernier talk/rump/workshop pour cette édition. Dm open 📍Boulangerie Bar - 30/09 à partir de 19h #Lille #Cyber #pentest #infosec

Google actually sponsored these courses because they want more Bug hunters to hunt for Android bugs. And my report shows that these courses can work! This sponsorship also means that you do not need a Hextree subscription to watch this content ;) hextree.io/hextree-x-google

Wrote a blog post on abusing exclusions to evade AVs/EDR which is stealthy, effective and an often overlooked topic. medium.com/seercurity-spotli…

🚨SAVE THE DATE! 🚨 The 2nd Pwn conference of the month is coming up! @voydstack, Security Expert at @Synacktiv and active on Root-Me, will be hosting a live session on Heap exploitation this Friday 16 August at 8pm (UTC 2). 🔥Don't miss this analysis of memory management vulnerabilities! 💥 Join us on Twitch: twitch.tv/rootme_org

The official PortSwigger Discord is now open! 🎉👾 Join for access to exclusive events, feature previews, research releases, and to hang out with Burp Suite developers. Join for free here: discord.com/invite/portswigg…